Dave Hughes works with clients across sectors to identify, prioritse and manage global privacy, information law and cyber-security risks.
Dave Hughes is a Partner in the Privacy, Information Law and Cybersecurity team, working closely with clients on all aspects of these areas of work. This includes planning, implementing and managing UK GDPR and ePrivacy (including B2B) marketing compliance programmes, providing supporting advice in all related areas and dealing with issues and security incidents that arise, as well as regulatory investigation and enquiry.
Dave has worked with a large number of local, national and multi-national clients across different sectors to implement practical, risk-based standards of compliance alongside effective, accessible and clear documentation and process change.
Dave spends much of his time assisting clients to identify, manage and mitigate security breaches, advising on the need to report to the ICO (as well as other UK and overseas regulators, as circumstances dictate), assisting clients in liaising with those interested parties and affected individuals (where appropriate) to reduce risk and potential liability under enforcement action in this vital area.
Latest Insights
Dave’s experience includes:
- designing, implementing, and managing privacy audits for GDPR readiness and post-GDPR gap analysis
- advising on security incidents and personal data breaches, working with clients to identify, analyze, mitigate and report (where necessary) incidents to the Information Commissioner’s Office, advising on risks, enforcement, and notification to affected individuals
- preparing compliance documentation to improve internal audit trail (and to improve defensible position for the purposes of the GDPR Principle of Accountability), including fair processing notices, data protection policies, data sharing and processing agreements
- preparing and delivering training to clients on privacy, information law, and e-marketing