Data is at once an asset, a liability and, increasingly, the raw material for AI. It can be one of the most valuable things a business holds, yet it carries strict obligations under the GDPR and now the AI Act, and it is the first thing exposed when something goes wrong. Handling data well means protecting it, governing how it is used, putting the right contracts in place, and being ready to respond to incidents.

What this area covers

Protection comes first: data and database rights protection secures the datasets you build through database rights, trade secrets and contracts. Compliance is the day-to-day discipline, handled through data processing agreements and, where you need ongoing oversight, DPO as a Service. When data becomes a product, data licensing and data sharing lets you commercialise it safely, and when an incident occurs, data breach response and enforcement manages both the 72-hour compliance clock and any action against the source.

How data connects to the rest

Data work spans the lifecycle and reaches into other areas. Licensing and sharing data is as much a commercial transaction as a privacy question, and the AI built on data raises governance issues that run alongside the rest of your technology and contracts. The same datasets and software can also have an IP and tax dimension where they qualify as protectable, income-generating assets.

How we help

We act as external DPO for clients, draft the agreements and policies that keep data compliant, and run breach response end to end, with a lawyer approving every notification.

Frequently asked questions

Do we need a Data Protection Officer? A DPO is mandatory for some organisations and optional but useful for others. We can assess whether you are required to appoint one and act as your external DPO where that is the practical choice.

How quickly must we report a data breach? The GDPR requires notification of a notifiable personal data breach to the supervisory authority within 72 hours of becoming aware of it, which is why having a response process ready in advance matters.

Does the AI Act affect us? If you build or deploy AI systems, the AI Act introduces obligations that scale with risk. We help you map where your use falls and what that requires in practice.