Michael CharalambousAssociate

Over the past 6 years, I have advised widely on EU and UK data protection law, including the EU/UK GDPR, ePrivacy legislation and the UK Data Protection Act 2018, across several industries, including media and entertainment, gaming, financial services, social media and technology. I have assisted organisations with implementing privacy programmes and advised on privacy risks with new projects (at all stages from proof of concept to launch and compliance monitoring).

More recently, I have assisted clients with exploring the implications of the use of artificial intelligence tools and with beginning to consider upcoming legislation.

I spent 2 years in-house, based in Switzerland and advising on data protection matters at an international pharmaceutical company and an international reinsurance company, working alongside the Data Protection Officers at both organisations.

Prior to joining Lewis Silkin, I worked at a private practice firm, where I advised companies, public sector organisations, and international NGOs on data protection matters. I also worked at a tier 1 ranked data protection practice, where I advised multi-national corporations on complex data protection issues.

Privacy notices, documents and policies

• Reviewed and advised on several privacy notices, cookies policies, legitimate interests assessments, and privacy statements.

Data Protection Impact Assessments (DPIAs)

• Advised on numerous DPIAs, including those involving special category data and novel technology.

Data breach management

• Assisted with handling data breaches effectively, including drafting breach reports and submitting them to data protection authorities in the EU/UK and informing affected individuals, where necessary, within the relevant reporting deadlines and requirements.

Data privacy aspects on competition law matters

• Provided guidance on data privacy considerations related to competition law investigations, including advice on scanning employee personal devices.

Data processing contracts

• Negotiated data processing contracts, including when parties are located outside of Europe.
• Drafted data protection clauses within agreements involving a high-profile influencer. These clauses ensure that data handling aligns with legal requirements.

Data loss prevention

• Advised on the use of data loss prevention tools.

Training and policies

• Conducted training sessions on data protection law to educate staff and promote compliance.
• Drafted customised data protection policies, addressing specific issues relevant to each client’s practices.

Individual rights requests

• Guided organisations in responding to individual rights requests, including data subject access requests.

Regulatory changes

• Assisted organisations in navigating evolving data protection laws, including recent developments in the UK framework.

Generative AI and privacy implications

• Addressed queries related to data protection implications arising from the use of generative AI technologies.