A Seat in Data, Privacy & Cyber

For example, employers may want to use personal data to monitor their workforce, or a platform may want to use it to tailor the advertisements you see. This is one of the things I love about this area of law, and why I think its an invaluable seat irrespective of whether you want to qualify into the area or not.

Unlike other seats which may be more black letter law or more commercially focused, Data, Privacy & Cyber has a great mix of both. As a Trainee in the team, you’ll spend a lot of time analysing how the black letter law applies to a client’s circumstances but balancing this against the commercial considerations a particular business may face.

The Team

The Data, Privacy & Cyber team at Lewis Silkin is quite unique in the sense that lots of members of the team started their careers in different practice areas and teams! Over time, as they began doing more Data, Privacy & Cyber work, they moved into the Data, Privacy & Cyber team. Given the broad range of different teams at Lewis Silkin, this now means the Data, Privacy & Cyber team has a hugely varied range of expertise and work closely with various other teams. As a Trainee this means you get to do the best of everything, learning and exploring various different areas and niches as you support others across the team. Like all teams at Lewis Silkin, Trainees are encouraged to get involved in the work they are interested in, so you’ll get the freedom to explore a huge spectrum of different types of work and learn from experts about each of their particular areas of specialism.

At the time of writing, the Data, Privacy & Cyber team is one of the smaller (but growing) teams at Lewis Silkin, so there will generally only be one Trainee at a time in the team. A benefit of this is that you’re given a lot of responsibility, as early as you’re comfortable taking it on, not only allowing you to continue to push yourself as your seat progresses but also develop your legal skills generally. Another, less intentional benefit, is that it’s quite likely you’re going to work with everyone across the team (and do so surprisingly quickly!).

Typical Trainee Tasks

Given the broad range of expertise and type of work the Data, Privacy & Cyber team do, it’s not cliché to say that no two days are going to be the same. However, there are certain types of tasks that you’ll inevitably be involved in:

• Drafting: One of the most common things a Trainee in the team is going to do is drafting. This might be on some of the more contractual work (e.g. data processing agreements or intragroup data sharing agreements), policies (e.g. privacy notices), compliance documents (e.g. data protection impact assessments), or regulatory responses (e.g. if someone has complained to a regulator about how a client has used data). It’s very common for the Trainee in the team to do the initial review of something and then do the drafting which is required, whether that’s from scratch or updating an existing document.
• Research: Although this is undeniably a standard Trainee task irrespective of the practice area, you’ll do plenty of research in Data, Privacy & Cyber! Given the speed at which developments can occur and unique challenges new uses of data can raise, the Trainee in the team will often be asked to assist with all sorts of complex research. This may require analysis of legislation, case law, and regulatory guidance on a particular topic, amongst other things, to help resolve a client’s issue. Trainees in the team also do a lot of research for non-client work. For example, often you may be researching a recent development to write an article about it or to present about the development to the rest of the team (don’t worry, they’re a very friendly team, so it’s not as daunting as it sounds!).
• Ad hoc advice: Like any practice area, the team receive lots of ad hoc queries which, as the Trainee, you’ll often have the first go at preparing the advice for. For example, a client may want to check a particular way in which they want to use Cookies on their website is compliant, or check whether their understanding of how the law may apply to them is correct or if there is something else they need to take into account. Unlike other practice areas, you may also assist in helping a client deal with a data breach they have suffered.
• Supporting other teams: Data, Privacy & Cyber is not an isolated practice area so in addition to the normal work the team do, they are often also providing support to other teams on the Data, Privacy & Cyber specific aspects of their work. For example, if the corporate team are completing due diligence for a client purchasing another company, you might conduct the Data, Privacy & Cyber element of this due diligence.
• International coordination: Data is not tangible and doesn’t confine itself to neat borders, so often an issue may require input from local advisors around the world. The Trainee in the team will often be responsible for managing these projects, ranging from initially seeking quotes from local counsel in numerous jurisdictions to then collating the various different pieces of advice into something which is useful for the client and helps resolve their issue or query.
• Data subject access requests: Trainees are often involved in all aspects of assisting in a client’s response to a data subject access request. This may include drafting the correspondence at various stages to the data subject, helping the client prepare proportionate searches of their systems to find relevant personal data, and assisting with the review process of documents that the search identified.