Photo of Mark A. Prinsley

Mark Prinsley is a partner and heads the technology practice in the London office, and is a member of the firm’s Cybersecurity & Data Privacy practice. He concentrates on technology transactions, in particular IT projects and outsourcing.

A substantial element of Mark’s practice involves data protection issues and he has worked extensively for clients in the pensions and financial services sector designing and implementing GDPR compliant systems for the collection and processing of personal data by businesses and related sub-contractors, commercial transactions involving data sharing and reaction to data breach scenarios including managing data breach notifications. Recent projects Mark has worked on involving personal data include working for an automobile manufacturer implementing a connected vehicle programme globally, a supplier of facial recognition technology on methods of marketing that technology in Europe in compliance with data protection laws and for an insurtech business licensing technology and services to enable life insurers to underwrite life cover for diabetics using AI.

Read Mark's full bio.

With the announcement of UK General Election for Thursday 4 July 2024, the Data Protection and Digital Information Bill has not completed the legislative process before the end of the current parliamentary session and will therefore not become law.

The Bill would reform the UK’s data protection regime reducing some of the regulatory burden on

The Information Commissioner’s Office (the “ICO”) has clarified the methods it will use to calculate the fines it will issue for breaches of data privacy law in the UK by publishing its latest Data Protection Fining Guidance (the “Guidance“) on 18 March 2024.

The ICO oversees compliance with the UK data protection law,

When the UK Online Safety Act (the “Act“) became law on 26 October 2023, it had established one of the most comprehensive online safety regulatory frameworks in the world. The Act’s intention is to make the use of online services for individuals in the United Kingdom, especially children, safer. It introduces a long

Today, the UK Department for Science, Innovation and Technology announced further details on the new transatlantic data flow mechanism for UK-to-US personal data transfers. In particular, the UK Secretary of State for Science, Innovation, and Technology today laid new adequacy regulations before the UK Parliament to give effect to the proposed arrangement. The deal, announced

The UK Government published its AI White Paper on 29 March 2023, setting out its proposals for regulating the use of artificial intelligence (AI) in the United Kingdom. The White Paper is a continuation of the AI Regulation Policy Paper which introduced the UK Government’s vision for the future “pro-innovation” and “context-specific” AI regulatory regime

The UK Government has relaunched its efforts to reform the UK’s data protection regime, with the Data Protection and Digital Information Bill (No. 2) (the “Bill“) being introduced to Parliament on Wednesday 8 March. The Bill supersedes a previous version that was originally published in July 2022 (see our previous legal update).

On 13 December 2022, the European Commission published its draft adequacy decision for EU-U.S. data transfers. The draft decision follows the EU-U.S. announcement of an agreement on a new EU-U.S. Data Privacy Framework (“DPF”) in March 2022 as well as the Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (“Executive Order”) signed

Companies that rely on standard contractual clauses (“SCCs”) for transferring personal data from the European Economic Area (“EEA”) to jurisdictions not considered to offer an adequate level of data protection under the EU General Data Protection Regulation must ensure that none of their existing contracts use the old SCCs after 27 December 2022.

Businesses are

The UK Information Commissioner’s Office (the “ICO”) published new guidance on transfer risk assessments (“TRAs”) and a template for carrying out a TRA.

All businesses are required to carry out TRAs, also known as local law assessments or transfer impact assessments, when transferring personal data subject to the UK GDPR outside the United Kingdom using

Companies that rely on standard contractual clauses for transferring personal data from the United Kingdom to jurisdictions not considered to offer an adequate level of data protection under the UK General Data Protection Regulation can no longer use the old EU standard contractual clauses in new contracts as of today, Wednesday 21 September 2022.