Piers advises a mixture of corporates and individuals on a wide range of HR/employment law matters and data protection issues (mainly from an HR perspective). Piers is also the firm’s internal compliance officer and handles all regulatory and internal compliance matters. He also heads up the firm's Data Privacy team and holds the Practitioner Certificate in Data Protection (GDPR).
Examples of recent work -
- Advising on GDPR compliance audits. This includes data mapping exercises, identifying gaps and assisting clients with implementing remedial action.
- “GDPR one year on” – practical audits. These include practical “health checks” one year after the introduction of the GDPR, since when some of the documentation beautifully prepared at the time has not seen the light of day. Audits are regularly carried out at client premises, observing working patterns and checking the use of documentation. User-friendly reports containing recommendations are produced dealing with any identified observations, issues and non-compliances.
- Dealing with complaints and the ICO. I have helped numerous clients with their complaints to the ICO and defended complaints brought against them. This includes liaising with the ICO and providing timely tactical advice to reduce the risk of fines and penalties.
- Data breach management – as part of my role as Compliance Officer for Doyle Clayton, as well as a data protection practitioner, I am well aware of the practical day to day issues arising out of data breach management. The result is that I regularly assist organisations in putting in place effective tools to withstand an ICO audit, write concise data breach reports focusing on core messages, determine whether notification to the ICO and/or individual data subjects is needed, and also advise on ways to help organisations reduce risk by avoiding mistake repetition.
- Training – I regularly train client's staff on data protection issues and also prepare induction materials for clients to train their own employees. A regular speaker at industry events including the Employment Lawyers Association (ELA), talks include practical examples and in particular "war stories" of past common problems and past misdemeanours to ensure effective learning.
- Drafting and negotiating data processing agreements (data processing, data sharing, including joint controller and controller to controller agreements). I frequently advise clients on their commercial contracts, assisting them in deciding on the most appropriate relationship with the other contracting party (e.g. joint controller or independent controller) and drafting/negotiating the contracts accordingly.
Piers Leigh-Pollitt is called a "beacon for common sense and pragmatism in difficult situations" by clients. His work includes data protection, restrictive covenant and TUPE matters, and he represents employers and individual clients in the finance, pharmaceutical and insurance sectors.
Chambers & Partners Guide 2017
“Piers is adept at advising on TUPE transfers, restrictive covenants, injunctions, data protection matters, executives' severance packages and directors' service agreements. According to clients, "he is very good - on the ball, articulate, credible and reassuring."
Chambers & Partners Guide 2016
“The "outgoing and likeable Piers Leigh-Pollitt has expertise in data protection issues, TUPE and discrimination matters.”
Chambers & Partners Guide 2015
"Piers Leigh-Pollitt is well-versed in data protection."
Legal 500 Guide 2015
Experience and qualifications -
- Qualified in October 1997
- Specialist in Employment Law since 1997
Professional memberships -
- Employment Lawyers’ Association
In the media and events -
- Co-author (with James Mullock) of The Data Protection Act 1998 Explained - published by the Stationery Office, 2000
- Series of articles published on HR/data protection issues for leading industry publication Privacy and Data Protection (PDP)
- Regular speaker on a range of employment and data protection issues for Employment Lawyers Association (ELA), most recently at the 2019 ELA annual conference in London and at a training session in Reading, on the subject "GDPR, one year on"