Varun has extensive experience advising on data protection and accesss to information legislation.
Varun is a Senior Associate on our Company Commercial team. He advises on all aspects of privacy and information law issues for both public and private sector bodies, including Freedom of Information Act 2000 and Environmental Information Regulations 2004, as well as other less well known legislation. In addition, he has advised on surveillance and monitoring issues for both public and private sector clients.
His work includes advising on regulatory compliance, as well as negotiating privacy and wider information law provisions in contacts and advising on related issues arising in litigation proceedings.
Varun’s current projects include advising clients of differing sizes in multiple different sectors on their GDPR compliance program, as well as preparing privacy notices. He is also advising on complex requests for information under the Data Protection Act, Freedom of Information Act and the Environmental Information Regulations.
Varun has acted on large privacy and information law matters for several clients, including:
- working with a large high street financial institution on their program to ensure compliance with the GDPR, including drafting privacy notices, cookie and retention policies
- supporting a newly created regulatory body including negotiating data sharing agreements with the former regulatory body, drafting privacy and data protection policies, assisting software and process designers to implement data protection by default and design measures, and training senior staff on their data protection obligations
- drafting data processing and data sharing agreements for national law enforcement projects involving almost all UK police forces, designed to support national initiatives involving data sharing of information, including projects designed to allow the sharing of information relating to suspected serious related offenses and offenders to allow police forces to co-operate in investigating serious offenses taking place across the territories of multiple police forces
- assisting a large local authority in responding to complex related Freedom of Information requests made by non-UK nationals, and handling subsequent Information Commissioner investigations and subsequent Information Tribunal proceedings, both acting for the client as an appellant and respondent in different appeals
- representing a company wholly owned by the government before the information tribunal in relation to a dispute as to the scope of the internal communications exception under the Environmental Information Regulations 2004
- assisting a government department in relation to proposed transfers of undertakings from the private sector to the public sector, including reviewing and amending various privacy and cookie policies, and assisting on determining what measures, both pre and post transfer, if any, are required to ensure the transfer of marketing consents
- supporting a non-statutory public inquiry investigating historical sexual abuse including drafting data sharing agreements with other public bodies for access to relevant information, advising on data governance measures as well as assisting in formulating measures to protect vulnerable witnesses
- advising clients on the data protection elements of a protracted property management services agreement involving transfers of personal data to the US
- Has presented at conferences and provided client training on the Freedom of Information Act 2000 and Environmental Information Regulations 2004, Data Protection laws, including the UK and EU General Data Protection Regulation and the Data Protection Act 2018 and the laws governing surveillance
- Has written published articles on issues relating to Freedom of Information and Data Protection, including on the use of the vexatious requests exemption under the Freedom of Information Act, the use of confidentiality and commercially sensitive information exemptions under the Freedom of Information Act and the adoption of provisions mirroring the law enforcement directive in the Data Protection Act 2018 as well as the use of data protection by design and default as a mechanism to minimize the risk of regulatory action by the Information Commissioner following a data breach
- Diploma in Legal Practice, University of Birmingham, September 1995 - July 1996
- Diploma in Business Law, University of Wales, Aberystwyth, October 1994 - October 1995
- BA (Hons) Law with Business, University of Wolverhampton, October 1991 - September 1994