Digiphile

Digiphile is a challenger law firm that specialises in data protection, artificial intelligence and digital regulatory matters. We advise global clients across all sectors, and have particular expertise in advising disruptive technology clients who are at the cutting edge of the digital frontier. Our advice is always simple, strategic and actionable.

Digiphile was founded by data protection specialist, Phil Lee, in 2022. Prior to that, Phil was an equity partner in Fieldfisher's top-ranked Privacy, Security and Information team, and was ranked as a leading individual for data protection advice in the key legal directories.

To contact us, email [email protected]

We believe data protection should be a business enabler, not a business blocker. We help clients to realise the value of their data assets in ways that take account of their legal responsibilities, business objectives, and risk exposure.

We’re experts in data protection law, but we do more than simply recite the law. We take account of the strategic, commercial and practical implications of our advice. We ask ourselves: What precedent will our advice set? What wider legal, ethical and practical issues apply? Can our advice be operationalised? What reputational impacts would a proposed course of action have?

Our data protection advice falls across three core areas:

• Data Governance: We advise on all aspects of our clients' data protection governance, from data mapping and records of processing, to comprehensive internal data protection policies and procedures, to international data transfer solutions (BCRs, Standard Contractual Clauses and EU-US Data Privacy Framework), through to education, training and awareness.
• Privacy and Product: We counsel clients on the data protection considerations of any new product or service launch, including on data protection by design and data protection by default, profiling and advertising rules, direct marketing campaigns, Children's Code compliance and more.
• Crisis Response: Data security incidents are an unfortunate fact of life. We advise clients on their legal responsibilities when they suffer an incident, including throughout their investigation and mitigation processes and on their reporting duties to regulators, customers, and impacted data subjects throughout the UK, Europe and beyond. We also support our clients on wider complaints, investigations and enforcement actions by regulators, customers and data subjects alike.

We have strong expertise in AI, combining a deep understanding of the legal framework with comprehensive knowledge of AI technologies. We excel in applying the law to these technologies effectively.

Whether you are an AI provider, deployer, or operator – utilising proprietary or third-party AI solutions, and whether for internal use or integration into customer-facing products – we are here to help. Our experience includes:

• AI governance: We help clients identify their AI objectives, define principles that will govern AI deployment, and implement accountable policies and practices to ensure responsible AI use.
• Determining AI roles: AI laws place different responsibilities on providers, deployers and other operators of AI. We help clients understand their role and the responsibilities that come with it.
• AI risk assessments: European AI rules are risk-based, with strict requirements for prohibited and high risk AI systems. We will help clients navigate these requirements.
• AI procurement: We help clients to assess the risks of proposed AI vendor solutions, identify practical risk-mitigation measures, and negotiate robust contractual terms with their vendors.

This has been a transformational decade for the use of digital services in Europe, and regulation of those services. Europe’s digital agenda has ushered in a raft of new regulations – from new rules designed to forge safe, open digital markets that emphasise user rights and support competition, to rules promoting data sharing, data access and ease of switching cloud services. At the same time, the United Kingdom’s departure from the European Union has led to the evolution of new UK laws that, while they may have counterparts in European legislation, often have their own distinct requirements and characteristics. Staying abreast of these developments and their practical implications is challenging, and this is where Digiphile is here to help.

Our experience includes:

• Gap assessments: Performing gap assessments against digital regulatory laws (Data Act, NIS2, DORA, Digital Services Act) and identify remediation measures
• Cloud services: Updating transparency notices and contractual terms to address customers' switching rights under the EU Data Act.
• Online platforms: Helping clients to identify if they are an "online platform" subject to the lion's share of the rules under the Digital Services Act.
• Online Profiling and Advertising: Helping clients to determine the DSA's and DMA's impacts on online profiling and advertising.
• NIS2 and DORA: Advising clients on the cybersecurity measures and reporting requirements you must satisfy for NIS2 compliance.