Data Law and Cybersecurity

Personal Data Protection Services

Our personal data protection services focus primarily on reaching compliance with the General Data Protection Regulation (GDPR). We provide comprehensive advice in the following areas:

• GDPR Qualification: Analysing and investigating the applicability of GDPR to your organisation, including the roles of data controller and data processor.
• Data Streams Analysis: Mapping and analysing data flows within your organisation to reach compliance with GDPR requirements.
• Policy Drafting: Drafting and reviewing privacy policies, data protection policies, and other relevant documentation to make sure they meet GDPR standards.
• Data Transfers: Advising on international data transfers, including the use of Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs) to allow lawful data transfer mechanisms.
• Regulatory Proceedings Assistance: Representing and advising clients in proceedings before data protection authorities, including responding to investigations, addressing data breaches, and responding to compliance audits.

Non-Personal Data Legal Services

In addition to personal data protection, we provide legal services tailored to non-personal data, helping clients enhance data usage while remaining compliant with relevant regulations:

• Data Governance: Advising on the governance of non-personal data, including data ownership, data sharing agreements, and data usage rights.
• Compliance with the Data Act and Data Governance Act: Guiding clients through the requirements of the Data Act and Data Governance Act, focusing on data sharing obligations and access rights under the new regulations.
• Data Security: Providing guidance on best practices for securing non-personal data, including applying robust cybersecurity measures and responding to data breaches.
• Contractual Aspects: Drafting and negotiating contracts related to non-personal data, allowing clarity on data access, usage, and liability terms.

Cybersecurity Services

Our cybersecurity services aim to help clients protect their digital assets while reaching compliance with applicable regulations:

• NIS2 Compliance: Analysing the applicability of the Network and Information Security Directive (NIS2) to your organisation and guiding you through the compliance process.
• Cybersecurity Analyses: Conducting comprehensive analyses of your organisation's cybersecurity posture, identifying vulnerabilities, and suggesting improvements.
• Incident Response: Advising clients in the context of cybersecurity incidents, including data breaches, ransomware attacks, and other cyber threats. We provide legal advice for incident response, investigation, and recovery efforts.
• Cybersecurity Policies: Drafting and reviewing cybersecurity policies and procedures to make sure they meet industry standards and regulatory requirements.
• Training and Awareness: Providing training and awareness programmes to educate employees about cybersecurity best practices and regulatory obligations.

Our Data Law and Cybersecurity practice is committed to providing tailored legal solutions that address the unique challenges of managing personal and non-personal data and protecting digital assets. We help our clients achieve compliance, protect their data, and navigate the evolving landscape of data and cybersecurity regulations with confidence.