"Business acumen and an industry knowledge that leaves nothing lacking."
With significant reputational issues at stake, data protection, privacy and cyber security has become an increasingly challenging management issue for all businesses, particularly in the context of the GDPR, the increasing use of cloud computing, CCTV and biometics and the emphasis on data analytics. Our cross departmental Data Protection and Cyber Security group, which is led from our Technology and Innovation practice, is made up of specialists who provide advice to our wide range of clients, including several of the world’s leading multi-nationals and financial institutions, on the evolving area of data protection and privacy law and in relation to cyber security issues.
We have extensive expertise in relation to international data transfers, and have advised on the use of standard contractual clauses, binding corporate rules and the EU-US Privacy Shield, including in the context of multi-jurisdictional data flows and transactions.
The Group has managed and advised on multiple significant security breach incidents, data protection audits and “dawn raids”, and is experienced in dealing with Data Protection Commissioner investigations, and information and enforcement notices.
Our experience in Data Protection, Privacy and Cyber Security includes advising:
- numerous technology companies, financial institutions and consumer facing businesses on GDPR compliance projects
- major US technology company on putting in place GDPR compliant data transfer agreements with its customers
- in relation to numerous data breach incidents, including notifications to the Office of the Data Protection Commissioner and impacted data subjects
- as standing counsel for multinational insurers in connection with its cyber security rapid response programme
- a prominent Irish retailer on privacy by design and e-commerce compliance regarding a proprietary online CRM system to be made available to SMEs
- an international bank on data protection issues relating to its proposed centrally hosted conflict management system, including compliance requirements for sensitive personal data, data transfer, proposed access rights and security
- a multinational healthcare client in rapid response to a suspected data security breach at an Irish operations facility which included urgent advice and assessment of the client’s breach management and response procedures against current standards
- a prominent Irish retailer in relation to its proposed customer loyalty programme and, in particular with respect of data protection issues relating to its proposed app, online and in-store data collection and processing
- an international pharmaceutical company on data protection compliance issues arising from a proposed Big Data project
- a national postal service provider on data protection compliance in relation to an online marketing platform
- a US multinational on data project compliance issues arising from its targeted advertising at EU nationals
- a multinational genealogy client in relation to inter-group processing services, cross-jurisdictional data back-up arrangements and analysis of Irish registration requirements for data controllers and data processors
- advised a multinational gaming client in respect of a proposed employee performance tracking initiative, including a risk assessment in relation to the types of data intended to be used, the scope of permitted use and suggested means of mitigating risk
- advised a global medical diagnostics company with regard to the transfer of its sensitive personnel data to a new service provider and a medical imaging company in relation to the transfer of sensitive personal data outside of the EEA
- in relation to data protection policies related to collection and processing of customer data, including drafting of data protection notices and scripts both where data is directly and indirectly collected, and taking into account disclosure requirements, as well as on policies for intra-group sharing of information, and on direct marketing issues
- in relation to employee privacy and data protection issues, including drafting and advising on electronic communication usage and monitoring policies, monitoring and surveillance of employees, and use of information as evidence in disciplinary hearings
- on data subject access requests, including in the context of contentious situations
- on and drafting data processing agreements for both controllers and processors
- on centralised databases of employee and customer personal data, including advices in respect of transfers outside the EEA
- in relation to the establishment of the internet/e-commerce platform, legal framework, security environment and internet banking terms and conditions for one of Ireland's leading financial institutions, including all data protection issues arising in connection with the move to an online environment
The team at Matheson works at the forefront of IT developments in the market.
European Legal 500 2016
"Excellent depth of knowledge and a commercial approach."
Chambers Europe 2015
"This team understands our business concerns and delivers guidance in a concise, actionable and prompt manner."
Chambers Europe 2015
"The team is proactive and focused on service. The quality of legal advice is very high but also very commercial - you can work with the advice they give you."
Chambers Europe 2014
This team has considerable expertise in all areas and earns glowing client reviews for its business focus and outstanding negotiation skills.
Chambers Europe 2013
Matheson is rightly proud of its IT client base which include major players.
European Legal 500 2013