"The collaborative and practical nature of the advice provided is very impressive".
The Legal 500 2021
With significant reputational issues at stake, data privacy is an increasingly complex and challenging management issue for all businesses, including in light of the GDPR and recent similar initiatives in other jurisdictions, the increasing use of biometrics, the ubiquity of cloud computing and the emphasis on data analytics. Led from our Technology and Innovation practice, our team of data protection and privacy, technology and cyber law specialists provide advice to our wide range of clients, including several of the world’s leading multi-nationals and financial institutions, on data protection and privacy law and in relation to cyber security issues.
A leader in its field, Technology and Innovation Group provides critical legal support during cyber-attacks and data security incidents. We advise on all data breach incident response matters, from the time a vulnerability is identified to the time it is confirmed and beyond. Matheson specialists regularly sit on clients’ incident response teams and guide clients through regulatory reporting to An Garda Síochána, the Data Protection Commission and as required, to other Regulatory Authorities such as the Central Bank. We have significant experience in advising on data subject communications, third party vendor communications and the legal aspects of media communications. Our Group advises on all breach related legal work streams, to include corporate governance and commercial contract notification obligations. Together with the Matheson Commercial Litigation Group, we provide full support in relation to legal remedies such as take down injunctions, to stop the unlawful onward processing of data.
In addition, our specialists advise on the full range of matters, from specific and strategic GDPR and ePrivacy compliance advice, through full compliance reviews, to advising clients on privacy by design
for new products and services, data strategies for marketing, and the implementation of cookie and similar technologies. Addressing data protection issues in structuring contractual frameworks, including in outsourcing and cloud arrangements
and in multi-jurisdictional transactions, as well as guiding clients on ways of implementing compliant cross-border data flows, is a frequent focus of the Group.
Latest Cyber Security Insights and Guides
Record Fine issued under the GDPR by the Data Protection Commission
06/10/2021. On 2 September 2021, the Data Protection Commission (“DPC”) issued a 266-page ruling in which it levied its largest fine since its establishment, and the second largest fine ever issued under the General Data Protection Regulation 2016/679 (“GDPR”). Read more>
Containing and Combatting Cyber Attacks through the Courts
05/10/2021. The Matheson team has extensive experience in assisting businesses with their cyber-security defence, both in terms of containing and combatting a breach but also in minimising the damage to the business following an attack. We also advise on the urgent legal processes which may be open to businesses in the event of an attack, including court injunctions which may be obtained on an anonymous basis, where appropriate, in order to protect the privacy of the business. Read more>
Our core data protection, privacy and cyber security services include:
Advisory, Prevention and Training
- Providing strategic and practical advice to clients dealing with data subject rights, in particular data subject access rights, in both contentious and non-contentious situations, which we manage in conjunction with Matheson’s Digital Services Group.
- Data protection and privacy training for board members and senior management.
- Advising on the implementation, or the review, of data audits, data mapping exercises, compliance processes and policies.
- Providing practical legal guidance in preventing data loss, improving data security, and how to handle a data breach.
- Advising clients concerning consumer protection regulation, utilisation of online and mobile tracking and employee monitoring.
- Global data transfer management (transfer agreements, BCRs, etc.)
Investigations, Cyber Attack or Data Security Incident Planning and Response
- Pre incident response planning assistance, to include a full data protection and privacy audit, the localising and updating of data protection policies in scope and a risk analysis of likely data protection and privacy concerns in the event of a cyber incident.
- Emergency incident response in the event of a data security breach or a cyber attack, including the use of e-discovery and managing investigations.
- On call assistance when a data incident is confirmed and full management of all legal issues from reporting to authorities to arranging take-down injunctions via the Courts.
Supervisory Authority Liaison and Notification
- Advising on data security breaches and interactions with Data Protection Commission, having advised on multiple significant security breach and cyber security incidents, data protection audits and “dawn raids”, investigations, and information and enforcement notices.
- Liaising with supervisory authorities on behalf of clients, for example in the areas of breach notifications, authorisations and DPO appointments.
- Contributing to consultations with government bodies on legislative developments.
Our recent experience in Data Protection and Cyber Security includes:
- Acting as a key strategic advisor to a social media multi-national on data protection compliance, engagements with data protection supervisory authorities, data protection strategy and structuring, board level governance of privacy and data protection issues, privacy aspects of global infrastructure projects and e-commerce regulatory advice.
- Advising a social media multi-national on data protection compliance and associated corporate governance matters, management of contentious data protection matters and consumer complaints, and online consumer protection issues.
- A very large online retailer on a project to roll out mandatory Covid-19 testing in its Irish work force, including working closely with the client on its associated data protection impact assessment.
- Advising a US corporate in connection with a ransomware attack involving the first successful injunction granted by the Irish courts against “persons unknown” in the context of a cyber-attack.
- Supporting and advising a large private healthcare provider through an extremely serious cyber incident involving a ransomware attack on their systems.
- Counselling a professional services oversight body through a number of complex and technical data protection issues.
- Advising a non-traditional financial services provider in relation to data protection matters in the context of the development and delivery of its strategically important mobile and web application.
- Advising a major Irish retailer with international presence on a cyber-incident involving cross- border processing of consumer personal data.
- Advising a publically traded pharmaceutical and chemical manufacturer on data protection matters.
- Providing US headquartered technology company with strategic product counselling advice on cutting edge technology, including undertaking data protection impact assessments.
- Advising a global technology company with advice on privacy related matters including managing the risks associated with privacy and employment litigation.
- Advising a global provider in next-generation digital services and consulting on the Irish aspects of a reportable data breach which occurred in India but impacted a number of data subjects across Europe.
The Legal 500 2021
The Legal 500 2021
The Legal 500 2021
"They get our business and know the real pain points for in-house counsel in today’s market. There is no guff, just to-the-point advice".
The Legal 500 2021