Empty Link Skip to Content

Data Protection, Privacy and Cyber Security

Key Contacts view all


"The collaborative and practical nature of the advice provided is very impressive".
The Legal 500 2021

With significant reputational issues at stake, data privacy is an increasingly complex and challenging management issue for all businesses, including in light of the GDPR and recent similar initiatives in other jurisdictions, the increasing use of biometrics, the ubiquity of cloud computing and the emphasis on data analytics. Led from our Technology and Innovation practice, our team of data protection and privacy, technology and cyber law specialists provide advice to our wide range of clients, including several of the world’s leading multi-nationals and financial institutions, on data protection and privacy law and in relation to cyber security issues.   

A leader in its field, Technology and Innovation Group provides critical legal support during cyber-attacks and data security incidents. We advise on all data breach incident response matters, from the time a vulnerability is identified to the time it is confirmed and beyond. Matheson specialists regularly sit on clients’ incident response teams and guide clients through regulatory reporting to An Garda Síochána, the Data Protection Commission and as required, to other Regulatory Authorities such as the Central Bank.  We have significant experience in advising on data subject communications, third party vendor communications and the legal aspects of media communications. Our Group advises on all breach related legal work streams, to include corporate governance and commercial contract notification obligations. Together with the Matheson Commercial Litigation Group, we provide full support in relation to legal remedies such as take down injunctions, to stop the unlawful onward processing of data. 

In addition, our specialists advise on the full range of matters, from specific and strategic GDPR and ePrivacy compliance advice, through full compliance reviews, to advising clients on privacy by design for new products and services, data strategies for marketing, and the implementation of cookie and similar technologies.  Addressing data protection issues in structuring contractual frameworks, including in outsourcing and cloud arrangements and in multi-jurisdictional transactions, as well as guiding clients on ways of implementing compliant cross-border data flows, is a frequent focus of the Group.  

Latest Cyber Security Insights and Guides

GDPR and Data Subject Reporting Obligations - Why, When and How?

26/01/2022. In this article, we examine the key issues to bear in mind when carrying out a risk assessment with a view to establishing what notifications, if any, are required in a personal data breach scenario.  Read more>

Remote Working: The Risks and Challenges to Businesses

25/01/2022. The publication of this article coincides with the relaxation of Covid-19 restrictions, a gradual return to work and a proposed right to request remote working in certain circumstances.  It is widely accepted that hybrid working is part of a new norm in Ireland and beyond.  In this article, we consider the data protection issues that arise when working from home.  Read more >

Cyber Security and Data Protection Conference 2022 Highlights

Matheson's latest Data Protection, Technology & Cyber Bulletin is now available which features the latest cyber crime trends to watch out for, tips in relation to cyber attacks and social engineering attacks and an update on data protection breach fines and penalties.

Recent Videos


Our core data protection, privacy and cyber security services include:

Advisory, Prevention and Training

  • Providing strategic and practical advice to clients dealing with data subject rights, in particular data subject access rights, in both contentious and non-contentious situations, which we manage in conjunction with Matheson’s Digital Services Group. 
  • Data protection and privacy training for board members and senior management.
  • Advising on the implementation, or the review, of data audits, data mapping exercises, compliance processes and policies.
  • Providing practical legal guidance in preventing data loss, improving data security, and how to handle a data breach.
  • Advising clients concerning consumer protection regulation, utilisation of online and mobile tracking and employee monitoring.
  • Global data transfer management (transfer agreements, BCRs, etc.)

Investigations, Cyber Attack or Data Security Incident Planning and Response

  • Pre incident response planning assistance, to include a full data protection and privacy audit, the localising and updating of data protection policies in scope and a risk analysis of likely data protection and privacy concerns in the event of a cyber incident.
  • Emergency incident response in the event of a data security breach or a cyber attack, including the use of e-discovery and managing investigations.
  • On call assistance when a data incident is confirmed and full management of all legal issues from reporting to authorities to arranging take-down injunctions via the Courts. 

Supervisory Authority Liaison and Notification

  • Advising on data security breaches and interactions with Data Protection Commission, having advised on multiple significant security breach and cyber security incidents, data protection audits and “dawn raids”, investigations, and information and enforcement notices.
  • Liaising with supervisory authorities on behalf of clients, for example in the areas of breach notifications, authorisations and DPO appointments.
  • Contributing to consultations with government bodies on legislative developments.


Our Team

Experience Highlights

Our recent experience in Data Protection and Cyber Security includes:

  • Acting as a key strategic advisor to a social media multi-national on data protection compliance, engagements with data protection supervisory authorities, data protection strategy and structuring, board level governance of privacy and data protection issues, privacy aspects of global infrastructure projects and e-commerce regulatory advice.
  • Advising a social media multi-national on data protection compliance and associated corporate governance matters, management of contentious data protection matters and consumer complaints, and online consumer protection issues.
  • A very large online retailer on a project to roll out mandatory Covid-19 testing in its Irish work force, including working closely with the client on its associated data protection impact assessment.
  • Advising a US corporate in connection with a ransomware attack involving the first successful injunction granted by the Irish courts against “persons unknown” in the context of a cyber-attack.
  • Supporting and advising a large private healthcare provider through an extremely serious cyber incident involving a ransomware attack on their systems.
  • Counselling a professional services oversight body through a number of complex and technical data protection issues.
  • Advising a non-traditional financial services provider in relation to data protection matters in the context of the development and delivery of its strategically important mobile and web application.
  • Advising a major Irish retailer with international presence on a cyber-incident involving cross- border processing of consumer personal data.
  • Advising a publically traded pharmaceutical and chemical manufacturer on data protection matters.
  • Providing US headquartered technology company with strategic product counselling advice on cutting edge technology, including undertaking data protection impact assessments.
  • Advising a global technology company with advice on privacy related matters including managing the risks associated with privacy and employment litigation.
  • Advising a global provider in next-generation digital services and consulting on the Irish aspects of a reportable data breach which occurred in India but impacted a number of data subjects across Europe.

"My experience is one of excellent collaboration with Matheson’s team of data protection lawyers. There is a particular expertise in the data protection and privacy application to financial services. They also produce brilliant knowledge resources."
Data Privacy and Data Protection: European Legal 500 2024

"One of the big advantages of the data protection team in Matheson for an organisation such as ours is their ability to marry expertise in data protection. This insight enables them to think and advise in line with the appropriate risk management mindset."
Data Privacy and Data Protection: European Legal 500 2024

"Practical, focused advice from a team whose broad knowledge across the various legal issues related to data protection and privacy is particularly valuable. The team understand our business very well and the market we operate in. Very responsive and thorough at the same time in urgent, time-sensitive situations."
Data Privacy and Data Protection: European Legal 500 2022

"The collaborative and practical nature of the advice provided is very impressive".
Data Privacy and Data Protection: European Legal 500  2021

"Matheson’s data privacy team is top notch. Our legal department has instructed on a whole range of data protection issues: data sharing agreements, DSARs, DPIAs and security breaches."
Data Privacy and Data Protection: European Legal 500 2021

"I value my firm’s relationship with Matheson very highly...the Matheson team is certainly up there with some of the best teams in Ireland that I’ve worked with. Matheson's willingness to get underneath the bonnet and really understand the business is a huge asset".
Data Privacy and Data Protection: European Legal 500 2021

"They get our business and know the real pain points for in-house counsel in today’s market. There is no guff, just to-the-point advice".
Data Privacy and Data Protection: European Legal 500  2021