With significant reputational issues at stake, data protection, privacy and cyber security is an increasingly complex and challenging management issue for all businesses, including in light of the GDPR and recent similar initiatives in other jurisdictions, the increasing use of biometics, the ubiquity of cloud computing and the emphasis on data analytics. Our cross departmental Data Protection, Privacy and Cyber Security group, which is led from our Technology and Innovation practice, is made up of specialists who provide advice to our wide range of clients, including several of the world’s leading multi-nationals and financial institutions, on data protection and privacy law and in relation to cyber security issues.
A leader in its field, the Data Protection, Privacy and Cyber Security group advises on the full range of matters, from specific and strategic GDPR and ePrivacy compliance advice, through full compliance reviews, to advising clients on privacy by design for new products and services, data strategies for marketing, and the implementation of cookie and similar technologies. Addressing data protection issues in structuring contractual frameworks, including in outsourcing and cloud arrangements and in multi-jurisdictional transactions, as well as guiding clients on ways of implementing compliant cross-border data flows, is a frequent focus of the Group.
The Group provides strategic and practical advice to clients dealing with data subject rights, in particular data subject access rights, in both contentious and non-contentious situations, which we manage in conjunction with Matheson’s Digital Services Group. We advise on data security breaches and interactions with Data Protection Commissioner, having advised on multiple significant security breach incidents, data protection audits and “dawn raids”, investigations, and information and enforcement notices.
Our recent experience in Data Protection and Cyber Security includes:
- Acting as a key strategic advisor to a social media multi-national on data protection compliance, engagements with data protection supervisory authorities, data protection strategy and structuring, board level governance of privacy and data protection issues, privacy aspects of global infrastructure projects and e-commerce regulatory advice.
- Advising a social media multi-national on data protection compliance and associated corporate governance matters, management of contentious data protection matters and consumer complaints, and online consumer protection issues.
- A very large online retailer on a project to roll out mandatory Covid-19 testing in its Irish work force, including working closely with the client on its associated data protection impact assessment.
- Advising a US corporate in connection with a ransomware attack involving the first successful injunction granted by the Irish courts against “persons unknown” in the context of a cyber-attack.
- Supporting and advising a large private healthcare provider through an extremely serious cyber incident involving a ransomware attack on their systems.
- Counselling a professional services oversight body through a number of complex and technical data protection issues.
- Advising a non-traditional financial services provider in relation to data protection matters in the context of the development and delivery of its strategically important mobile and web application.
- Advising a major Irish retailer with international presence on a cyber-incident involving cross- border processing of consumer personal data.
- Advising a publically traded pharmaceutical and chemical manufacturer on data protection matters.
- Providing US headquartered technology company with strategic product counselling advice on cutting edge technology, including undertaking data protection impact assessments.
- Advising a global technology company with advice on privacy related matters including managing the risks associated with privacy and employment litigation.
- Advising a global provider in next-generation digital services and consulting on the Irish aspects of a reportable data breach which occurred in India but impacted a number of data subjects across Europe.
European Legal 500 2016