Data protection and Privacy

It seems like data has become the hottest commodity of the 21st century. Every week new articles on the GDPR, Big Data, ‘the Internet of Things’ pop up on news sites and are being shared and liked en masse on our social networks. Over the past years both the private and public sector have become large producers, facilitators and consumers of data. Not a day goes by without our actions requiring individuals to give up data. Although it may have become evident to think of data as another run-of- the-mill commodity, just like coffee or potatoes, the reality is quite different. Truth is, most data relates to individuals, protected by fundamental rights and freedoms. Thus, our data should not be treated as just another commodity, but as one of a more complex nature.

With the announcement of the new General Data Protection Regulation a complex new legal framework is in existence for data security. Together with new defined obligations, the GDPR also imposes substantial fines for non-compliance. Data protection and privacy is a fact and proper compliance should become a top priority for businesses. How can we help you?

Data protection and corporate governance

Companies doing business globally need to make data protection part of their corporate governance. Being data protection-compliant ensures the trust of your customers, suppliers, employees and alike in your business. The GDPR incentivizes the application of codes of conduct and promotes the use of privacy certification mechanisms, seals and marks.

Our lawyers can assist you with the development of your company’s privacy strategy, coordinate and implement data protection compliance projects for group companies acting internationally. We offer services such as data protection risk mapping to prepare for the implementation of the GDPR in 2018, drafting of privacy and cookie policies, protocols and agreements appropriate for your business and organization. We can provide detailed advice on processing of sensitive data, how to deal with data breaches and even provide guidance to your company’s DPO. Furthermore, we can provide advice on your company’s data transfer intentions and assist with the drafting of Binding Corporate Rules and the EU approval procedure.

Data protection and M&A

The GDPR will impact many M&A transactions. Due diligence with a specific focus on data protection within an M&A transaction is essential for buyers to better understand their exposure and value the deal, and in some cases it could even prevent an M&A deal. How has the target collected, stored and used customer and/or employee data? Has the target appointed a DPO? Has the target processed sensitive data correctly? Has the target got the right contracts, policies and protocols in place? Have data breaches been notified within the limits of the GDPR? When will the data be transferred from the target to the buyer?

Our lawyers can perform a data protection due diligence which can vary from a limited due diligence to a full on-site privacy risk assessment, depending on the type and scale of data processing activities performed by the target. Based on the outcome of the due diligence, it may become evident that specific indemnities, covenants and conditions precedent should be agreed upon. Finally, we can also advise our clients on post-acquisition integration strategies and actions ensuring data protection compliance once the transaction is completed (e.g. new data processing, updating of policies, compliance, transfer of data outside EU, etc.).

Data protection and employment

Our team of employment law experts can also provide advice and assistance with your data protection and privacy questions within the field of labor law. We can provide trainings to your employees to raise awareness and minimize non-compliance by your organization with the GDPR. Our lawyers cans assist your company with specific questions such as the instalment of camera systems, the drafting of protocols on the use of mobile phones, laptops and company emails.

How do we differentiate ourselves?

We are an integrated, multi-disciplinary practice providing corporate, commercial, employment, M&A and tax controversy services legal advice, alongside our existing advisory, assurance, tax, human capital, and transactions services. Hence, our approach is clearly different to that taken by traditional law firms. The reason for that is the privileged cooperation EY Law has entered into with EY Tax Consultants. We ensure that our clients obtain legal, tax, etc. services of a uniform quality in an integrated way. We don’t use the word ‘integrated’ lightly, and believe our approach is what enables us to deliver a truly different service.