Pilar’s skillset extends beyond personal data advice. She provides comprehensive guidance on all facets of digital regulation affecting data, whether personal or otherwise. From navigating online platform rules under the Digital Services Act to addressing new Internet of Things regulations under the Data Act, and ensuring compliance with cybersecurity requirements under the NIS 2 Directive, Pilar ensures that clients are fully supported in meeting these evolving regulatory challenges.

Pilar’s practice includes advising on:

• Cybersecurity Governance: Pilar assists clients in developing and implementing comprehensive cybersecurity governance frameworks. She works closely with businesses to create policies and procedures that mitigate risks, ensure compliance with international cybersecurity regulations, and protect critical assets from evolving threats.
• Incident and Data Breach Management: Pilar is highly experienced in guiding organizations through the complexities of data security incidents. She advises clients on their legal responsibilities when they suffer an incident, providing support throughout the investigation and mitigation processes. Pilar also offers expert counsel on reporting duties to regulators, customers, and impacted data subjects across the UK, Europe, and beyond. Her support extends to handling wider complaints, investigations, and enforcement actions by regulators, customers, and data subjects.
• Privacy and Product Compliance: Pilar counsels clients on data protection considerations for new product or service launches, focusing on data protection by design and by default, profiling, advertising rules, direct marketing, and compliance with international regulations.
• Artificial Intelligence (AI): AI promises to revolutionize productivity and spur advancements across healthcare, transportation, finance, energy, and more. Yet it also poses risks, and the global regulatory framework for AI is rapidly evolving. Pilar’s team guides clients through these regulations, helping them maximize AI’s benefits while minimizing risks. Her AI services include:
  • AI Governance: Pilar helps clients identify their AI objectives, define principles for AI deployment, and implement accountable policies and practices to ensure responsible AI use.
  • AI System Maps: Pilar assists clients in identifying and mapping their AI systems to ensure clear understanding and effective management.
  • Know Your Role: Pilar guides clients in understanding their specific roles and responsibilities under AI laws, which impose different obligations on AI providers, deployers, and operators.
  • Risk Assessment: Pilar helps clients navigate the strict requirements for prohibited and high-risk AI systems under European AI rules, ensuring compliance.
  • Vendor Assessments: Pilar assists clients in assessing the risks of proposed AI vendor solutions, identifying practical risk-mitigation measures, and negotiating robust contractual terms with vendors.
  • Risk-Based Rules: Pilar provides advice on European AI laws, which prohibit certain AI practices and specify detailed rules for “high-risk” AI systems and general-purpose AI models. She helps clients assess the risk categorization of their AI and the applicable rules.
• Digital Regulation Compliance: Pilar provides strategic advice on digital regulation, including:
  • Gap Assessments: Pilar performs gap assessments against digital regulatory laws and identifies remediation measures to ensure full compliance.
  • Cloud Services: Pilar updates transparency notices and contractual terms to address customers’ switching rights under the EU Data Act.
  • Online Platform Assessment: Pilar identifies whether clients are classified as “online platforms” subject to the comprehensive rules under the Digital Services Act.
  • Online Profiling and Advertising: Pilar advises on the impact of the Digital Services Act (DSA) and Digital Markets Act (DMA) on online profiling and advertising practices.
  • NIS2 Compliance: Pilar provides guidance on the cybersecurity measures and reporting requirements necessary for compliance with the NIS 2 Directive.
  • Risk Management: Pilar helps clients understand which digital agenda and data strategy laws apply to them and how to manage potential liabilities.

Before joining McDermott, Pilar gained invaluable experience at a top-tier international law firm specializing in data and technology. Her extensive in-house experience across major global companies in e-commerce, cloud services, and telecommunications has given her a practical, business-oriented approach to legal challenges, making her an invaluable asset to her clients.

Pilar also maintains an active pro-bono practice, assisting various organizations with their cybersecurity, data protection, artificial intelligence, and broader compliance needs.

Weniger anzeigen

• Global Data Breach Coordination: Advised a major cloud services provider on a multijurisdictional data breach, leading the incident response and ensuring timely and compliant notifications to regulators and affected individuals in over 20 countries. Pilar’s coordination was crucial in minimizing operational disruption and legal exposure.
• AI Governance and Risk Assessment: Counseled a European AI company on the development of governance frameworks and risk assessments for its AI solutions, ensuring compliance with the latest EU AI regulations. Pilar’s guidance enabled the company to integrate AI technologies responsibly and in line with regulatory expectations.
• PCI DSS Training: Conducted a comprehensive PCI DSS (Payment Card Industry Data Security Standard) training for a China-based e-commerce company, equipping their teams with the necessary knowledge and tools to achieve compliance. This training was instrumental in strengthening the company’s payment data security and avoiding potential penalties.
• Clinical Trials Data Protection: Assisted a global pharmaceutical company in ensuring data protection compliance across multiple jurisdictions during clinical trials. Pilar’s work included the development and review of informed consent forms, ensuring GDPR compliance, and advising on data sharing agreements. Her guidance facilitated smooth trial processes and compliance with complex regulatory requirements.
• Clinical Trials and Healthcare Data Compliance: Assisted global pharmaceutical companies and clinical research organizations in ensuring data protection compliance across multiple jurisdictions during clinical trials. This included developing and reviewing informed consent forms, advising on GDPR compliance, data sharing agreements, and managing participant data, which facilitated smooth trial processes and regulatory approvals.
• Healthcare and Medical Device Compliance: Provided strategic advice to medical device manufacturers on data protection for sensitive health data, including drafting robust privacy policies and managing regulatory communications to ensure compliance with global privacy laws.

Weniger anzeigen