Überblick
Pilar Arzuaga focuses her practice on advising companies across various industries, with a wealth of experience in cybersecurity governance, data protection, artificial intelligence, and global privacy compliance. With over a decade in practice, Pilar has built a robust practice advising organizations in telecommunications, media, Internet of Things (IoT), cloud services, health, life sciences, robotics, artificial intelligence, ad tech, retail, and finance sectors. She provides strategic guidance on navigating complex regulatory landscapes, ensuring that clients meet their legal obligations while effectively managing risks.
Pilar’s strength is further enriched by her significant in-house experience. She spent five years working at a leading e-commerce and cloud services company, where she focused on privacy and product compliance for cross-border launches. She then served as an in-house secondee at a major cloud service provider, followed by her role as a Senior Cybersecurity Counsel at a prominent telecommunications company headquartered in China. These roles have given Pilar a strong track record in developing practical, business-oriented solutions that align legal requirements with operational goals, allowing her to effectively bridge the gap between legal compliance and business strategy.
Pilar’s skillset extends beyond personal data advice. She provides comprehensive guidance on all facets of digital regulation affecting data, whether personal or otherwise. From navigating online platform rules under the Digital Services Act to addressing new Internet of Things regulations under the Data Act, and ensuring compliance with cybersecurity requirements under the NIS 2 Directive, Pilar ensures that clients are fully supported in meeting these evolving regulatory challenges.
Pilar’s practice includes advising on:
- Cybersecurity Governance: Pilar assists clients in developing and implementing comprehensive cybersecurity governance frameworks. She works closely with businesses to create policies and procedures that mitigate risks, ensure compliance with international cybersecurity regulations, and protect critical assets from evolving threats.
- Incident and Data Breach Management: Pilar is highly experienced in guiding organizations through the complexities of data security incidents. She advises clients on their legal responsibilities when they suffer an incident, providing support throughout the investigation and mitigation processes. Pilar also offers expert counsel on reporting duties to regulators, customers, and impacted data subjects across the UK, Europe, and beyond. Her support extends to handling wider complaints, investigations, and enforcement actions by regulators, customers, and data subjects.
- Privacy and Product Compliance: Pilar counsels clients on data protection considerations for new product or service launches, focusing on data protection by design and by default, profiling, advertising rules, direct marketing, and compliance with international regulations.
- Artificial Intelligence (AI): AI promises to revolutionize productivity and spur advancements across healthcare, transportation, finance, energy, and more. Yet it also poses risks, and the global regulatory framework for AI is rapidly evolving. Pilar’s team guides clients through these regulations, helping them maximize AI’s benefits while minimizing risks. Her AI services include:
- AI Governance: Pilar helps clients identify their AI objectives, define principles for AI deployment, and implement accountable policies and practices to ensure responsible AI use.
- AI System Maps: Pilar assists clients in identifying and mapping their AI systems to ensure clear understanding and effective management.
- Know Your Role: Pilar guides clients in understanding their specific roles and responsibilities under AI laws, which impose different obligations on AI providers, deployers, and operators.
- Risk Assessment: Pilar helps clients navigate the strict requirements for prohibited and high-risk AI systems under European AI rules, ensuring compliance.
- Vendor Assessments: Pilar assists clients in assessing the risks of proposed AI vendor solutions, identifying practical risk-mitigation measures, and negotiating robust contractual terms with vendors.
- Risk-Based Rules: Pilar provides advice on European AI laws, which prohibit certain AI practices and specify detailed rules for “high-risk” AI systems and general-purpose AI models. She helps clients assess the risk categorization of their AI and the applicable rules.
- Digital Regulation Compliance: Pilar provides strategic advice on digital regulation, including:
- Gap Assessments: Pilar performs gap assessments against digital regulatory laws and identifies remediation measures to ensure full compliance.
- Cloud Services: Pilar updates transparency notices and contractual terms to address customers’ switching rights under the EU Data Act.
- Online Platform Assessment: Pilar identifies whether clients are classified as “online platforms” subject to the comprehensive rules under the Digital Services Act.
- Online Profiling and Advertising: Pilar advises on the impact of the Digital Services Act (DSA) and Digital Markets Act (DMA) on online profiling and advertising practices.
- NIS2 Compliance: Pilar provides guidance on the cybersecurity measures and reporting requirements necessary for compliance with the NIS 2 Directive.
- Risk Management: Pilar helps clients understand which digital agenda and data strategy laws apply to them and how to manage potential liabilities.
Before joining McDermott, Pilar gained invaluable experience at a top-tier international law firm specializing in data and technology. Her extensive in-house experience across major global companies in e-commerce, cloud services, and telecommunications has given her a practical, business-oriented approach to legal challenges, making her an invaluable asset to her clients.
Pilar also maintains an active pro-bono practice, assisting various organizations with their cybersecurity, data protection, artificial intelligence, and broader compliance needs.
Referenzmandate
- Cybersecurity Governance: Led the development and implementation of a comprehensive cybersecurity governance framework for a global telecommunications company, ensuring compliance with international standards and reducing the risk of cyber threats. The framework has been adopted across multiple regions, resulting in enhanced security posture and regulatory compliance.
- Incident and Data Breach Management: Successfully managed a complex data breach for a multinational financial services firm, coordinating the investigation and response across Europe and the UK. Pilar’s guidance on reporting duties to regulators, customers, and impacted data subjects helped mitigate potential fines and maintain the firm’s reputation.
- Regulatory Compliance and Enforcement Actions: Provided strategic counsel to a leading e-commerce company during a regulatory investigation following a data security incident. Pilar’s skill in navigating the investigation process and engaging with regulators resulted in a favorable outcome, avoiding severe penalties and ensuring future compliance.
- Global Data Breach Coordination: Advised a major cloud services provider on a multijurisdictional data breach, leading the incident response and ensuring timely and compliant notifications to regulators and affected individuals in over 20 countries. Pilar’s coordination was crucial in minimizing operational disruption and legal exposure.
- AI Governance and Risk Assessment: Counseled a European AI company on the development of governance frameworks and risk assessments for its AI solutions, ensuring compliance with the latest EU AI regulations. Pilar’s guidance enabled the company to integrate AI technologies responsibly and in line with regulatory expectations.
- PCI DSS Training: Conducted a comprehensive PCI DSS (Payment Card Industry Data Security Standard) training for a China-based e-commerce company, equipping their teams with the necessary knowledge and tools to achieve compliance. This training was instrumental in strengthening the company’s payment data security and avoiding potential penalties.
- Clinical Trials Data Protection: Assisted a global pharmaceutical company in ensuring data protection compliance across multiple jurisdictions during clinical trials. Pilar’s work included the development and review of informed consent forms, ensuring GDPR compliance, and advising on data sharing agreements. Her guidance facilitated smooth trial processes and compliance with complex regulatory requirements.
- Clinical Trials and Healthcare Data Compliance: Assisted global pharmaceutical companies and clinical research organizations in ensuring data protection compliance across multiple jurisdictions during clinical trials. This included developing and reviewing informed consent forms, advising on GDPR compliance, data sharing agreements, and managing participant data, which facilitated smooth trial processes and regulatory approvals.
- Healthcare and Medical Device Compliance: Provided strategic advice to medical device manufacturers on data protection for sensitive health data, including drafting robust privacy policies and managing regulatory communications to ensure compliance with global privacy laws.
Mitgliedschaften
- Argentinian Bar Association, Member
- International Association of Privacy Professionals, Member
Qualifikation
Education
International Association of Privacy Professionals, CIPP/E
Universidad Blas Pascal, Argentina, Law
University of Edinburgh, UK, Law and Medical Ethics
Admissions
Argentina, 2014
England and Wales (Registered Foreign Lawyer)
Languages
English
Spanish
Italian (conversational)
French (conversational)
Portuguese (conversational)