McDermott’s privacy lawyers are well established in Germany, France, the UK, Italy and China, and provide sophisticated privacy advice to domestic and multi-national companies and vendors on a wide spectrum of data protection matters. These include global privacy policies, data transfer mechanisms, Privacy Shield assessments, notifications to in-country data protection authorities, GDPR preparation, reviews of new data laws and other compliance steps.
We work closely with operational data privacy officers, helping them establish and maintain effective relationships and communications with data protection authorities in relevant jurisdictions worldwide.
We have particular experience in EU/US Privacy Shield implementation strategies, with template documents and roadmap protocols to lessen the initial management time. Because we have had experience in FTC enforcement actions with Safe Harbor violations, we can assist clients in avoiding costly mistakes and remedying existing ones.
We also provide timely, effective counsel and strategies in response to multi-country cyberattacks and other security breaches affecting personal information.
McDermott routinely advises on the following:
Organizational compliance requirements in relation to the General Data
Protection Regulation due to come into force across the European Union in May 2018
International inter- and multi-company agreements to collect, transfer and use customer, employee and other data (including model clauses and binding corporate rules)
Assessments and implementation of the new US-EU Privacy Shield for data transfer
Potential implications of the UK “Brexit” on employee data privacy practices (including international data transfers)
Third party vendor management and contract terms regarding the collection and processing of the personal data in-country and cross-border
Multinational privacy policies
Data privacy implications of global whistleblowing hotlines (including obligations arising for certain organizations under the US Sarbanes-Oxley Act)
Advised an international chemicals and specialty materials producer regarding the global implementation of a GDPR compliance program, including the assessment of current practices, the review and amendment of policies, processes and documentation, and the appointment of a central DPO
Advised a global medical device company on certification of compliance with the US-EU Privacy Shield, data mapping, review and evaluation of internal and external policies and procedures, and vendor contract amendments to comply with Privacy Shield requirements
Handled a series of large data breaches involving personnel records of employees in the United States and around the world and advised our client on its obligations under the laws of every US state and more than 50 countries; managed communications with the affected employees and various government regulators; and persuaded regulators to forego any claim against our client
Advised an international university regarding GDPR compliance, including the scope of application of the GDPR to activities in the EU, the lawful grounds for processing personal data (such as consent), appointment of a DPO, and various other GDPR compliance issues
Created a GDPR-compliance privacy program covering the legal grounds of data processing, external privacy notices, internal privacy guidelines, international data transfers, and online data collection for a US retail products manufacturer
Counseled a leading EU telecommunications service provider on prerequisites for the processing of personal data by third-party vendors outside of the EU
Advised a US manufacturer of industrial products on the privacy implications of selling and remotely operating smart devices in the EU
Advised a US health care provider on the legal prerequisites of using European patient data for scientific purposes
Advised an international clothing retailer on the use of EU standard contractual clauses in agreements between its subsidiary companies and key vendors
Designed a major multinational company’s corporate privacy and cybersecurity program, including work tasks, team designations, high-medium-low priority designations, and a presentation to senior leadership team on privacy and cybersecurity risks
Created a vendor-management program to deal with a multinational client’s compliance obligations in selecting vendors capable of protecting consumer personal information, including a due diligence checklist, template privacy and security provisions, and negotiating tips
Advised an international human resources services provider on revising its suite of online privacy policies to ensure compliance with EU and US law and on preparing for foreseeable future developments of the pertinent law
Advised dozens of clients on standard contractual clauses and similar agreements for transferring personal data from the EU to jurisdictions without EU-level privacy protection standards