Matúš Huba*

Overview

Matúš Huba focuses his practice on advising multinational companies on privacy and cybersecurity issues across a broad range of business sectors, with particular strength in the tech, life sciences/pharma, e-commerce, and automotive sectors. He helps clients balance complex legal requirements with their business needs, with a focus on ICT and cloud compliance, data breach management and regulatory engagement, health data processing, AI/machine learning implementation, and the creation of tailored multi-jurisdictional data transfer solutions.

Matúš helps clients design data utilization strategies to leverage data and employ EU/UK direct marketing, online tracking technologies and programmatic/RTB advertising campaigns in a compliant way. He has supported the development of numerous global privacy compliance programs, providing actionable advice on how to harmonize requirements across multiple international jurisdictions. He also actively provides pro-bono privacy compliance advice to various non-profit organizations.

*Non-lawyer professional

Results

Assisted an EU-US research foundation with its data protection and privacy obligations, and development of compliance documentation and processes vis-à-vis the participating patients and researchers, as well as donors, including advice on data protection impact assessments, consent implementation and transparency obligations, as well as DPO registration obligations*
Assisted a medical equipment manufacturer and distributor with a GDPR compliance program, including contractual coverage of data transfers, public-facing notices and international transfer issues, as well as assessment of IoT applications’ setup and privacy by design concerns*
Advised on EU-wide assessment, mitigation and notification obligations related to a phishing-related personal data breach*
Advised a clinical services provider and health products distributor on compliance with obligations related to the GDPR and the ePrivacy Directive with regard to its online presence and offering, in particular the transparency obligations*
Assisted a personal genomics and biotechnology services provider with determining the scope of GDPR application on its internal employee personal data compliance obligations and their implementation*

Advised a global provider of optical systems solutions and manufacturer of optical materials on comprehensive GDPR compliance assessment and resulting program adoption and roll-out, including preparation of multiple internal and public-facing documents and revision of existing contractual arrangements*
Assisted a cloud-based platform provider of software services to pharmaceutical companies with GDPR compliance regarding data onboarding and exchange on the platform and further use by the client, including transparency obligations compliance*
Assisted a global food production and distribution company on custom COVID-19 track and trace application development and implementation with regard to the GDPR and varied member state compliance requirements*
Advised an international e-commerce platform on ad-tech and digital advertising issues, and custom audience segments creation, including ePrivacy Directive implementation and enforcement and data protection impact analysis and transparency obligations under the GDPR*
Assisted an international aircraft manufacturer with its EU response to a multijurisdictional data breach, including assessment of GDPR rules application to the breach and notification obligations to EU supervisory authorities and data subjects and related documentation*
Advised an international machinery manufacturer on international data transfer compliance efforts under the GDPR, including use, maintenance and expansion of BCRs, SCCs and data transfer agreements with external vendors*
Assisted in the creation of a comprehensive custom Data Protection Impact Assessment process and documentation for a global client*
Assisted a packaging company on continued EEA, UK and Swiss data protection and privacy compliance efforts, including building a comprehensive GDPR, FADP and ePrivacy Directive compliance plan and implementation, including employee notification and training, data collection and use processes setup, intra-group and external data transfers compliance and adaptation to regulatory guidelines and applicable case law, COVID-19 response compliance, and including part-time in-house support with the legal department*
Assisted a number of leading global manufacturering companies with their response to cross-border ransomware security incidents and related data breach assessment, mitigation and notification obligations and strategies vis-à-vis multiple EU and UK supervisory authorities*
Advised an EU-based car manufacturing company regarding the determination of status of certain data collected from automated and connected vehicles as personal data under the GDPR and issues related to third-party access to vehicle data, including necessary data transfer arrangements implementation in the context of cooperative intelligent transport systems (C-ITS)*
Advised media measurement and analytics companies on compliance with EU and UK ad-tech rules and clients’ positioning vis-à-vis publishers, DSPs, SSPs and other business partners, including development and implementation of a consent mechanism, as well as compliance with EU and UK contractual and transparency obligations*
Assisted an international consulting and technology services company with day-to-day GDPR and ePrivacy Directive compliance efforts, including development and revision of internal processes on client data onboarding and processing and advice on contractual arrangements, including with governmental representatives and agencies*