Pilar Arzuaga

Overview

Pilar Arzuaga has over a decade of experience advising companies across various industries on cybersecurity governance, data protection, artificial intelligence, and digital regulation. She works with clients in sectors such as telecommunications, media, IoT, cloud services, health, life sciences, robotics, ad tech, retail, and finance, providing strategic guidance to navigate complex regulatory landscapes and manage risks effectively.

Pilar’s expertise is enriched by her significant in-house experience at leading global companies, where she focused on privacy, product compliance, and cybersecurity. Her practical, business-oriented approach ensures that legal requirements are aligned with operational goals, bridging the gap between compliance and business strategy.

Results

Led the development and implementation of a comprehensive cybersecurity governance framework for a global telecommunications company, ensuring compliance with international standards and reducing the risk of cyber threats. The framework has been adopted across multiple regions, resulting in enhanced security posture and regulatory compliance.
Successfully managed a complex data breach for a multinational financial services firm, coordinating the investigation and response across Europe and the UK. Provided guidance on reporting duties to regulators, customers, and impacted data subjects, which helped mitigate potential fines and maintain the firm’s reputation.

Provided strategic counsel to a leading e-commerce company during a regulatory investigation following a data security incident. Expertly navigated the investigation process and engaged with regulators, resulting in a favourable outcome, avoiding severe penalties, and ensuring future compliance.
Advised a major cloud services provider on a multijurisdictional data breach, leading the incident response and ensuring timely and compliant notifications to regulators and affected individuals in over 20 countries. This coordination was crucial for consistency in minimizing operational disruption and legal exposure.
Counseled a multinational AI company on the development of governance frameworks and risk assessments for its AI solutions, ensuring compliance with the latest EU and UK AI regulations. Guided the company to integrate AI technologies responsibly and in line with regulatory expectations.
Conducted comprehensive PCI DSS (Payment Card Industry Data Security Standard) training for a China-based payment processor, equipping their teams with the necessary knowledge and tools to achieve compliance. This training was instrumental in strengthening the company’s payment data security and avoiding potential penalties.
Assisted a global pharmaceutical company in ensuring data protection compliance across multiple jurisdictions during clinical trials. Developed and reviewed informed consent forms, ensured GDPR compliance, and advised on data sharing agreements, facilitating smooth trial processes and compliance with complex regulatory requirements.
Provided strategic advice on international data transfers, including drafting and negotiating international data transfer agreements to ensure compliance with GDPR and other international data protection laws.
Assisted in the transfer of patient records during the sale of a hospital, ensuring that the data was handled securely and in full compliance with GDPR and other relevant regulations, safeguarding patient privacy throughout the transaction.
Developed and implemented global data retention policies and frameworks for a multinational corporation, ensuring compliance with various international regulations while optimizing data management and reducing legal risks.
Provided strategic advice to medical device manufacturers on data protection for sensitive health data, including drafting robust privacy policies and managing regulatory communications to ensure compliance with global privacy laws.

Show Less