McDermott’s privacy lawyers are well established in Germany, France, the UK and Italy, and provide sophisticated privacy advice to domestic and multi-national companies and vendors on a wide spectrum of data protection matters. These include global privacy policies, data transfer mechanisms, Privacy Shield assessments, notifications to in-country data protection authorities, GDPR preparation, reviews of new data laws and other compliance steps.
We work closely with operational data privacy officers, helping them establish and maintain effective relationships and communications with data protection authorities in relevant jurisdictions worldwide.
We have particular experience in EU/US Privacy Shield implementation strategies, with template documents and roadmap protocols to lessen the initial management time. Because we have had experience in FTC enforcement actions with Safe Harbor violations, we can assist clients in avoiding costly mistakes and remedying existing ones.
We also provide timely, effective counsel and strategies in response to multi-country cyberattacks and other security breaches affecting personal information.
McDermott routinely advises on the following:
- Organizational compliance requirements in relation to the General Data
- Protection Regulation due to come into force across the European Union in May 2018
- International inter- and multi-company agreements to collect, transfer and use customer, employee and other data (including model clauses and binding corporate rules)
- Assessments and implementation of the new US-EU Privacy Shield for data transfer
- Potential implications of the UK “Brexit” on employee data privacy practices (including international data transfers)
- Third party vendor management and contract terms regarding the collection and processing of the personal data in-country and cross-border
- Multinational privacy policies
- Data privacy implications of global whistleblowing hotlines (including obligations arising for certain organizations under the US Sarbanes-Oxley Act)
- Responses to data subject access requests