Enforcement internationally of data privacy laws also poses challenges for global business; increasing co-operation among Data Protection Authorities is the order of the day under initiatives such as GPEN.
Businesses need to navigate these differences with confidence and, where feasible, avoid multiple or inconsistent underlying business processes in order to deliver goods and services efficiently to their customers. And they need to do so in a way that maintains the trust of their customers, employees and business partners.
Our clients seek comprehensive cross-border advice on their international data protection compliance in light of the developing legal landscape. Combining our non-contentious skillsets with our standout litigation and investigations expertise, we are one of the few international legal firms with the expertise to respond.
Many of our client mandates are multi-jurisdictional and highly sensitive in nature. Noted by Chambers 2014 for our work on multi-jurisdictional compliance projects across Europe, Latin America, the Gulf and Asia-Pacific, we work alongside clients to deliver commercial advice, seamlessly across relevant jurisdictions. We have developed cost effective methodologies and know-how for handling such projects.
Recent cross border mandates include internal investigations engaging allegations of civil and/or criminal breaches of data protection laws, undertaking enterprise-wide audits, compliance programs, advising on the design of compliant new products and databases, the procurement of compliant IT systems, drafting of privacy notices, and responding to contentious subject access requests.
The following are examples of our client successes:
- We supported a nation state in the Gulf region with the creation of an entirely new privacy law within the region, requiring close consultation with key stakeholders.
- We advised one of the world's leading car manufacturers on the development and operation of the company's newest high-profile user connectivity product line, involving the progress and distribution of connectivity functionalities, such as app supported lock/unlock functionality and driver assistance systems.
- We provide a global advertising group with strategic advice on all UK and selected international data protection issues around its digital platform businesses
- We advised a global professional services and insurance brokerage group on a review of their personal data collection and usage practices in their operations across Asia Pacific
- We advised a client in the advanced manufacturing sector in relation to a BCR application as a data controller, covering their operations worldwide, in four continents.
- We advised a leading European insurer on a data breach by its third party services provider in two jurisdictions, involving the compromise of a substantial number of customer records.
- We advised a European financial institution on the implementation of an experimental mobile payment platform in Africa
- We advised a multinational on the transfer of personal data and other sensitive information to the German criminal authorities in connection with an anti-bribery investigation
- We advised a global tobacco provider on the data protection issues of disclosure of employee personal data in 39 jurisdictions
- We drafted a customer facing data protection policy for an international aviation sector client, for use in all geographies outside the US.
- With the launch of a new data protection law in Singapore, we provided our client, a leading investment company in the region, with a full end to end solution to enable the organisation to be ready for the new legislation.
- We advised a human resources diagnostics company in relation to data protection breaches including administrative actions and criminal investigations arising from the breaches
- We advised an internationally expanding biotech company on the full range of data protection compliance matters associated with doing business in Germany.