Areas of practicePrivacy and Data Protection

We advise companies from various sectors on everything related to personal data and privacy regulations, with a special focus on e-commerce

We offer a comprehensive service in this field and have a team of expert data protection lawyers which has spent many years advising companies and professionals on all legal issues related to personal data protection and e-commerce.

Personal Data Protection

When it comes to personal data protection, the hallmark of our practice area is our thorough knowledge and experience advising on the rights and obligations under the European General Data Protection Regulation (GDPR), and the Organic Law on Personal Data Protection and Securing Digital Rights (LOPDGDD).

In addition, our added value is the cross-disciplinary knowledge that we apply to every case, including knowledge of both general regulations (e.g., the workers' statute) and sector-specific regulations (e.g.: telecommunications, health, insurance, information society services, transportation, mass consumption, etc.), which allows us to identify and solve the needs and problems that our clients face.

Common projects

  • Adapting to the RGPDE and LOPDGDD and the implementing legislation

  • Legal audits and audits on information systems to verify the correct implementation of the required security measures

  • Legal assistance and representation in procedures related to data protection

  • Drafting sectoral codes of conduct

  • Drafting security protocols, records of processing activities, authentication documents, and security policies.

  • Providing advice and designing accountability measures to ensure that data is processed in accordance with the GDPR, making sure these measures are put into place in a demonstratable way (data protection policy from the drafting stage and by default, standard operating procedures for when data subjects exercise their rights, standard operating procedures for security incidents, standard operating procedures for data retention and erasure, video surveillance protocols, provider recruitment protocols, etc.)

  • Providing advice on international data transfer projects and binding corporate rules

  • Legal opinions and advice for complying and enforcing the group of obligations under the legislation

  • Analyzing or advising on any risks a particular product or service may pose to the data subject’s right to data protection (DPIA)

  • Drafting contracts with particular data protection implications (outsourcing, intra-group service provision, advertising campaigns, call-centers, agency contracts, database rentals, etc.)

  • Participating in the phases of due diligence and contract negotiation and guarantees related to business dealings

  • Support services for Data Protection Officers (DPO)

  • Providing advice on security issues, transfers of personal data, personal data security breaches, codes of conduct and certification, among others

  • Training and setting up security and data protection committees
  • E-commerce and internet

    • Adapting websites to the various general and sectoral implementing regulations

    • We also have extensive experience in matters related to privacy policies, responsibility and sanctions on data protection issues, rights to object, information security, rights to data portability, personal data in social networks, among other topics of interest related to data protection and security