Data Protection and Privacy

We have advised on GDPR compliance projects on a global scale and we are actively advising many clients in relation to their response to regulatory investigations and enforcement actions undertaken by the Data Protection Commission and by other EU Data Protection supervisory authorities.

Our Group also provides strategic advice on the range of civil and criminal actions and investigations, as well as public law issues, that may arise under data protection legislation.

Cyber

We have advised on some of the highest profile data breach incidents in Ireland and internationally. We have acquired a depth of experience in cybersecurity matters, including incorporating proactive steps to comply with security laws and standards, responding to a cyber incident, engaging with law enforcement and data protection authorities and defending associated litigation.

We are regularly instructed in the immediate aftermath of a cyber-attack or data breach to advise on the legal and regulatory steps to be taken and to guide the board and senior management of an organisation through the containment, mitigation, investigation and resolution stages of a cyber-attack or breach.

Relevant Experience

• Advising on Legislative Compliance – including compliance with the Data Protection Acts 1988 to 2018 and the EU GDPR, the laws governing ePrivacy, the right to privacy established by the Irish Constitution and the right to private correspondence under Article 8 of the European Convention on Human Rights, including their interaction with other applicable laws of EU AI Act, Digital Services Act etc.
• Advising on Defending Enforcement Actions – we have market leading experience in advising domestic and multi-national clients on enquiries, investigations, prosecution, dawn raids and other enforcement actions undertaken by the Data Protection Commission and EU Data Protection Supervisory Authorities
• Advising on International Data Transfers – Ireland as a corporate data centre and trans border data flows, including Model Clauses, Binding Corporate Rules, EU-US Privacy Shield and other permitted means to legitimise the export and disclosure of personal data
• Advising on cyber-response policies and procedures and on incident management and regulatory reporting, having regard to legal obligations under the EU data protection and cyber security law, including the NIS2 Directive including the provision of cyber readiness workshop training to clients and boards of directors
• Advising on Data Protection in the Workplace – we have acted for some of the highest profile cases involving the theft or abuse of data in the workplace, working closely with our colleagues in our market leading Employment Group
• Advising on the procurement of technologies for regulated clients, having regard to obligations under DORA, the NIS Directives and the Cybersecurity Act, as applicable
• Advising on the containment, mitigation and investigation of cyber attacks and breaches, including advising on the legal and regulatory notifications to be issued and coordinating with An Garda Síochána Cyber Unit and the National Cyber Security Centre on the reporting and investigation of an attack where required
• Advising on any legal claims or proceedings arising from cyber incidents, such as negligence claims against third party providers or defence of compensation claims from affected individuals or other third parties
• Advising clients (corporates, financial institutions, state agencies) in legal actions arising from the unlawful use of confidential data by former employees and third parties
• Advising a range of technology and other clients in defending civil actions for alleged breach of the Data Protection Acts 1988 to 2018 and EU GDPR