GDPR legal support and advisory

In 2016, the European Parliament and the Council on the protection of natural persons with regards to the processing of personal data and on the free movement of such data have enacted the Regulation (EU) 216/679, also known as GDPR. In summary, the new European General Data Protection Regulation (GDPR) brings additional safety requirements and obligations for businesses that process personal data belonging to EU citizens. More details about what this implies and how we can help you, may be found below.

How is GDPR affecting your business?

GDPR affects all businesses (both EU and non-EU companies) that are offering products or services to EU customers and comes into force on the 25th of May 2018. Among some of the main aspects that data processors must be aware of, but not the only ones, are:


GDPR applies to all EU companies acting as data controllers and processors, as well as all companies handling the personal data of EU citizens.


The controller must be able to demonstrate that the consent for personal data processing has been granted via a statement or a clear affirmative action.

Personal rights

EU citizens have the right to be forgotten (have their data erased upon request), the right to data portability (to require their data transfer to other company) and the right to object to profiling (decisions based on automated processing).


A Data Protection Officer (DPO) must normally be appointed if the company conducts large scale systematic monitoring or processes large amounts of sensitive personal data.

Processing duties

An obligation to implement appropriate technical and organizational measures, such as Pseudonymisation, the obligation to keep track of processing activities and an obligation to notify any breach of personal data no later than 72 hours from the time of detection.

Cross-border transfer

The transfer of personal data outside the EU and the EEA, may only be done in compliance with the conditions for transfer set out in Chapter V of the GDPR and based on the Commission’s decision.


Infringement(s) of these fundamental principles may result in sanctions of up to EUR 20 million, or 4% of the total annual turnover of the preceding year – whichever is higher.

Our GDPR implementation and compliance services

Considering the high sanctions and the limited time that businesses have to ensure that all legal and technical aspects are covered, it is important to pick the right professional partner. Our international legal and corporate advisors are ready to help you identify how GDPR impacts your company and support you in the following areas:

  • Overall revision of your current personal data processing, including follow-up analysis
  • Preparation of internal guidelines, working procedures and manuals, employee’s accord for data processing
  • Revision and adjustment of the appropriate contractual relationship with the persons involved in processing, including subscribers and other business partners
  • Analysis of whether it is required to carry out an impact assessment on the protection of personal data and any follow-up support in the process, as well as when dealing with a supervisor, with whom the results of the assessment should be consulted
  • Other services according to your specific needs and requirements