Find a trusted GDPR Law Firm from the list that Equisolve and our clients use.

Since GDPR went into effect in May of 2018 we have had extensive interaction with our clients (Data Controllers) 

Below are GDPR Law Firms that our clients and Equisolve work with:

How to get listed on this page


Hiring a General Data Protect Regulation Lawyer / GDPR Law Firm?

There are few laws that have garnered as much regulatory and public attention as the General Data Protection Regulation (the “GDPR”), which came into effect on May 25, 2018. The GDPR is a European Union law but applies to companies located outside the European Union, provided such companies process personal data in relation to the (i) offering of goods or services to individuals located in the European Union (regardless of payment) or (ii) monitoring of the behavior of individuals located in the European Union (e.g., use of cookies, pixel tags, tracking technologies, among other things, including by service providers).

The definition of “personal data” is very broad under the GDPR; it includes typical identifiers such as a name, address, phone number, and email address, but also can include various other identifying information, such as IP addresses, advertising IDs (e.g., Apple iDFAs, Android AAIDs), cookie IDs, log information, etc. With potential fines of up to 4% of a company’s worldwide annual revenue, companies need to determine if it is under the scope of the GDPR and take steps to comply in order to avoid regulatory scrutiny, negative public attention, and to keep driving sales with customers that require compliance.

Among the GDPR’s many obligations, businesses must provide certain “rights” to individuals, such as the right to delete, correct, provide access to, “port,” restrict, or object to the processing of, their personal data within thirty (30) days upon request. Further, companies must enter into particular contractual agreements with its customers and service providers that may “process” personal data (i.e., use in any way, including for storage or hosting purposes), document all its different uses of personal data in a particular format, report data breaches within seventy-two (72) hours or less, have an approved “data transfer mechanism” to receive data from the EU (such as to your cloud hosting providers in the US), appoint an EU representative, and have proper internal policies and procedures to demonstrate compliance with the GDPR’s various principles, among other things.

Due to the many complex requirements and restrictions that the GDPR imposes upon the use of personal data, entities that may do business in the European Union should consider hiring an attorney whose practice is focused on global privacy and cybersecurity laws. A privacy lawyer will understand how the GDPR applies to your business and how to carry out the implementation in a practical, business-oriented manner. This includes understanding the range of laws that your business may be subject to and finding the right strategy for respecting both your local legal obligations and GDPR requirements. 

Further, a skilled privacy attorney will have a strong understanding of the EU landscape in order to fully understand the intent behind the GDPR’s various provisions. Though many state that the GDPR is a new law, there are years of case law, enforcement actions, and guidance documents from the European Union’s previous law, the Data Protection Directive, that a privacy attorney can use to bring further clarity to any business’s obligations. Indeed, only one year in, we have already seen enforcement actions under the GDPR resulting in fines ranging from thousands to millions of Euros.

Finally, the GDPR has become the model that other countries are using to pass their own privacy laws. For example, the California Consumer Privacy Act of 2018 (the “CCPA”) borrows heavily from the GDPR. A forward-thinking privacy attorney will help you set up a privacy governance framework built around the GDPR principles so that you are in a better position to apply with these various laws around the world with lower incremental costs.