GDPR Law Firms
Below is a list of GDPR Law Firms used by Equisolve and our clients.
Since GDPR went into effect in May of 2018 we have had extensive interaction with our clients (Data Controllers) and their GDPR law firms
Haynes and Boone
Things to consider when interviewing GDPR Law Firms?
The definition of “personal data” is very broad under the GDPR; it includes typical identifiers such as a name, address, phone number, and email address, but also can include various other identifying information, such as IP addresses, advertising IDs (e.g., Apple iDFAs, Android AAIDs), cookie IDs, log information, etc. With potential fines of up to 4% of a company’s worldwide annual revenue, companies need to determine if it is under the scope of the GDPR and take steps to comply in order to avoid regulatory scrutiny, negative public attention, and to keep driving sales with customers that require compliance.
Among the GDPR’s many obligations, businesses must provide certain “rights” to individuals, such as the right to delete, correct, provide access to, “port,” restrict, or object to the processing of, their personal data within thirty (30) days upon request. Further, companies must enter into particular contractual agreements with its customers and service providers that may “process” personal data (i.e., use in any way, including for storage or hosting purposes), document all its different uses of personal data in a particular format, report data breaches within seventy-two (72) hours or less, have an approved “data transfer mechanism” to receive data from the EU (such as to your cloud hosting providers in the US), appoint an EU representative, and have proper internal policies and procedures to demonstrate compliance with the GDPR’s various principles, among other things.
Due to the many complex requirements and restrictions that the GDPR imposes upon the use of personal data, entities that may do business in the European Union should consider hiring a GDPR law Firm and attorney whose practice is focused on global privacy and cybersecurity laws. A privacy lawyer will understand how the GDPR applies to your business and how to carry out the implementation in a practical, business-oriented manner. This includes understanding the range of laws that your business may be subject to and finding the right strategy for respecting both your local legal obligations and GDPR requirements.
Further, skilled GDPR Law Firms and privacy attorneys will have a strong understanding of the EU landscape in order to fully understand the intent behind the GDPR’s various provisions. Though many state that the GDPR is a new law, there are years of case law, enforcement actions, and guidance documents from the European Union’s previous law, the Data Protection Directive, that a GDPR Law Firm and attorney can use to bring further clarity to any business’s obligations. Indeed, only one year in, we have already seen enforcement actions under the GDPR resulting in fines ranging from thousands to millions of Euros.
Finally, the GDPR has become the model that other countries are using to pass their own privacy laws. For example, the California Consumer Privacy Act of 2018 (the “CCPA”) borrows heavily from the GDPR. Forward-thinking GDPR Law Firms and privacy attorneys will help you set up a privacy governance framework built around the GDPR principles so that you are in a better position to apply with these various laws around the world with lower incremental costs.