The first step in protecting data is identifying information on systems and evaluating its security. Wood & Lee can perform an initial risk assessment of sensitive data in a company’s network and environment. When necessary, we work with technical advisors to create an efficient process identifying any issues of compliance with industry or statutory requirements. This includes compliance with laws governing the collection, retention and security of such information – such as the GDPR – and any applicable requirements for disclosure of those business practices.

Our lawyers also conduct contract reviews and assist in due diligence of service providers to assess their cybersecurity compliance and ensure appropriate allocation of responsibility for data security and incident response. We take into account the specific needs of the company, as well as industry guidelines and governing law, to develop an individualised plan to satisfy the governing standards.