General Data Protection Regulation (GDPR), Privacy ­& Cybersecurity

Commerce and communications have become increasingly dependent upon computing, apps, big data, the internet of things, machine learning and public and private electronic networks. With these, global businesses must understand and manage the risks and opportunities associated with data systems and data management. A complex web of evolving privacy and data security laws and regulations, including the GDPR, now affects corporate activities and business transactions throughout the world. Wood & Lee lawyers regularly advise the firm’s clients on matters of privacy and data security compliance, GDPR cross-border data flows in transactional and intra-company data flows, security breach responses and investigations, records retention and e-discovery programs, and the protection of proprietary corporate information assets.

About Our Practices

Wood & Lee lawyers have extensive experience working closely with clients to address and reduce their cybersecurity and privacy risks and exposures. These risks affect organisations in every industry, including healthcare, financial institutions, retailers, utilities and manufacturers, among others. Wood & Lee’s Cybersecurity, Privacy and GDPR team offers enterprise-wide cybersecurity and data protection services to its clients. We counsel clients on:

• Keeping information and trade secrets secure
• Privacy, data security and GDPR compliance assessments
• Corporate information security policies
• Data security breach prevention and response programs; breach investigations
• Records retention and records management programs
• Corporate employee policies for computer, IT systems and Internet use
• Global employee and customer privacy compliance programs for multinational businesses
• Cross-border data transfers in global transactions, including Mergers and acquisitions, outsourcing, restructuring and data centre consolidations
• Privacy compliance in direct marketing and integrated advertising programs
• Responding to government requests for corporate data
• Policy advise to sovereign states concerning privacy laws
• Compliance with the expanding array of legal, regulatory and contractual obligations
• Responding quickly and appropriately in the event of a suspected data breach
• Representation of companies before regulatory agencies
• Defending against third-party claims and any litigation

Privacy Audit

The first step in protecting data is identifying information on systems and evaluating their security. Wood & Lee can perform an initial risk assessment of sensitive data in a company’s network and environment. When necessary, we work with technical advisors to create an efficient process identifying any issues of compliance with industry or statutory requirements. This includes compliance with laws governing the collection, retention and security of such information – such as the GDPR – and any applicable requirements for disclosure of those business practices. Our lawyers also conduct contract reviews and assist in due diligence of service providers to assess their cybersecurity compliance and ensure appropriate allocation of responsibility for data security and incident response. We take into account the specific needs of the company, as well as industry guidelines and governing law, to develop an individualised plan to satisfy the governing standards.

Preparing for a Data Breach or Other Cyber Incident

Preparedness is an essential aspect of minimising the costs presented by a data breach and the resulting damage to a company’s reputation and operations. It is also a regulatory and legal requirement in most industries.   We regularly work with companies in developing an incident response plan. We help in training the company and its employees in its implementation, including tabletop exercises and other drills. 

Responding to a Data Breach

In the event of a data breach, your organisation must respond and follow a clearly defined plan. The decisions made immediately following a data breach can significantly impact future outcomes. While every breach has its own unique set of circumstances, our experience enables us to respond quickly and strategically. The Wood & Lee incident response team understands the critical importance of the response and can assist your organisation to quickly take the necessary steps when faced with a cybersecurity incident.

Complying with Regulatory Requirements and the GDPR

This is an era of rapidly expanding regulatory requirements for pre-breach cyber security and post-breach response. Business practices involving the collection and use of consumer information is not exempted as well.   Companies in all industries that sustain a cyber-incident must demonstrate that they have responded to a breach promptly and effectively. This also means that they must follow the applicable regulations and statutes including the GDPR. Additionally, they must also provide evidence of proper conduct in their pre-breach activities. 

Effective Solutions

Our firm understands the costs a cyber-incident can present to your company. We can provide direction to not only protect your data but also your reputation. When you need an effective solution to assist your organisation in preparing for or responding to the threat of a cyber-incident, call on the Wood & Lee cybersecurity, privacy and GDPR team.

Offshore Data Services Vendor Compliance and International Data Management

Increasing globalisation of business requires comprehensive knowledge of the regional directives and local enabling laws. This concerns understanding of data management, transmission outside the host country and disclosure. Procedures and policies in these areas, as well as data protection agreements, can assist clients in navigating the maze of often-conflicting international data protection and preservation norms. 

Electronic Document Management and Litigation Discovery

Our lawyers assist clients in crafting appropriate policies and procedures. These help them to prepare long before lawsuits arise, to quickly and easily comply with litigation discovery orders. We aid our clients to implement search and retrieval and discovery processes, providing a competitive edge in the earliest stages of litigation. With our assistance, they have a detailed understanding of the applicable electronic discovery obligations and can enforce them against opponents. 

Employment and Labour Law

Our lawyers counsel clients as to how to best leverage their own human resources and legal professionals. With our advice, these help them implement practicable policies to manage and secure sensitive employee information. Our advance-planning strategies, policy review services and drafting skills also help clients implement risk management protocols to minimise litigation risks and commensurate costs. 

Identity Theft Protection Laws and Privacy Protection

Our lawyers’ understanding of identity theft and privacy protection laws. We have a watchdog approach to pending legislation means clients should not be caught off guard. Our services ensure clients that confidential data stay secure, and that legal liability remains firmly at a distance. Thus, Wood & Lee can be fully entrusted with policy reviews, drafting, to training trial representations if necessary.