Data protection and privacy

Privacy, the protection of personal data, confidentiality and security are major points of focus and concern for your business, especially since the entry into force of the EU General Data Protection Regulation (GDPR), which has increased the level of obligations in these areas and has ushered in higher standards about how data protection should be managed.

What are your challenges

  • Navigating complex GDPR requirements and aligning your internal processes with ever-evolving regulatory expectations as well as new case law and guidelines.
  • Balancing business objectives with legal requirements to foster innovation while respecting privacy obligations.
  • Managing and documenting consent in line with regulatory standards while providing transparent, user-friendly mechanisms for data subjects.
  • Implementing effective data breach response strategies to reduce operational disruptions and legal liability.
  • Maintaining robust compliance frameworks to prevent reputational damage and costly fines in case of non-compliance.
  • Ensuring data security and confidentiality across diverse IT environments and global data flows.

How we can assist you

Scope of assistance

Our Technologies & IP team can provide legal advice and assistance for each step of your compliance project, from helping you understand and stay updated on your legal obligations, to assessing your current compliance level, and ultimately designing and implementing practical solutions tailored to your needs and budget.

If you lack an in-house resource, we can also act as your external Data Protection Officer (DPO).

Our services include:

  • Tailored legal advice for data controllers and processors, covering all GDPR requirements
  • Mapping and reviewing personal data flows and transfers to identify gaps and propose pragmatic solutions
  • Developing and implementing an action plan (drafting policies, contracts, procedures, DPIAs, data processing registers, etc)
  • Setting up incident response procedures and managing breach notification requirements
  • Handling data subjects’ requests (complaints, data access or erasure requests, etc)
  • Addressing HR-related privacy issues (workplace monitoring, mailbox access, on/off-boarding, etc)
  • Drafting or reviewing robust contractual terms with vendors, partners, users and/or clients to ensure compliance
  • Representing you in interactions with (data protection) authorities, in particular the CNPD (consultations, audits, enforcement, litigation)
  • Supporting your in-house DPO or acting as your external DPO to oversee ongoing compliance and provide operational advice

Discover more about DPO as a service

Our GDPR compliance offer

Our Technologies & IP team has developed a comprehensive GDPR compliance offer and provides practical and pragmatic tailor-made advice which include:

  • Training and awareness workshops (for HR, management, DPO, etc)
  • Readiness assessments and data mapping
  • Record of processing activities
  • Information notices to data subjects and internal policies (privacy policy, IT charter, data retention policy, privacy by design policy)
  • Data subject requests policy
  • GDPR helpline to assist in case of urgent questions (data subject request or complaint, regulatory request, data breach, etc)
  • Data breach notification process
  • Data protection impact assessments
  • DPO as a service and/or support to you existing DPO and/or legal team
  • Transfers of personal data
  • Third-party management (drafting and negotiating of contractual provisions) and check lists for service provider onboarding
  • Data processing and joint-Controller agreements
  • HR-related data protection (drafting or review of employee handbooks, code of conducts, on/offboarding processes, etc)
  • Crisis simulation exercises (simulation of data breach, client complaint or request, etc)

PwC Legal is ranked in the practice both in Chambers and Partners Europe (Band 3) and The Legal 500 (Band 2).

Europe 2024
Top Tier Firm 2024

"Audrey Rustichelli's skills and commercial vision, as well as her ability to read cross-cutting issues and solve them, are rare and extremely appreciated. For us, it remains an essential part of our special relationship with the firm."

Chambers & Partners

Contact us

Audrey Rustichelli

Deputy Managing Partner, Avocat à la Cour au Barreau de Luxembourg, PwC Legal

Tel: +352 26 48 42 35 98

Follow us