Data protection and privacy

Privacy, the protection of personal data, confidentiality and security are major points of focus and concern for your business, especially since the entry into force of the EU General Data Protection Regulation (GDPR), which has increased the level of obligations in these areas and has ushered in higher standards about how data protection should be managed.

What are your challenges

  • Assistance to ensure you are on the pathway to reaching and maintaining a correct level of compliance with GDPR;
  • Comprehensive knowledge of the applicable legal framework, guidelines, trends and challenges;
  • Close contact with the local (data protection) authorities;
  • Legal expertise in implementing essential tailor-made policies, procedures, contracts and processes; and
  • A committed, pragmatic and responsive team.

How we can assist you

Scope of assistance

Our Technologies & IP team can provide legal advice and assistance for each step of your compliance project, from assisting you in understanding the scope of your obligations, to identifying your position in terms of compliance, and to ultimately designing and implementing solutions and processes with you.
  • Detailed and practical legal advice regarding your legal obligations as a data controller or data processor;
  • Mapping and review of your personal data flows and data protection processes or GDPR readiness assessments to analyse your current state of compliance, identify main gaps and recommend practical solutions;
  • Assistance to help you define internal governance and create a GDPR taskforce;
  • Designing a timeline in order to implement necessary measures and changes;
  • Assistance with the implementation of the roadmap by drafting the necessary policies, contracts and procedures, providing training sessions, performing data protection impact assessments, creating the data processing register, etc.;
  • Developing a strategy for the transfer of personal data intra-group and to third parties, with sufficient legal safeguards and assistance regarding the preparation of any necessary contractual elements and formalities;
  • Assistance with the implementation and testing of incident response procedures for data  breach notification requirements;
  • Assistance with HR challenges related to GDPR and privacy laws (monitoring at the workplace, access to employees' mailbox, management process of employees on-boarding and departure, etc.);
  • Assistance  in managing data subjects' requests and complaints;
  • Reviewing or drafting the necessary contractual documentations with your vendors and business partners from a privacy and data protection perspective to  ensure they include mandatory and protective data processing provisions;
  • Assistance in the course of any interaction/meeting/representation with/before Luxembourg (data protection) authorities in the context of consultations, audits, enforcement actions, litigation; and
  • Providing support to the Data Protection Officer (DPO) in reviewing compliance and providing advice on technical issues.

Our GDPR compliance offer

Our Technologies & IP team has developed a specific GDPR compliance offer and provides practical and pragmatic tailor-made advice which can include:
  • GDPR training and awareness workshops (for HR, management, DPO, etc.).
  • GDPR readiness assessments and mapping of data processing activities.
  • GDPR implementation roadmap with step-by-step actions and recommendations.
  • GDPR register of processing activities and other accountability instruments.
  • GDPR notices to data subjects and internal policies (IT charter, data retention and deletion policy, privacy by design policy).
  • GDPR internal procedures for the management of data subjects' requests/complaints.
  • GDPR helpline to assist in case of a data subject's request.
  • GDPR internal procedure for data breach notification process.
  • GDPR data protection impact assessments.
  • GDPR DPO support.
  • GDPR management of transfers of personal data
  • GDPR management of third party data processors (drafting and negotiating of the necessary contractual documentation) and drafting of internal procedures and check lists for service provider on boarding.
  • GDPR Joint-Controller Arrangements.
  • GDPR HR management (review of employee handbooks and code of conducts, management of employees'on boarding and departure process, etc.).
  • GDPR post implementation tests.
  • GDPR crash courses.

PwC Legal is ranked in the practice both in Chambers and Partners Europe (Band 3) and The Legal 500 (Band 2).

"They are extremely knowledgeable in relation to data protection, IT agreements and any element regarding digitalization."

The Legal 500

Contact us

Audrey Rustichelli

Deputy Managing Partner, Avocat à la Cour au Barreau de Luxembourg, PwC Legal

Tel: +352 26 48 42 35 98

Follow us