Data Protection & GDPR
Our Privacy & Data Protection practice is one of the longest-standing ones in Europe and has been awarded top ranking in legal directories. We have been delivering solutions to the most complex privacy challenges and enforcement actions since 1996 and we also regularly work with data protection regulators.
You can download of Data Protection flyer here.
- In the last decade Chambers & Partners legal directory has been naming Javier Fernández-Samaniego (ranked as Star Individual in TMT: IT - Spain, 2020) as a "go-to lawyer for data protection issues" and Paula F. Longoria as "one of the leading experts in data protection and privacy”
- Leaders League: Samaniego Law appears in the 2020 rankings for Spain among the Leading law firms in the categories "Data Protection & Cybersecurity" and "Technology"
- Javier F. Samaniego is winner of Client Choice Awards of 2019 (IT and Internet Law), 2015, 2013, 2011 and 2010 editions.
- Best Lawyers legal directory names Javier F. Samaniego as the Best Lawyer in Spain for Outsourcing (2021), Privacy & Data Protection Law (2019, 2016 and 2014), Technology Law (2017) and Information Technology (2015) and Paula F. Longoria as the Best Lawyer in Spain for Privacy & Data Protection Law in 2016. Besides the directory recognizes Javier and Paula in various categories, including Information Technology Law, Intellectual Property Law, Privacy & Data Protection law, Technology Law, Communications Law and Outsourcing.
- Who´s Who Legal: Samaniego Law is ranked in the Global Guide 2020 in Data: Information Technology and in the National guide Florida 2020 in the category of Data.
- Global Data Review: Samaniego Law is featured in GDR 100 2021, a list that identifies the world’s 100 best law firms specializing in Data. GDR belongs to Law Business Research, a leading provider of quality business information and legal insight.
Javier Fernández-Samaniego is widely recognized as one of the top specialists in the field, described in Chambers Europe guide as a leading (tier 1) IT lawyer in Spain and as “A true data protection expert and one of the best privacy lawyers in Europe.” He was one of the first lawyers to represent a private sector data controller during an inspection and the subsequent enforcement proceedings by the Spanish Data Protection Agency back in 1996. Since then, Javier has advised and represented many local and international companies and is well known for his advocacy practice defending private controllers before the Spanish DPA and relevant appeal Courts and his expertise relating to the International Transfer of Data to third countries, Outsourcing Transactions and Data Protection Review Programs.
Paula Fernández-Longoria has an extensive experience in advising clients in privacy issues in a variety of sectors in projects including international data flows, outsourcing transactions, assistance in investigations and procedures initiated by data protection authorities, contractual issues, and data compliance programs. She is praised for having "a lot of knowledge and a very pragmatic approach." Javier and Paula have worked together for over a decade in various law firms.
Our firm has substantial experience of data protection compliance and audit projects on an international basis, which gives us an in-depth knowledge, excellent understanding of the law and hands-on experience. We specialize in:
- Contentious Data Protection: defense against enforcement action brought by Supervisory Authorities and individual or collective claims
- Data Protection Reviews and Security Audits (including Client Training)
- Transborder data flows
- Whistleblowing reporting systems
- Big Data Projects and marketing partnerships (including loyalty programs)
- Data Protection assessment and other DP advice
- Enforcement actions in Data Protection
We also advice clients on fulfilling their corporate ESG (Environmental, Social and Governance) commitments concerning data protection. This includes:
- (i) identification of potential risks for members of the corporate management bodies in relation to decisions they take in terms of data protection and privacy and design of appropriate privacy and disclosures policies and operating procedures in accordance with the rest of ESG objectives and obligations
- (ii) due diligence and analysis of transactions to identify possible negative impacts at privacy level as well as conduction of evaluations of compliance with established privacy standards
- (iii) advice in the drafting of strategic and technical reports on the company's privacy and data protection mechanisms and implementation of best practices.
Examples of our work include:
- Defense in several administrative sanctions' proceedings initiated by the Spanish Data Protection Authority and challenges and appeals in the relevant Spain Courts
- Complaints before the European Commission against EU Sovereign Sates concerning the incorrect implementation and enforcement of EU Data Protection Law
- Preliminary references in the ECJ
In addition, our team has expertise in the most significant privacy-related issues of recent times: Data breaches and security incidents, BCRs, transatlantic data flows, etc.
With GDPR fully in force now, it is worth highlighting our role as chair of the working group on implementation of GDPR in Spain, hosted by the leading think tank FIDE Foundation, as well as our participation in IAF Legitimate Interest project.
We have assisted clients in:
- GDPR Strategic Planning
- Undertaking Privacy Impact Assessments (PIA)
- Adapting their privacy policies to the new GDPR principles
- Handling Data Breaches notifications
- Defense against enforcement actions and investigations initiated by Supervisory Authorities and against individual and collective compensatory redress actions (Article 82 GDPR).
Cybersecurity and NIS (Networks and Information Security)
Organizations have always taken measures to protect their information systems against internal and external threats. However, we now face an increased number and variety of cyber-attacks, making cybersecurity a vital topic that demands an integrated and robust approach.
We guide our clients through from prevention to planning and response to cyber incidents, offering the following services:
- Advice in relation to Cybersecurity of 5G networks - EU Toolbox of risk mitigating measures.
- Proactive identification of your threat profile and an assessment of your legal obligations and response readiness
- Development of internal policies and procedures and incident-response simulations, together with staff training
- Management of cyberattack by breach notification, external communications, law enforcement interactions and expert identification
- Dealing with industry-specific security and IT risk management obligations, regulatory, reporting and procurement requirements
- Counselling on available cybersecurity solutions and technology
- Assistance to digital service providers, such as online markets, online search engines and cloud computing services, as well as providers of essential services established in Spain in matters related to their obligations to comply with the Spanish NIS (network and information services) regulations (Royal Decree-Law 12/2018 of 7 September 2018 and its implementation regulation Royal Decree 43/2021 of 26 January 2021).
Trade Secret Protection
Any confidential business information which provides an enterprise with a competitive edge may be considered a trade secret. The unauthorized use of this industrial or commercial information is regarded as a violation. We understand the sensitivities involved in trade secret claims and work closely with our Intellectual Property, Employment and Competition colleagues to provide clients with specialist advice on technology-focused trade secrets.
The protectability of trade secrets depends greatly on taking reasonable precautions to maintain their confidentiality.
Our services include:
We also provide workforce training, explaining the nuances of trade secrets and detailing legal principles that employees and executives can both understand and follow. Such sessions are key to protecting the company’s own business, but they also help to reduce the risk of the information being misused by the company’s partners, individuals, or third parties.
Security and Privacy
- Representing a leading European fintech company before Spanish Data Protection Agency and National Court of Appeal on identity thefts and other cybersecurity challenges.
- Providing strategic legal advice to major US company on assessment and redefinition of its data processing operation and GDPR compliance.
- Advising a leading global US-based for-profit corporation and online social media & networking service in relation to European GDPR and enforcement matters.
- Chairing (Javier F. Samaniego) the working group on GDPR implantation in Spain at FIDE Foundation.
- Contributing to the IAF Legitimate Interests and Integrated Risk and Benefits Assessment Project.
- Participation in CPR’s Working Group on Cybersecurity in Arbitration.