Cybersecurity and


Data Protection & GDPR

Our Privacy & Data Protection practice is one of the longest-standing ones in Europe and has been awarded top ranking in legal directories. We have provided privacy advice to a large number of clients since 1996 and we also regularly work with data protection regulators.

Javier Fernández-Samaniego is widely recognized as one of the top specialists in the field, described in Chambers Europe guide as a leading (tier 1) IT lawyer in Spain and as “A true data protection expert and one of the best privacy lawyers in Europe.” He was one of the first lawyers to represent a private sector data controller during an inspection and the subsequent enforcement proceedings by the Spanish Data Protection Agency back in 1996. Since then, Javier has advised and represented many local and international companies and is well known for his advocacy practice defending private controllers before the Spanish DPA and relevant appeal Courts and his expertise relating to the International Transfer of Data to third countries, Outsourcing Transactions and Data Protection Review Programs.

Our firm has substantial experience of data protection compliance and audit projects on an international basis, which gives us an in-depth knowledge, excellent understanding of the law and hands-on experience. We specialize in:

  • Contentious Data Protection: defence against enforcement action brought by Supervisory Authorities and individual or collective claims
  • Data Protection Reviews and Security Audits (including Client Training)
  • Transborder data flows
  • Whistleblowing reporting systems
  • Big Data Projects and marketing partnerships (including loyalty programs)
  • Data Protection assessment and other DP advice
  • Enforcement actions in Data Protection

Examples of our work include:

  • Defense in several administrative sanctions proceedings initiated by the Spanish Data Protection Authority and challenges and appeals in the relevant Spain Courts
  • Complaints before the European Commission against EU Sovereign Sates concerning the incorrect implementation and enforcement of EU Data Protection Law
  • Preliminary references in the ECJ

In addition, our team has expertise in the most significant privacy-related issues of recent times: Data breaches and security incidents, BCRs, transatlantic data flows, etc.

With GDPR fully in force now, it is worth highlighting our role as chair of the working group on implementation of GDPR in Spain, hosted by the leading think tank FIDE Foundation, as well as our participation in IAF Legitimate Interest project.

We have assisted clients in:

  • GDPR Strategic Planning
  • Undertaking Privacy Impact Assessments (PIA)
  • Adapting their privacy policies to the new GDPR principles
  • Handling Data Breaches notifications
  • Defense against enforcement actions and investigations initiated by Supervisory Authorities and against individual and collective compensatory redress actions (Article 82 GDPR)

Cybersecurity and NIS (Networks and Information Security)

Organizations have always taken measures to protect their information systems against internal and external threats. However, we now face an increased number and variety of cyber-attacks, making cybersecurity a vital topic that demands an integrated and robust approach.

We guide our clients through from prevention to planning and response to cyber incidents, offering the following services:

  • Proactive identification of your threat profile and an assessment of your legal obligations and response readiness
  • Development of internal policies and procedures and incident-response simulations, together with staff training
  • Management of cyberattack by breach notification, external communications, law enforcement interactions and expert identification
  • Dealing with industry-specific security and IT risk management obligations, regulatory, reporting and procurement requirements
  • Counselling on available cybersecurity solutions and technology

Trade Secret Protection

Any confidential business information which provides an enterprise with a competitive edge may be considered a trade secret. The unauthorized use of this industrial or commercial information is regarded as a violation. We understand the sensitivities involved in trade secret claims and work closely with our Intellectual Property, Employment and Competition colleagues to provide clients with specialist advice on technology-focused trade secrets.

The protectability of trade secrets depends greatly on taking reasonable precautions to maintain their confidentiality.

Our services include:

  • establishing Trade Secrets Review Plans (risk assessments and remedy plans) that are designed to ensure that trade secrets remain secret, and consist of the implementation of comprehensive and sound trade secret protection policies.
  • advice to companies on protecting their trade secrets and on potential disclosures by their business partners or employees
  • advice related to claims arising from restrictive covenants, theft of trade secrets, breach of fiduciary duty and duty of loyalty, misappropriation of trade secrets, non-compete or non-disclosure agreements, etc.
  • handling trade secret litigation cases, on both the prosecution and defense side; we are particularly skilled at deploying resources, reliable methods, and expert witnesses to address damages issues.
  • We also provide workforce training, explaining the nuances of trade secrets and detailing legal principles that employees and executives can both understand and follow. Such sessions are key to protecting the company’s own business, but they also help to reduce the risk of the information being misused by the company’s partners, individuals, or third parties.

    Success Cases

    • Security and Privacy

      - Representing a leading European fintech company before Spanish Data Protection Agency and National Court of Appeal on identity thefts and other cybersecurity challenges.

      - Providing strategic legal advice to major US company on assessment and redefinition of its data processing operation and GDPR compliance.

      - Advising a leading global US-based for-profit corporation and online social media & networking service in relation to European GDPR and enforcement matters.

      - Chairing (Javier F. Samaniego) the working group on GDPR implantation in Spain at FIDE Foundation.

      - Contributing to the IAF Legitimate Interests and Integrated Risk and Benefits Assessment Project.

      - Participation in CPR’s Working Group on Cybersecurity in Arbitration.