Cybersecurity and
Privacy
Data Protection & GDPR
Our Privacy & Data Protection practice is one of the longest-standing ones in Europe and has been awarded top ranking in legal directories. We have been delivering solutions to the most complex privacy challenges and enforcement actions since 1996 and we also regularly work with data protection regulators.
You can download of Data Protection flyer here.
Highlights:
- Coordination of Latin Atlantic Tech Law Collaborative at Florida International University
- Participation in the Commission on the Digital Economy at the International Chamber of Commerce (ICC)
- Participation in the working group for the GDPR Legitimate Interests Assessment Project at the Information Accountability Foundation – IAF
- Membership of the FIDE Foundation, a major think-tank in Spain, where Javier F. Samaniego runs the blog 'Metamorphosis' on legal issues connected with innovation and disruptive technology. Javier also chairs the working group on implementation of GDPR in Spain and regularly speaks at FIDE seminars on Digital Economy legal issues such as Big Data, FinTech, Robotics, etc.
- The firm is a member of Google Privacy Chair at San Pablo University CEU (Spain)
- Participation in the European Advisory Board (EAB) of CPR NY, USA and its Working Group on Cybersecurity in Arbitration.
- Participation in the ICCA-IBA Task Force on Data Protection in International Arbitration Proceedings.
Relevant rankings and awards
- Chambers & Partners, Europe Guide, Spain: Samaniego Law is highly ranked as law firm in the Chambers Europe 2023 edition in the TMT: Data Protection and TMT: Information Technology.
In individual rankings 2023 Javier F. Samaniego is ranked as Band 1 lawyer in Data Protection and as Star Individualin TMT: IT (since 2020 and before that he was in Band 1 for TMT: IT for over a decade). - Leaders League: Samaniego Law is ranked in "Data Protection & Cybersecurity - 2022" and "Technology - 2022".
- International Law Office (ILO): Javier F. Samaniego is winner of Client Choice Awards of 2019 (IT and Internet Law), 2015, 2013, 2011 and 2010 editions.
- Global Data Review: Samaniego Law is featured in GDR 100 2022 and 2021, a list that identifies the world’s 100 best law firms specializing in Data.
- Best Lawyers legal directory names Javier F. Samaniego as the Best Lawyer in Spain for Communication Law (2023), Outsourcing (2023, 2021), Privacy & Data Protection Law (2019, 2016 and 2014), Technology Law (2017) and Information Technology (2015).
- Who´s Who Legal (WWL): Javier F. Samaniego is ranked as Global leader in the Global Data Guide 2023 (for IT, Data Security, Data Privacy & Protection).
- Javier F. Samaniego won the Iberian Lawyer Lawyer of the Year: Information Technology award at 2022 IP&TMT Awards.
Javier Fernández-Samaniego offers unparalleled authority over information technology matters. His practice is further complemented by additional strength in dispute resolution, data protection and fintech matters.
"Javier is very experienced. He provides good added value to the project and comfort about the proposed legal solutions."
"He is very experienced and easy to work with."
"Javier avier is just the best. It's that simple."
Chambers Europe 2023, Spain, TMT.
Samaniego Law holds a compact team with broad experience in the IT field. Its areas of expertise include data protection and privacy as well as cybersecurity issues. The team regularly assists with commercial agreements, e-commerce and contentious matters. The law firm boasts a diverse client roster ranging from the ICT services, life sciences and fintech sectors.
"They always deliver a solid and good quality work to us, which proves their technical expertise on the different matters," highlights one interviewee.
Another client remarks the firm's excellent service, adding: "they have a lot of experience, and good communication."
Chambers Europe 2022, Spain, TMT.
Javier Fernández-Samaniego is widely recognized as one of the top specialists in the field, described in Chambers Europe guide as a leading (tier 1) IT lawyer in Spain and as “A true data protection expert and one of the best privacy lawyers in Europe.” He was one of the first lawyers to represent a private sector data controller during an inspection and the subsequent enforcement proceedings by the Spanish Data Protection Agency back in 1996. Since then, Javier has advised and represented many local and international companies and is well known for his advocacy practice defending private controllers before the Spanish DPA and relevant appeal Courts and his expertise relating to the International Transfer of Data to third countries, Outsourcing Transactions and Data Protection Review Programs.
Paula Fernández-Longoria has an extensive experience in advising clients in privacy issues in a variety of sectors in projects including international data flows, outsourcing transactions, assistance in investigations and procedures initiated by data protection authorities, contractual issues, and data compliance programs. She is praised for having "a lot of knowledge and a very pragmatic approach." Javier and Paula have worked together for over a decade in various law firms.
Our firm has substantial experience of data protection compliance and audit projects on an international basis, which gives us an in-depth knowledge, excellent understanding of the law and hands-on experience. We specialize in:
- Contentious Data Protection: defense against enforcement action brought by Supervisory Authorities and individual or collective claims
- Data Protection Reviews and Security Audits (including Client Training)
- Transborder data flows
- Whistleblowing reporting systems
- Big Data Projects and marketing partnerships (including loyalty programs)
- Data Protection assessment and other DP advice
- Enforcement actions in Data Protection
We also advice clients on fulfilling their corporate ESG (Environmental, Social and Governance) commitments concerning data protection. This includes:
- (i) identification of potential risks for members of the corporate management bodies in relation to decisions they take in terms of data protection and privacy and design of appropriate privacy and disclosures policies and operating procedures in accordance with the rest of ESG objectives and obligations
- (ii) due diligence and analysis of transactions to identify possible negative impacts at privacy level as well as conduction of evaluations of compliance with established privacy standards
- (iii) advice in the drafting of strategic and technical reports on the company's privacy and data protection mechanisms and implementation of best practices.
Examples of our work include:
- Defense in several administrative sanctions' proceedings initiated by the Spanish Data Protection Authority and challenges and appeals in the relevant Spain Courts
- Complaints before the European Commission against EU Sovereign Sates concerning the incorrect implementation and enforcement of EU Data Protection Law
- Preliminary references in the ECJ
In addition, our team has expertise in the most significant privacy-related issues of recent times: Data breaches and security incidents, BCRs, transatlantic data flows, etc.
With GDPR fully in force now, it is worth highlighting our role as chair of the working group on implementation of GDPR in Spain, hosted by the leading think tank FIDE Foundation, as well as our participation in IAF Legitimate Interest project.
We have assisted clients in:
- GDPR Strategic Planning
- Undertaking Privacy Impact Assessments (PIA)
- Adapting their privacy policies to the new GDPR principles
- Handling Data Breaches notifications
- Defense against enforcement actions and investigations initiated by Supervisory Authorities and against individual and collective compensatory redress actions (Article 82 GDPR).
Cybersecurity and NIS (Networks and Information Security)
Organizations have always taken measures to protect their information systems against internal and external threats. However, we now face an increased number and variety of cyber-attacks, making cybersecurity a vital topic that demands an integrated and robust approach.
We guide our clients through from prevention to planning and response to cyber incidents, offering the following services:
- Advice in relation to Cybersecurity of 5G networks - EU Toolbox of risk mitigating measures.
- Proactive identification of your threat profile and an assessment of your legal obligations and response readiness
- Development of internal policies and procedures and incident-response simulations, together with staff training
- Management of cyberattack by breach notification, external communications, law enforcement interactions and expert identification
- Dealing with industry-specific security and IT risk management obligations, regulatory, reporting and procurement requirements
- Counselling on available cybersecurity solutions and technology
- Assistance to digital service providers, such as online markets, online search engines and cloud computing services, as well as providers of essential services established in Spain in matters related to their obligations to comply with the Spanish NIS (network and information services) regulations (Royal Decree-Law 12/2018 of 7 September 2018 and its implementation regulation Royal Decree 43/2021 of 26 January 2021).
Trade Secret Protection
Any confidential business information which provides an enterprise with a competitive edge may be considered a trade secret. The unauthorized use of this industrial or commercial information is regarded as a violation. We understand the sensitivities involved in trade secret claims and work closely with our Intellectual Property, Employment and Competition colleagues to provide clients with specialist advice on technology-focused trade secrets.
The protectability of trade secrets depends greatly on taking reasonable precautions to maintain their confidentiality.
Our services include:
We also provide workforce training, explaining the nuances of trade secrets and detailing legal principles that employees and executives can both understand and follow. Such sessions are key to protecting the company’s own business, but they also help to reduce the risk of the information being misused by the company’s partners, individuals, or third parties.