Security and



Our Privacy & DP practice is a long-standing one and has been awarded top ranking in legal directories. We have provided privacy advice to a large number of clients for many years and we also regularly work with data protection regulators.

Javier Fernández-Samaniego is widely recognized as one of the top specialists in the field, described in Chambers Europe guide as a leading (tier 1) IT lawyer in Spain and as “A true data protection expert and one of the best privacy lawyers in Europe.” He was one of the first lawyers to represent a private sector data controller during an inspection and the subsequent proceedings by the Spanish Data Protection Agency when it was first established in Spain. Since then, Javier has advised and represented many local and international companies and is well known for his expertise relating to the International Transfer of Data to third countries, Outsourcing Transactions and Data Protection Review Programs.

Our firm has substantial experience of data protection compliance and audit projects on an international basis, which gives us an in-depth knowledge, excellent understanding of the law and hands-on experience. We specialize in:

  • Data Protection Reviews and Security Audits (including Client Training)
  • Transborder data flows
  • Whistleblowing reporting systems
  • Data mining Projects and marketing partnerships (including loyalty programs)
  • Data Protection projects and other DP advice

Examples of our work include:

  • Defense in several administrative sanctions proceedings initiated by the European Data Protection Authority and challenges and defense arguments in the relevant Courts
  • Complaints before the European Commission against EU Sovereign Sates concerning the incorrect implementation and enforcement of EU Data Protection Law
  • Preliminary references in the ECJ

In addition, our team has expertise in the most significant privacy-related issues of recent times: Data breaches and security incidents, BCRs, transatlantic data flows, etc.

With GDPR implementation looming, it is worth highlighting our role as chair of the working group on implementation of GDPR in Spain, hosted by the leading think tank FIDE Foundation ( ), as well as our participation in IAF’s Legitimate Interest project ( ).

In anticipation of GDPR we have assisted clients in:

  • Undertaking Privacy Impact Assessments (PIA)
  • Adapting their privacy policies to the new GDPR principles

Cyber Security and NIS (Networks and Information Security)

Organizations have always taken measures to protect their information systems against internal and external threats. However, we now face an increased number and variety of cyber-attacks, making cybersecurity a vital topic that demands an integrated and robust approach.

We guide our clients through from prevention to planning and response to cyber incidents, offering the following services:

  • Proactive identification of your threat profile and an assessment of your legal obligations and response readiness
  • Development of internal policies and procedures and incident-response simulations, together with staff training
  • Management of cyberattack by breach notification, external communications, law enforcement interactions and expert identification
  • Dealing with industry-specific security and IT risk management obligations, regulatory, reporting and procurement requirements
  • Counselling on available cybersecurity solutions and technology

Trade Secret Protection

Any confidential business information which provides an enterprise with a competitive edge may be considered a trade secret. The unauthorized use of this industrial or commercial information is regarded as a violation. We understand the sensitivities involved in trade secret claims and work closely with our Intellectual Property, Employment and Competition colleagues to provide clients with specialist advice on technology-focused trade secrets.

The protectability of trade secrets depends greatly on taking reasonable precautions to maintain their confidentiality. Our Trade Secrets Review Plans (risk assessments and remedy plans) are designed to ensure that trade secrets remain secret, and they consist of the implementation of comprehensive and sound trade secret protection policies.

We advise companies on protecting their trade secrets and on potential disclosures by their business partners or employees. We help clients with claims arising from restrictive covenants, theft of trade secrets, breach of fiduciary duty and duty of loyalty, misappropriation of trade secrets, non-compete or non-disclosure agreements, etc. We also handle trade secret litigation cases, on both the prosecution and defense side, and we are particularly skilled at deploying resources, reliable methods, and expert witnesses to address damages issues.

We also provide workforce training, explaining the nuances of trade secrets and detailing legal principles that employees and executives can both understand and follow. Such sessions are key to protecting the company’s own business, but they also help to reduce the risk of the information being misused by the company’s partners, individuals, or third parties.

Success Cases

  • Security and Privacy

    Representing a leading European fintech company before Spanish Data Protection Agency and National Court of Appeal on identity thefts and other cybersecurity challenges.

    Providing strategic legal advice to major US company on assessment and redefinition of its data processing operation and GDPR compliance.

    Advising a leading global US-based for-profit corporation and online social media & networking service in relation to European GDPR and enforcement matters.

    Chairing (Javier F. Samaniego) the working group on GDPR implantation in Spain at FIDE Foundation.

    Contributing to the IAF Legitimate Interests and Integrated Risk and Benefits Assessment Project.