Privacy and Data Protection

Privacy and Data Protection

Personal data powers the information economy. It is a valuable asset and resource for our clients, upon which they rely for their growth and development, offering optimized services and products to their users and customers and building long term relations.

However, collection and usage of personal data must be done in compliance with the relevant worldwide laws and regulations, such as the Israeli Privacy Protection Regulations (Data Security) and the European GDPR (General Data Protection Regulation), both came into force in May 2018 and the American COPPA (Children Online Privacy Protection Act), HIPAA (Health Insurance Portability and Accountability Act) and many others (as well as related rules).

Our attorneys advise clients (start-ups, businesses, local companies, multinational public corporations, institutions etc') on the scope and requirements of privacy and data protection laws in various jurisdictions worldwide, and assist them to achieve compliance, adjust their technologies and manner of operation to limit their risks and achieve the optimized balance between business goals and regulatory requirements.

Our service include:

· Legal advice, opinions and guidance on the subject matter (such as lawfulness of processing and applicability and scope of specific requirements)

· Documented gap analysis, DPIA (Data Protection Impact Assessment) and PPIA (Privacy Protection Impact Assessment)

· Preparation of codes, policies, rules, and commercial agreements related to data and privacy protection (such as DPA – Data Processing Agreement)

· Employee, staff and suppliers training

· Assistance in handling incident response and breach notifications

· Assistance in the process of data base registration and transfer

· Managing relationships with regulators

· Data and privacy protection regulatory updates

· DaaS - DPO (Data Protection Officer) as a Service, in accordance with Article 37 of the GDPR. A cost-effective, professional and convenient solution for organizations which are obligated to appoint a DPO and to those which elect to do so due to the general requirement to have sufficient staff and skills to meet their obligations under the GDPR.