Skip to Main Content

REPRESENTATIVE EXPERIENCE

Data Protection, Privacy, and Security

Advised one of the leading global players in the lumber industry regarding GDPR compliance within the group, particularly on data transfers between Europe and the United States.
Assisted a U.S.-based international systems integrator and developer of PC security software with offices in the United States and the European Union with the implementation of cryptographic services under French law and the notifications of cryptographic services to the French ANSSI.

Assisted a US-based private investment group in an M&A transaction.

Represented a U.S.-based international systems integrator and developer of PC security and anti-malware software products and services in its litigation proceedings against a competitor pertaining to the classification of client's software programs as Potentially Unwanted Programs in an attempt to disparage its services.
Assisted an international whistleblowing hotline provider in the deployment of its activities in Europe, notably with regard to GDPR and data protection aspects relating to the management of its HR workforce in France, as well as the implementation of GDPR-compliant data processing agreements and process.
Assisted an international direct online marketing company in addressing an information request from the French Data Protection Authority relating to the company’s use of a tracking pixel in email correspondence with its users.
Assisted an international nonprofit organization in the renegotiation of its relationship with an ERP solution integrator further to issues arising in the deployment of the project.
Assisted several French and international clients further to personal data breaches, notably in the assessment of the exposure, the notification to the French Data Protection Authority, and the communication with their commercial partners and customers.

Assisted a leading French health and cosmetics laboratory with the implementation of a startup acceleration program at Station F in Paris.

Assisted a French start-up which developed a solution to secure the protection of personal data when using services offered by third parties, notably for advertising purposes in its support of a demonstration before and exchange with the French Data Protection that such solution may considered as "anonymous" processing under GDPR.
Assisted one of the world's largest startup accelerators in implementing its activities in the Middle East and the UAE area.
Assisted several players of the connected automotive industry, including a car leasing company and several startups providing Bluetooth-enabled dongles on the OBD port, in approaching the French Data Protection Authority in order to amend the draft compliance package the Authority prepared.
Assisted a French consulting company specializing in financial investments in the implementation of a securitization program of student housing receivables, notably GDPR compliance issues relating to the transfer of the personal data included in the transferred debts.
Assisted a leading French utilities provider in the implementation of its smartcity data hub for a connected city project in France.
Assisted a French startup providing certified electronic mail with acknowledgement of receipt in securing its business models, notably within the framework of drafting and negotiating its commercial agreement for the provision services, as well as in connection with the passing of the Digital Republic bill by the French Parliament.
Advised a U.S.-based investment management firm on the data protection implications under GDPR of a personal data transfer from the client's European entity to its U.S. entity, in view of a potential discovery procedure under the U.S. laws further to an M&A transaction. Implemented the required safeguards to allow such discovery process, notably through the information of current and past employees affected by the process and contractual mechanisms.
Assisted (i) a publicly owned asset management holding company based in the United States and (ii) several Australia-based insurance companies in the assessment of their respective exposures to GDPR and, notably, technical aspects relating to its territorial applicability.
Assisted a large spectrum of non-E.U. clients with their GDPR compliance process, ranging from the complete due diligence of their data flows (“data mapping”) allowing for an exhaustive assessment of their compliance status to date (“gap assessment”) to day-to-day services for the implementation of revised model documentations, both internal (training, education) and contractual (with customers, service providers, end users).
Provided regular assistance to a leading university on data protection issues in relation with the development of an artificial-intelligence solution, notably with regard to retention of personal data, anonymization of personal data, and the territorial scope of  GDPR.
Advised a German pay television channel in relation to a data privacy declaration as well as on the revision of its compliance strategy in response to the Schrems decision of the European Court of Justice.
Advised a large private foundation regarding an E.U.-wide compliance strategy in preparation for GDPR, particularly on the handling of data transfers between client's U.S. headquarters and the branches located in London and Berlin.
Advised one of Germany's largest mortgage banks regarding compliance in preparation for GDPR, particularly on the handling of employee data, including employment advice and the review of existing works agreements with data privacy/IT references.
Advised a large U.S. engine manufacturer regarding an E.U.-wide compliance strategy in preparation for GDPR, particularly the data privacy directives for the European branches, as well as employee data protection.
Advised a German online bank regarding the implementation of GDPR, particularly on obtaining approval from the bank's private clients.
Advised one of the world's leading IT service and network providers regarding German data protection compliance.
Advised a ferry operator on various data protection matters with regards to the use of customer data for marketing purposes, as well as updating the client's intra-company agreements and data protection policies for compliance with GDPR.
Advised a European market leader in prison telephone systems on data protection law, including the development of data protection concepts for each federal state.
Represented a national retailer in a class action filed in California alleging violations of the California Invasion of Privacy Act where it was alleged that information and other data was improperly collected from consumers and used without authorization. The class action was settled on favorable terms for the client.
Return to top of page

Email Disclaimer

We welcome your email, but please understand that if you are not already a client of K&L Gates LLP, we cannot represent you until we confirm that doing so would not create a conflict of interest and is otherwise consistent with the policies of our firm. Accordingly, please do not include any confidential information until we verify that the firm is in a position to represent you and our engagement is confirmed in a letter. Prior to that time, there is no assurance that information you send us will be maintained as confidential. Thank you for your consideration.

Accept Cancel