DATA PRIVACY AND PROTECTION

Data is the most valuable but vulnerable business asset. Enterprises are constantly evolving strategies to protect its own data and also the third-party data that it possesses. Data privacy cannot exist without keeping data secure. Adequate security measures are necessary to protect the authenticity, confidentiality and integrity of information. Measures designed to provide data security are generally grouped in three categories: physical security measures, administrative security measures, and technical security measures.

Information privacy involves the establishment of rules that govern the collection, use and handling of personal data. We help companies navigate the often-complex requirements of privacy and data security laws. We ensure full coverage for our clients on data protection and privacy right matters.


Our broad area of service includes:

•    Advise on Setting up of Internal Policies.
•    Advise on Incident Response Planning and Execution.
•    Assistance in Guidance and Formation around Data Compliance Officers (DPOs).
•    Assistance in General Data Protection Regulations (GDPR) Advisory.
•    Contractual Assessment and Strategies.
•    Drafting and Review of International Data Transfer Contracts.
•    Designing and Structuring of Internal Compliance Programs (based on the regulatory or commercial requirements).
•    Privacy compliance assessment including GAP analysis on data protection and privacy rights. 
•    Policy Development and Enforcement
•    Organising Training and Compliance Awareness Programs.
•    data transfer procedures,
•    privacy policies

The Personal Data Control and Compliance services include:

•    assistance in complying with the basic personal data requirements,
•    maintaining records
•    data processing agreements
•    Records of processing activities
•    Compliance with the duty of disclosure to data subjects
•    Data processing agreements with third parties of relevance
•    Security of processing
•    Internal guidelines regarding erasure 
•    email encryption
•    information letters to employees and job applicants, 
•    privacy policies on websites 
•    email policies
•    IT security policies
•    consent forms
•    personal data control 
•    GDPR review 
•    personal data protection declaration
•    ensuring continuous control of compliance with the data protection rules.


Specific data privacy and cybersecurity services we provide for our clients include:

•    Binding Corporate Rules (BCR) and APEC Cross-Border Privacy Rules System
•    Cross-border data transfer (both intra-group and with third parties)
•    Privacy and cybersecurity policies
•    Privacy and cybersecurity audits
•    Data security breach preparedness and response
•    Privacy-related claims and disputes
•    Privacy statements for online activities
•    Employee privacy
•    Financial privacy
•    Healthcare privacy
•    Marketing policies
•    Privacy and cybersecurity aspects of cloud computing and other sourcing arrangements
•    Data processing and data transfer agreements
•    Privacy aspects of investigations and e-discovery
•    Online and brick-and-mortar privacy and security policies for collecting, handling and protecting sensitive data
•    Enterprise data retention and destruction policies
•    Internal corporate employee policies for handling and use of confidential company or customer information
•    Guidelines and advice regarding protection of competitively sensitive corporate information (e.g., trade secrets, copyrights, proprietary and confidential data, customer information, records data and product/pricing information)