Expertise
"The collaborative and practical nature of the advice provided is very impressive".
The Legal 500 2021
With significant reputational issues at stake, data privacy is an increasingly complex and challenging management issue for all businesses, including in light of the GDPR and recent similar initiatives in other jurisdictions, the increasing use of biometrics, the ubiquity of cloud computing and the emphasis on data analytics. Led from our Technology and Innovation practice, our team of data protection and privacy, technology and cyber law specialists provide advice to our wide range of clients, including several of the world’s leading multi-nationals and financial institutions, on data protection and privacy law and in relation to cyber security issues.
A leader in its field, Technology and Innovation Group provides critical legal support during cyber-attacks and data security incidents. We advise on all data breach incident response matters, from the time a vulnerability is identified to the time it is confirmed and beyond. Matheson specialists regularly sit on clients’ incident response teams and guide clients through regulatory reporting to An Garda Síochána, the Data Protection Commission and as required, to other Regulatory Authorities such as the Central Bank. We have significant experience in advising on data subject communications, third party vendor communications and the legal aspects of media communications. Our Group advises on all breach related legal work streams, to include corporate governance and commercial contract notification obligations. Together with the Matheson Commercial Litigation Group, we provide full support in relation to legal remedies such as take down injunctions, to stop the unlawful onward processing of data.
In addition, our specialists advise on the full range of matters, from specific and strategic GDPR and ePrivacy compliance advice, through full compliance reviews, to advising clients on privacy by design
for new products and services, data strategies for marketing, and the implementation of cookie and similar technologies. Addressing data protection issues in structuring contractual frameworks, including in outsourcing and cloud arrangements
and in multi-jurisdictional transactions, as well as guiding clients on ways of implementing compliant cross-border data flows, is a frequent focus of the Group.
Latest Cyber Security Insights and Guides
GDPR and Data Subject Reporting Obligations - Why, When and How?
26/01/2022. In this article, we examine the key issues to bear in mind when carrying out a risk assessment with a view to establishing what notifications, if any, are required in a personal data breach scenario. Read more>
Remote Working: The Risks and Challenges to Businesses
25/01/2022. The publication of this article coincides with the relaxation of Covid-19 restrictions, a gradual return to work and a proposed right to request remote working in certain circumstances. It is widely accepted that hybrid working is part of a new norm in Ireland and beyond. In this article, we consider the data protection issues that arise when working from home. Read more >
Cyber Security and Data Protection Conference 2022 Highlights
Matheson's latest Data Protection, Technology & Cyber Bulletin is now available which features the latest cyber crime trends to watch out for, tips in relation to cyber attacks and social engineering attacks and an update on data protection breach fines and penalties.
Recent Videos
Services
Our core data protection, privacy and cyber security services include:
Advisory, Prevention and Training
- Providing strategic and practical advice to clients dealing with data subject rights, in particular data subject access rights, in both contentious and non-contentious situations, which we manage in conjunction with Matheson’s Digital Services Group.
- Data protection and privacy training for board members and senior management.
- Advising on the implementation, or the review, of data audits, data mapping exercises, compliance processes and policies.
- Providing practical legal guidance in preventing data loss, improving data security, and how to handle a data breach.
- Advising clients concerning consumer protection regulation, utilisation of online and mobile tracking and employee monitoring.
- Global data transfer management (transfer agreements, BCRs, etc.)
Investigations, Cyber Attack or Data Security Incident Planning and Response
- Pre incident response planning assistance, to include a full data protection and privacy audit, the localising and updating of data protection policies in scope and a risk analysis of likely data protection and privacy concerns in the event of a cyber incident.
- Emergency incident response in the event of a data security breach or a cyber attack, including the use of e-discovery and managing investigations.
- On call assistance when a data incident is confirmed and full management of all legal issues from reporting to authorities to arranging take-down injunctions via the Courts.
Supervisory Authority Liaison and Notification
- Advising on data security breaches and interactions with Data Protection Commission, having advised on multiple significant security breach and cyber security incidents, data protection audits and “dawn raids”, investigations, and information and enforcement notices.
- Liaising with supervisory authorities on behalf of clients, for example in the areas of breach notifications, authorisations and DPO appointments.
- Contributing to consultations with government bodies on legislative developments.
Our Team
- Anne-Marie Bohan
- Davinia Brennan
- Michael Byrne
- Niall Collins
- Deirdre Crowley
- Nicola Dunleavy
- Kate McKenna
- Niamh Mulholland
- Rory O'Keeffe
- Ian O'Mara
- Karen Reynolds
- Carlo Salizzo
- Calum Warren
- Susanne McMenamin
Our recent experience in Data Protection and Cyber Security includes:
- Acting as a key strategic advisor to a social media multi-national on data protection compliance, engagements with data protection supervisory authorities, data protection strategy and structuring, board level governance of privacy and data protection issues, privacy aspects of global infrastructure projects and e-commerce regulatory advice.
- Advising a social media multi-national on data protection compliance and associated corporate governance matters, management of contentious data protection matters and consumer complaints, and online consumer protection issues.
- A very large online retailer on a project to roll out mandatory Covid-19 testing in its Irish work force, including working closely with the client on its associated data protection impact assessment.
- Advising a US corporate in connection with a ransomware attack involving the first successful injunction granted by the Irish courts against “persons unknown” in the context of a cyber-attack.
- Supporting and advising a large private healthcare provider through an extremely serious cyber incident involving a ransomware attack on their systems.
- Counselling a professional services oversight body through a number of complex and technical data protection issues.
- Advising a non-traditional financial services provider in relation to data protection matters in the context of the development and delivery of its strategically important mobile and web application.
- Advising a major Irish retailer with international presence on a cyber-incident involving cross- border processing of consumer personal data.
- Advising a publically traded pharmaceutical and chemical manufacturer on data protection matters.
- Providing US headquartered technology company with strategic product counselling advice on cutting edge technology, including undertaking data protection impact assessments.
- Advising a global technology company with advice on privacy related matters including managing the risks associated with privacy and employment litigation.
- Advising a global provider in next-generation digital services and consulting on the Irish aspects of a reportable data breach which occurred in India but impacted a number of data subjects across Europe.
"Practical, focused advice from a team whose broad knowledge across the various legal issues related to data protection and privacy is particularly valuable. The team understand our business very well and the market we operate in. Very responsive and thorough at the same time in urgent, time-sensitive situations."
The Legal 500 2022
"The collaborative and practical nature of the advice provided is very impressive".
The Legal 500 2021
The Legal 500 2021
The Legal 500 2021
"They get our business and know the real pain points for in-house counsel in today’s market. There is no guff, just to-the-point advice".
The Legal 500 2021