Privacy and Data Protection

There are now data protection laws in more than 120 countries around the world. The General Data Protection Regulation (GDPR) represents the most radical overhaul in data protection legislation in a generation and has had a significant impact all over the world. Data is commonly viewed as one of the most valuable commodities in today’s global digital economy. Protecting those assets is understandably a priority for governments, businesses and individuals alike. The increasing complexity of regulation and the meteoric rise of technology, together with cyber security concerns and international data sharing regimes (such as FATCA and the OECD’s CRS and CbC reporting standards) make the protection and use of data more complex than ever before.

Our global team has cutting-edge expertise in data protection and information security regulation and implementation in our jurisdictions of BVI, Bermuda, Cayman, Guernsey, Hong Kong, Isle of Man, Jersey, Mauritius and Seychelles. They also have practical experience advising clients on pan-jurisdiction data protection matters on a global basis, including the interaction between local legislation and GDPR. We work frequently with local government, regulators and industry bodies to develop responses to the challenges of globalisation and regulation, with a focus on producing effective solutions for clients. Our team sit on various legislative and industry working parties, such that where decisions on strategy and new legislation are being made, we are involved.

Our team routinely offer thoughts and guidance via blogs and briefing notes on the important issues affecting clients and provide bespoke training and support to match their needs. A number of our team also sit on our global Technology and Innovation Group and have contributed jurisdictional chapters to global guides on data protection law.

We offer advice to clients on all aspects of data protection and information management compliance, including:

  • Privacy Policies and Notices
  • Privacy impact assessments (including technology issues)
  • Data collection and capture
  • Marketing and Direct Marketing
  • Cross-border data transfers
  • Data quality management
  • Data retention policies
  • Data Protection Officers
  • Shared service agreements
  • Fund and Managed Company administration agreements
  • Cloud service provider agreements
  • Data processing agreements
  • Supply chain management and outsourcing
  • Issues affecting data centres
  • Data in the insurance and reinsurance industry
  • All aspects of Human Resources data management
  • Data subject access requests
  • Big data and data analytics (including use of profiling and anonymisation/aggregation principles)
  • Digital identity, authentication and biometrics
  • Responding to data requests from foreign authorities, law enforcement agencies and regulators
  • Complaints and enforcement issues
  • Data Breach response procedures
  • Tailored training
  • Cybersecurity