Data Protection & Privacy

As the world continues to move into digitisation, online social media and online transactions especially in the post COVID-19 era, the use of personal data will become more and more prevalent in the online space. As businesses leverage on online platforms, they will collect, handle and process their customers’ personal data one way or another. The growing commoditisation of data has led to serious breaches of privacy.

In tandem with the growing demand for and expectations on businesses and organisations to protect their customers’ personal data, many countries have enacted comprehensive laws for the protection of personal data and privacy. Undoubtedly, we think the European Commission’s enactment of the General Data Protection Regulation in 2016 is a strong signal that personal data is sacrosanct and businesses must take adequate measures to protect individuals’ personal data. The GDPR’s extra-territorial reach means that businesses and organisations outside of the European Area (EEA) may nevertheless be required to comply with the GDPR directly or indirectly in a sense when they do business with a business within the EU.

Due to the GDPR’s extra-territorial application and the significant fines for non-compliance, it is imperative that businesses review their operations and seek legal advice as to whether the GDPR applies to them, or what they have to do in order to assist their customers, contractors or suppliers within the EU, comply with their obligations and also what the businesses have to do to be GDPR-compliant or to implement their internal data protection practices and procedures to the standards of the GDPR.

 With the increased regulatory scrutiny on businesses and their handling of personal data, understanding data protection laws and ensuring your business practices are compliant with the laws are more than ever more important. 

Our broad experience allows us to guide our clients through complex data protection laws. 

We can advise in relation to:

  1. Data protection policies;
  2. GDPR compliance;
  3. Advising on whether the GDPR applies to your business
  4. How to ensure compliance with the GDPR and adopting of best data protection practices
  5. International data transfers;
  6. Data security and breach response plans;
  7. Drafting of data protection (internal) policies
  8. Drafting of privacy notices intended for the public and your customers
  9. Advising on practical ways on the collection, handling, processing and ensuring the security of your customers’ personal data
  10. Preparing of data processing agreements with your counterparties in the EU