In Europe, data protection rights are fundamental human rights regulated by a comprehensive legal framework. The specific requirements of European data protection law can be challenging for organizations, especially because of variations in local laws across EU Member States. Organizations seeking to comply with European data protection requirements need thoughtful, yet pragmatic, advice that is informed by deep knowledge of local law requirements. Our European data protection lawyers have extensive experience organizing, managing and coordinating compliance projects with both national and international dimensions, allowing our clients to efficiently manage their multijurisdictional needs.

Our European data protection and privacy practice extends beyond legal advice to integrated consulting on corporate privacy risk management, as well as legislative and strategic policy advice, and business consulting on corporate information policy and legal compliance. 

We provide counsel on a wide range of areas, including:

  • Advising on and assisting with data breach notification requirements, including mitigating and managing the risks arising from data breaches and the management of reputation;
  • Creating strategies for international data transfers, including Binding Corporate Rules ("BCRs"), model clauses and the EU-US Privacy Shield;
  • Advising on the compliance issues raised by cloud-based data processing services;
  • Addressing challenges raised by social networking services and related technologies, for both providers and corporate users;
  • Advising on the use of cookies and the compliance challenges posed by the amended e-Privacy Directive;
  • Complying with e-discovery requests on a pan-EU basis;
  • Advising on the cross-border implementation of employee monitoring and whistle-blowing schemes;
  • Addressing data protection issues in the context of outsourced arrangements, particularly concerning global HR databases;
  • Developing tailored compliance tools and procedures (such as privacy impact assessments, checklists, notice and consent forms, data transfer and processing agreements, sample security procedures, complaint handling and dispute resolution procedures and employee training materials) for clients; and
  • Working with senior management to develop comprehensive information governance strategies that assist in managing risk and encouraging innovation.

Lawyers in our Brussels and London offices are fluent in many European languages, and they have studied law or been admitted to practice in several jurisdictions, including Belgium, France, Germany, Greece and the UK. Our European lawyers are often assisted on projects by our privacy lawyers in our Asian and US offices.

We have established a network of specialized privacy and data protection lawyers in Europe and beyond, with whom we often work on projects. This approach allows us to call on the services of highly knowledgeable privacy law specialists from all over the world, while coordinating the work so that our clients deal with only a single point of contact. Our "one-stop shop" approach allows us to promote efficiency, and thus value, to our clients.

Our clients are based in jurisdictions across the globe. They represent numerous sectors including advertising, consumer goods, financial services, information technology, manufacturing, new media, pharmaceuticals, medical devices, publishing, retail, software and many others.

Augmenting our core data protection and privacy practice is the Centre for Information Policy Leadership, a privacy think tank associated with the law firm. The Centre provides strategic consulting services and helps clients develop global privacy and data security strategies for today’s digital economy. It also provides clients with a forum for developing privacy solutions and brings together companies, consumer leaders and senior policy makers to develop next-generation privacy principles to facilitate global, digital information flows. In partnership with the University of Indiana, the Centre has recently launched a research institute to lead innovative research projects into emerging privacy issues.

Legislative and Policy Practice

Our data protection lawyers maintain strong relationships with officials at the European Commission, national data protection authorities, the Article 29 Working Party and the European Data Protection Supervisor. Our team is closely involved in helping organizations implement the new requirements of the EU GDPR. Our data protection lawyers also frequently work with international organizations such as the Council of Europe and the OECD.


  • We have assisted clients on a wide range of data protection and privacy compliance matters across Europe. Some recent projects we have worked on include:

    • Advising a global financial institution on global privacy compliance, including advising the most senior executives on the group’s information governance structure.
    • Advising a FORTUNE 500® company on a significant EU data protection law compliance project at a pan-European level involving 27 European Member States. We have assisted the company on the launch of multiple information products in jurisdictions throughout the world, as well as Internet-related projects. 
    • Advising a U.S. company on the outsourcing of certain European data processing activities to cloud computing service providers.  
    • Assisting a major French company concerning implementation of a strategy for its global data transfers, including BCRs. We advised in detail on the entire BCR process, including drafting BCRs and associated documents.
    • Advising a FORTUNE 500 company on various global data protection compliance initiatives, including the company’s framework for cross-border transfer of personal data. 
    • Advising numerous clients in various sectors on membership in the U.S. Safe Harbor scheme, including drafting the necessary documentation, helping the clients implement the Safe Harbor principles in their businesses and, when necessary, discussing membership with the relevant regulatory authorities in the U.S. and Europe.
    • Assisting a FORTUNE 500 retailer on a range of global privacy compliance projects, including data protection issues in connection with the launch of the company’s retail operations in Southeast Asia. We also assist the company on Internet-related projects, as well as offline privacy issues.
    • Representing a health care company before the UK data protection authority (ICO) on the development and implementation of BCRs. 
    • Advising an association on various data protection issues related to online copyright enforcement and, in particular, on its strategy for global data protection compliance. 
    • Advising a large multinational corporation on its international data transfer strategy, including BCRs. 
    • Advising a social network provider on its data protection compliance strategy for Europe. 
    • Advising a major Belgian retailer with respect to its strategy for implementation of a whistle-blowing hotline in several European countries.
    • Advising one of the world’s leading manufacturers and marketers of cosmetic products in connection with their online privacy policy, terms and conditions, and use of online marketing technologies across Europe.