Information security and data protection is a primary risk in any business. According to a recent report by PWC, over half of Irish companies have experienced at least one data breach during the last 12 months and the incidence of cyber-attacks is rising.
As the first large Irish law firm certified with ISO 27001, ByrneWallace has a unique understanding of the challenges organisations face in relation to data security and cybercrime.
We understand the potentially serious impact a data security breach can have on a business, and we understand the importance of ensuring that the appropriate procedures and control mechanisms are in place to mitigate such threats and safeguard proprietary information.
Our team comprises specialist lawyers skilled at handling all aspects of data protection and we have particular expertise advising on compliance matters, data breaches, data security, international data transfers, data privacy and cyber security, and cloud based commercial contracts.
Our clients include IT companies, banks and financial institutions, public bodies including the health authorities, healthcare providers, and private and public organisations in a variety of sectors, that handle large volumes of personal data.
The law in relation to data protection will change when the new General Data Protection Regulations (“GDPR”) come into force on 25th May 2018. This legislation creates significant responsibilities around how data is processed, controlled and managed, and carries heavy penalties for non-compliance. Click here to read more on GDPR.
We are skilled in all areas of data protection including:
- Advising on lost, stolen or otherwise compromised data
- Disclosure requests and exemptions
- Outsourcing and the use of external data processors
- Dealing with freedom of information requests
- Data protection audits
- Compliance advice for data processors and controllers
- Exporting of data to countries outside of the EEA
- International data transfers (including Model Clauses, Binding Corporate Rules,Privacy Shield etc)
- Data protection registration/notification requirements
- Advice on data access requests and interaction with the Regulator
- Data processing contracts and cloud based commercial contracts
- Data security procedures and policies and data retention obligations
- Cyber security & data privacy
- Advice on investigations, enforcements, prosecutions, prohibition and information notices issued by the Data Protection Commissioner