Skip to Main Content
Our Commitment to Diversity


Data Protection, Privacy, and Security

Advised Klausner Holding, one of the leading global players in the lumber industry, regarding GDPR-compliance within the group, particularly on data transfers between Europe and the United States.

Assisted a US-based international systems integrator and developer of PC security software, with offices in the United States and the European Union with the implementation of cryptographic services under French law and the notifications of cryptographic services to the French ANSSI.

Assisted a US-based private investment group in an M&A transaction and coordinated global GDPR due diligence operations for Buyer including advising on remediation steps and assisting in drafting and negotiation of the relevant representations and warranties, for acquired company's personnel located in Germany, the Netherlands and Czech Republic.

Representing a US-based international systems integrator and developer of PC security and anti-malware software products and services, in its proceedings against a competitor in litigation pertaining to the classification of their software programs as Potentially Unwanted Programs in an attempt to disparage its services.

Assisting an international whistleblowing hotline provider in the deployment of its activities in Europe, notably with regard to GDPR and data protection aspects relating to the management of its HR workforce in France, as well as the implementation of GDPR-compliant data processing agreements and process.

Assisting an international direct online marketing company in addressing an information request from the French Data Protection (CNIL) relating to the company’s use of a tracking pixel in email correspondence with its users.

Assisting an international non-profit organization in the renegotiation of its relationship with an ERP solution integrator further to issues arising in the deployment of the project.

Assisting several French and international clients further to personal data breaches, notably in the assessment of the exposure, the notification to the French Data Protection Authority and the communication with their commercial partners and customers

Assisted a leading French health and cosmetics laboratory with the implementation of a startup acceleration program at Station F, aiming at devising new oncology diagnostic procedure and technology, including drafting and negotiating the acceleration agreement with the selected startup (cross IP licensing and assignment, ownership of project-related data in a post-GDPR environment), as well as drafting and negotiating the terms of the partnership with the corporate sponsors that would be hosting the startups.

Assisting a French start-up which developed a solution to secure the protection of personal data when using services offered by third parties, notably for advertising purposes, in the support of the demonstration before the French Data Protection that such solution may considered as "anonymous" processing, under GDPR and its exchange with the French Data Protection Authority.  

Assisted the world largest startup accelerator in implementing its activities in the Middle East and the UAE area.

Assisted several players of the connected automotive industry, including a car leasing company and several startups providing Bluetooth-enabled dongles on the OBD port , in approaching the French Data Protection Authority (“CNIL”) in order to amend the draft compliance package prepared by the French Data Protection Authority.

Assisted a French consulting company specialized in financial investments in the implementation of a securitization program of student housing receivables, and notably GDPR compliance issues relating to the transfer of the personal data included in the transferred debts.

We assisted a leading French utilities providers in the implementation of its smartcity data hub for a connected city project in France. 

Assisting a French startup providing certified electronic mail with acknowledgement of receipt services since 2014, with the drafting and negotiating its commercial agreement for the provision services, as well as in connection with the passing of the Digital Republic Act by the French Parliament in the fall of 2016 and its subsequent expected application decree (published on May 12, 2018), adapting the legal documentation for AR24, both for the end-users and corporate partners in view of the entry into force of the GDPR.

Assisted on the data protection implications under the GDPR of a personal data transfer from the client's European entity to its US entity, in view of a potential discovery procedure under the US laws further to an M&A transaction, and implemented the required safeguards to allow such discovery process, notably through the information of current and past employees affected by the process and contractual mechanisms.

Assisted (i) a publicly-owned asset management holding company based in the United States and (ii) several Australian based insurance companies in the assessment of their respective exposures to GDPR and notably technical aspects relating to its territorial applicability. 

Assisting a large spectrum of non-EU clients with their GDPR compliance process, ranging from the complete due diligence of their data flows (“data mapping”) allowing for an exhaustive assessment of their compliance status to date (“gap assessment”), to day-to-day services for the implementation of revised model documentations, both internal (training, education) and contractual (with customers, service providers, end users).

Regularly assisting a leading university in data protection issues in relation with the development of artificial-intelligence solution, notably with regard to retention of personal data, anonymization of personal data and territorial scope of the GDPR.

Advised Fox Networks Group Germany in relation to a data privacy declaration as well as on the revision of its compliance strategy in response to the Schrems decision of the European Court of Justice.

Advised a large private foundation regarding a EU-wide compliance strategy in preparation of the new General Data Protection Regulation (GDPR), particularly on the handling of data transfers between the U.S. headquarters and the branches located in London and Berlin.

Advised BerlinHyp, one of Germany's largest mortgage banks, regarding compliance in preparation of the new GDPR, particularly on the handling of employee data, including employment advice and the review of existing works agreements with data privacy/IT reference.

Advised Cummins, an American Fortune 500 manufacturer of engines, filtration, and power generation products, regarding an EU-wide compliance strategy in preparation of the new GDPR, in particular on the data privacy directives for the European branches as well as on employee data protection.

Advised DKB, a German online bank, regarding the implementation of the new GDPR, particularly on obtaining approval from the bank's private clients.

Advised Megaport Pty. Ltd., one of the world's leading IT service and network providers, regarding German data protection compliance.

Advised Scandlines Deutschland GmbH, a ferry operator, on various data protection matters with regards to the use of customer data for marketing purposes as well as updating the client's intra company agreements and data protection policies for compliance with GDPR.

Advised Telio Communications GmbH, Europe's market leader in prison telephone systems, comprehensively on data protection law, including the development of data protection concepts for each federal state.

Represented a national retailer, in a class action filed in CA alleging violations of the California Invasion of Privacy Act where it was alleged that information and other data was improperly collected from consumers and used without authorization.  The class action was settled on favorable terms for the client.

Return to top of page

Email Disclaimer

We welcome your email, but please understand that if you are not already a client of K&L Gates LLP, we cannot represent you until we confirm that doing so would not create a conflict of interest and is otherwise consistent with the policies of our firm. Accordingly, please do not include any confidential information until we verify that the firm is in a position to represent you and our engagement is confirmed in a letter. Prior to that time, there is no assurance that information you send us will be maintained as confidential. Thank you for your consideration.

Accept Cancel