Garrigues is the leading provider of legal advice in the three main growth areas of the digital economy: technology-based businesses for the processing of personal and non-personal data, data protection and cybersecurity.
Our services
Data economy
The data economy is based on the understanding of data as an economic asset. This business sector uses a series of different digital technologies that are linked by the use of communication networks such as the internet, generating and sharing data as a commodity and connecting people and things. At Garrigues we have advised, since the early days of the internet, on projects such as the creation of transactional websites, the development of advanced digital environments and the establishment of complex e-commerce structures.
With the influx of new digital environments using distributed ledger technologies, we also advise on blockchain projects and their applications in different areas of the economy, such as the financial sector, insurance, retail and healthcare. We also advise on the legal side of businesses that aim to maximize the value of data using technologies such as artificial intelligence or the internet of things. Our clients range from large technology multinationals to the most innovative startups, taking in the entire current economic infrastructure, on the inexorable road to digital transformation.
- Advice on joint ventures to maximize data value.
- Development and implementation of e-commerce platforms, online marketplaces and digital services.
- Legal analysis of innovative blockchain, AI and IoT projects.
Privacy
Privacy is based on the understanding of data as a fundamental right and covers the regulatory aspects of data protection. Garrigues professionals are recognized at the highest level by clients and international legal directories as longstanding experts with extensive technical knowledge applied to the world of business.
To give an example of the scope of our work in the sector, we have participated in the passage through parliament of the Spanish Law on Data Protection and the Safeguard of Digital Rights at the invitation of the Justice Committee of the Lower House of the Spanish Parliament, and we are present in the main forums for analysis and research of Spanish, European and international law.
The Garrigues privacy group provides coordinated services in all countries in which we operate, enabling us to advise and assist in major multijurisdictional projects.
To complete our service offering, we advise on penalty proceedings brought by supervisory authorities and on judicial proceedings at all levels and courts. We assist all manner of businesses, from complex corporate groups to individual companies.
- Projects for adaptation to privacy legislation in different jurisdictions (GDPR, LOPD-GDD, etc.).
- Specific projects to ensure compliance in areas such as international transfers, privacy impact assessments, etc.
- Data protection audits.
- Penalty proceedings, court proceedings in relation to ownership of data or liability deriving from data processing.
Cybersecurity
At Garrigues we have extensive experience in advising companies from all sectors, not only on how to prevent cyber attacks but also through our cyber incident rapid response team. We have in-depth knowledge of cybersecurity legislation and the mechanisms that need to be activated when a cyber attack occurs, particularly with respect to the required notifications and communications to be made to different public supervisory authorities, insurance companies and contractual counterparties.
We have advised on some of the largest cybersecurity incidents in Spain in recent years, helping targeted businesses manage the situation so as to mitigate the risks and harmful consequences as much as possible.
In Latin America, we have particular experience in prevention strategies and can advise on complex cyber incidents.
- Preventive advisory services: organization of cybersecurity committees, advice on information assurance strategies.
- Cyber incident rapid response services: action to be taken, analysis of potential regulatory or contractual notification requirements.
Global head
Other Garrigues services
Publications
When is there a right - and when not - to receive compensation for damages due to an infringement of data protection legislation according to the CJEU?
The breach of data protection legislation can lead not just to penalties from the competent authorities, but also to the obligation to compensate the data subjects for the damages sustained. The Court of Justice of the European Union (CJEU) has…
Data Economy, Privacy and Cybersecurity Newsletter - October 2024
In this newsletter, we bring you the latest updates on data protection, privacy and cybersecurity. We cover the most recent rulings from relevant authorities and agencies, key court decisions, and the most important news in this field.
The regulatory and supervisory labyrinth in the digital agenda for Europe: rationalization proposals
The publication of the Artificial Intelligence Act has brought a complex regulatory framework for overseeing the use of AI, with surveillance and supervisory authorities that overlap and co-exist with others in the digital economy. In its quest for…
China Legal Newsletter - October 2024
This newsletter highlights key recent developments in China’s laws and regulations. Specifically, it focuses on the laws and regulations related to foreign investment, market access, foreign debt administration, data economy, privacy and…