Data & Cybersecurity

Sources note the team's emphasis on providing advice in a clear and digestible format: 'We get simple and practical documents from the firm, which is useful'.
Chambers Europe, 2021


Issues relating to the processing and protection of personal data are of fast-growing importance worldwide. Clients value our deep knowledge of data-related regulations and ability to offer pragmatic solutions. Our experience includes complex multijurisdictional data protection projects, comprehensive privacy risk assessments, support in negotiations, privacy by design advice, data analytics for start-ups, data breach response support and other security issues.

Kinstellar’s dedicated team of lawyers are experts in data-related legislation and are respected high-profile practitioners in their jurisdictions. We maintain regular contact with data protection authorities to monitor developments across Europe, Asia and the US and work closely with reputable data protection organisations (such as the IAPP).

Clients include life sciences companies, banks, insurance companies, retailers, traders, manufacturers, as well as marketing agencies and intermediaries.

Our work includes:

  • structuring complex projects, including project management and coordination with other advisors
  • cross-border transfers of data, drafting the required documentation, and support in obtaining approvals by the authorities
  • day-to-day support for in-house privacy teams, e.g., handling data subject requests, data processing agreements (DPAs), legitimate interest assessments
  • drafting data protection documentation, e.g., compliance programmes, policies, data protection impact assessments (DPIAs), consents, cookie policies
  • data protection audits
  • advice on and drafting data retention policies
  • project support and providing end-to-end privacy by design advice
  • assistance with inspections by the authorities and with data breach response
  • advice on the impact of GDPR outside the EU
  • whistleblowing and employee monitoring
  • data protection litigation and privacy claims


Cybersecurity breaches expose companies to significant threats. In addition to any direct harm caused by such breaches, companies can also face investigations by the authorities, fines, and negative media coverage.

We assist clients with both threat prevention and the necessary steps to take in the event a cybersecurity breach occurs. Our comprehensive advice includes assistance with reporting, external communication, internal investigation (including employment law aspects). We work closely with technical experts, including ethical hackers, investigators, IT providers, asset-tracing specialists and insurers to provide clients with a full package of services.

Our lawyers offer considerable expertise in assisting clients with implementing local and European cybersecurity-based requirements. They also remain in close contact with cyber-watchdog agencies.

Our work includes:

  • structuring cybersecurity projects to ensure compliance with local and international norms (including project management and coordination with other advisors)
  • drafting comprehensive cybersecurity documentation
  • reviews of client data management and data protection practices
  • preparation of documentation for penetration testing
  • negotiating cybersecurity contracts with IT, hardware and network providers
  • advice and support when considering appropriate organisational and security measures
  • incident documentation and incident reporting, including on-site support and crisis management
  • pre-litigation and litigation support resulting from security incidents (including insider threats and employee errors)
  • cybersecurity due diligence in M&A transactions
  • cybersecurity audits

Key contacts and News, Deals & Insights for this practice.