Laur joined A&O Shearman to expand the firm’s Privacy, Cybersecurity, Tech & Digital offering in Spain.
Expertise
Experience
Representative matters
Assisted a number of clients (both local and international) in the context of the identification, management, coordination, and notification of complex personal cyber incidents / data protection breaches with global implications, including time-sensitive reporting obligations before the relevant data protection (and other competent) authorities worldwide, as well as on mitigation steps, lessons learned and communication strategy.
Various companies across a range of sectors on their international data transfer strategy from a multi-jurisdictional perspective, including Schrems II response affecting both intra-group and also client, supplier and partner set-ups, analysis of data flows and the creation of a data transfer compliance framework, performance and update of transfer impact assessments, and also the review and negotiation of data transfer agreements including standard contractual clauses approved globally.
Various companies in relation to emerging data sovereignty and localization legislation and requirements across the globe with a view towards anticipating material impact on the business or flagging high-risk jurisdictions.
Various global companies on the design, implementation, and approval of Binding Corporate Rules (BCRs), including ongoing review and interaction with EU Lead Supervisory Authorities and relevant co-reviewers.
The review and implementation of DLP, cyber-defence and other monitoring tools, managed services, and other solutions, from the vendor assessment stage and throughout the review and Various Workplace privacy matters, particularly on the analysis and implementation of employee monitoring initiatives and tools, as well as multi-jurisdictional DEI projects.
Coordinated the implementation of global and EU-wide privacy programs.
The fulfilment of applicable requirements in the context of the use of cookies and similar technologies and marketing communications on websites, on-device, and in-app.
A number of global clients on the review, interpretation, and negotiation of a wide range of multijurisdictional agreements (MSAs, including DPAs and relevant transfer mechanisms) governing IT, software and/or cloud solutions, and preparation of internal guidelines, playbooks, and FAQs for clients, suppliers and partners.
Car manufacturers and software developers in relation to regulatory, privacy and cybersecurity aspects of “connected vehicles”, including the collection and subsequent use and sharing of information between various stakeholders engaged as part of a complex multi-tiered ecosystem.
A number of clients with regards to their vendor due diligence and management procedures, from both a privacy and cybersecurity perspectives.
Various companies on the insourcing/outsourcing of IT services including review and negotiation of agreements covering SaaS/PaaS/IaaS solutions, particularly on IP licensing and data processing and transfer set-ups.
The analysis of Privacy, Cybersecurity, and IP/IT aspects in the context of corporate transactions both at the due diligence stage and throughout integration.
Financial entities in relation to the the analysis and comparison of data protection and bank secrecy issues at an intra-group level with a focus on international data transfer mechanisms and potential issues affecting information sharing initiatives between the EU and LatAm.
Speaking Engagements
- Guest Spoker, Privacy & Tech particularities in M&A transactions at IE University, February 2024
Leadership Positions And Professional Affiliations
- Member, Spanish Association of Privacy Professionals (APEP)
Recognition
Qualifications
Admissions
Languages