Image of Laur Badin

Laur Badin

Counsel

Laur joined A&O Shearman to expand the firm’s Privacy, Cybersecurity, Tech & Digital offering in Spain.
He has experience in advising international organizations, both as outside and in-house counsel, on a wide range of matters including privacy compliance, cybersecurity, cloud computing, e-commerce and e-Privacy, IP licensing and IT contracts, M&A due diligence and integration, AI, autonomous vehicles or e-sports. His core areas of specialization cover cross-border data dynamics including data transfer mechanism and data localization requirements, as well as cyber incident management and response. Laur was recognized by both Chambers&Partners and Legal500 for Data Privacy and Data Protection in Spain in 2018, 2020, 2021 and 2022 when he was ranked as “Associate to Watch”.

Expertise

Experience

Representative matters

  • Assisted a number of clients (both local and international) in the context of the identification, management, coordination, and notification of complex personal cyber incidents / data protection breaches with global implications, including time-sensitive reporting obligations before the relevant data protection (and other competent) authorities worldwide, as well as on mitigation steps, lessons learned and communication strategy.
  • Various companies across a range of sectors on their international data transfer strategy from a multi-jurisdictional perspective, including Schrems II response affecting both intra-group and also client, supplier and partner set-ups, analysis of data flows and the creation of a data transfer compliance framework, performance and update of transfer impact assessments, and also the review and negotiation of data transfer agreements including standard contractual clauses approved globally. 
  • Various companies in relation to emerging data sovereignty and localization legislation and requirements across the globe with a view towards anticipating material impact on the business or flagging high-risk jurisdictions.
  • Various global companies on the design, implementation, and approval of Binding Corporate Rules (BCRs), including ongoing review and interaction with EU Lead Supervisory Authorities and relevant co-reviewers.
  • The review and implementation of DLP, cyber-defence and other monitoring tools, managed services, and other solutions, from the vendor assessment stage and throughout the review and Various Workplace privacy matters, particularly on the analysis and implementation of employee monitoring initiatives and tools, as well as multi-jurisdictional DEI projects. 
  • Coordinated the implementation of global and EU-wide privacy programs.
  • The fulfilment of applicable requirements in the context of the use of cookies and similar technologies and marketing communications on websites, on-device, and in-app.
  • A number of global clients on the review, interpretation, and negotiation of a wide range of multijurisdictional agreements (MSAs, including DPAs and relevant transfer mechanisms) governing IT, software and/or cloud solutions, and preparation of internal guidelines, playbooks, and FAQs for clients, suppliers and partners.
  • Car manufacturers and software developers in relation to regulatory, privacy and cybersecurity aspects of “connected vehicles”, including the collection and subsequent use and sharing of information between various stakeholders engaged as part of a complex multi-tiered ecosystem.
  • A number of clients with regards to their vendor due diligence and management procedures, from both a privacy and cybersecurity perspectives.
  • Various companies on the insourcing/outsourcing of IT services including review and negotiation of agreements covering SaaS/PaaS/IaaS solutions, particularly on IP licensing and data processing and transfer set-ups.
  • The analysis of Privacy, Cybersecurity, and IP/IT aspects in the context of corporate transactions both at the due diligence stage and throughout integration.
  • Financial entities in relation to the the analysis and comparison of data protection and bank secrecy issues at an intra-group level with a focus on international data transfer mechanisms and potential issues affecting information sharing initiatives between the EU and LatAm.

Speaking Engagements

  • Guest Spoker, Privacy & Tech particularities in M&A transactions at IE University, February 2024

Leadership Positions And Professional Affiliations

  • Member, Spanish Association of Privacy Professionals (APEP)

Recognition

'Associate to Watch' for TMT: Data Protection in Spain
Chambers&Partners, 2022
'Recommended Lawyer' for Data Privacy and Data Protection in Spain
Legal500, 2021

Qualifications

Admissions

Registered Practising Lawyer, Illustrious Bar Association of Madrid (ICAM)

Languages

English, Rumanian, Spanish
Disclaimer
A&O Shearman was formed on May 1, 2024 by the combination of Shearman & Sterling LLP and Allen & Overy LLP and their respective affiliates (the legacy firms). Any matters referred to above may include matters undertaken by one or more of the legacy firms rather than A&O Shearman.