Service Overview
In the current digital economy, data is the new currency. The overarching potential of data and its crucial role as a corporate asset cannot be emphasized enough. This is especially important for service providers because “big data” has changed targeted delivery of goods and services through its development, trading, and application. There is a clear expectation that crucial data would be accessible 24 hours a day, 7 days a week, 365 days a year. This necessitates the development of a strong data privacy and protection strategy.
Data privacy is crucial for businesses across a range of industries, including e-commerce firms, social media platforms, and IT outsourcing units. It could also have a significant negative impact on other industries such as the hotel and hospitality, insurance, B2C sales, telecom, the life sciences, etc. In addition, when gathering and maintaining KYC and other information from such investors, even the entities that seek investment from offshore individual investors need to be aware of the data protection standards.
Several questions beg consideration though: who does this data belong to? Who can access it? What are the limits, if any, on the exploitation of this data? As in all things in technology, the law is playing catch up. This position is further complicated by several governments demanding and seeking access to data from its citizens and corporates. On the other hand, what are the limits to privacy? Can data be demanded for the availing of basic services, travel or even government benefits? Does national security override all concerns of privacy?
The Data Protection and Privacy team at Spiritus Legal intends to help its customers navigate this complex and developing paradigm with the assistance of a team that has been closely monitoring advancements in this field.
Service Highlights
Advisory Services
- Implementation of a strategic plan for data protection program based on the industry.
- Transfer of data in cross-border mergers and acquisitions.
- Data breach scenarios and other data security concerns.
- Consumer rights and consumer protection regime.
- Issues surrounding treatment of employee data.
Audit
- Reviewing the existing privacy policies and procedures to identify possible compliance gaps; streamlining these with applicable legal requirements.
- Data localisation for cross-jurisdiction compliance.
Regulatory Support
- Responding to potential allegations of non-compliance from regulatory authorities.
- Data disclosure requests from investigation agencies.
- Making representations to regulatory authorities to bring forward the views of the stakeholders.
Contentious Matters and Litigation Support
- Complaints from users regarding data and security breaches.
- Objections raised and challenges to the privacy or security policies implemented.
- Data security and legal compliance investigations.