Personal Data & GDPR

Penev LLP's data protection experts have extensive experience of helping clients to comply with the myriad of legislation in this complex area including the General Data Protection Regulation and the EU-U.S. Privacy Shield Framework. We have advised a very broad range of businesses on a wide range of data protection and privacy issues.

Our experience in the field of Personal Data Protection include inter alia:

  • assistance with conducting a data processing audit;
     
  • advice on the lawful bases of processing including reliance upon consent;
     
  • drafting privacy notices to meet the new standards of transparency;
     
  • advice on website policies and cookies notices;
     
  • drafting or reviewing contracts with data processors;
     
  • advise on international transfers, including implementing European Commission Model Contract Clauses;
     
  • advice on the appointment, role and responsibilities of a data protection officer;
     
  • acting as an external data protection officer, etc.;
     
  • representation before the competent local authority.
     

Some highlights of data protection experience include:

  • legal advice to IMS Health Technology (IQVIA) regarding the company’s overall compliance with the new GDPR requirements including assessment of the data processing activities and preparation of the related internal documentation;

  • we advised Veolia, a French transnational company with activities in water management, waste management, transport and energy services, on the employment, data protection (GDPR) and tax implications of the implementation of Employee Share Options Plans;
     
  • legal advice to Mitsubishi on local compliance with data protection legislation and GDPR;
     
  • we acted for the Bulgarian subsidiary of AT&T in the area of employment and data protection by preparing all related documentation including employment contracts, job descriptions, and all statutory required internal regulations and policies;
     
  • legal assistance to the American University in Bulgaria with the preparation of GDPR-related documentation and advice on the legal possibilities for lawful processing of personal data including transfer of data to third countries;
     
  • legal advice to Hoffman-La Roche on the lawful processing of personal data and the legal basis therefor;
     
  • we assisted the Turkish Nobel Pharma with the company’s overall compliance with the new GDPR requirements including assessment of the data processing activities and preparation of the related internal documentation;
     
  • Penev LLP provided advice to CSC (part of DXC) on the lawful processing of personal data and the provision of personal data to non-EU countries. Representation of the company before the Bulgarian Commission for Personal Data Protection. Drafting of contractual clauses and their submission to the Commission for Personal Data Protection;
     
  • we acted for a large local distributor of Miele on various employment and data protection related matters including the overall GDPR compliance of the company;
     
  • advice to Alpha Bank on the protection of personal data of their employees and drafting of internal documentation in this regard;
     
  • legal advice to the Bulgarian Branch of a major corporate bank on the lawful processing of personal data and the transfer of personal data to third countries.