Personal information is an increasingly valuable and risky business asset. As businesses struggle to keep up with the fast-changing data protection laws and face an increasing risk of serious data breaches, ALRUD Law Firm is one of the first Russian leading law firms where a specially designated practice group focused on Data Protection and Cyber Security was formed. ALRUD provides highly sophisticated data management, data security and privacy law advice for those clients that have business in Russia and process personal data of Russian individuals.
Dealing with top law firms our data protection team is capable of handling complex projects covering various jurisdictions and represent interests of our clients all over the world. We advise multinational companies having global processing policies and trying to have uniform documents in different jurisdictions.
Our privacy and data security attorneys include data privacy experts having professional knowledge and experience of advising clients from specific business industries such as banking sector, media and telecom, e-commerce, retail businesses and etc. Our experts participate actively in discussions of draft laws within working groups that are involved in lawmaking process.
Our Data Protection and Cyber Security services include:
- Advising on Russian rules and regulations on data protection and information security requirements applicable to processing activities, including data localization requirements and structuring data flows within group of companies and disclosures to third parties;
- Preparing local corporate policies and regulations on personal data processing, consents, privacy notices;
- Advising on requirements applicable to companies in case of implementing programs to employees that involve personal data processing, such as email monitoring, whistleblowing, etc.;
- Advising on privacy issues arising in e-commerce, preparing legal documentation required for publication on e-commerce websites (Terms and Conditions of Use, Privacy Notice, wording of consents);
- Advising on legal requirements to cross-border transfers of personal data;
- Auditing contracts for data protection compliance;
- Drafting data processing and data transfer agreements, confidentiality and non-disclosure agreements;
- Assessment of compliance of a company’s activities with data protection and security laws (legal due diligence);
- Filings to the Regulator;
- Advising on mitigating the risks due to non-compliance with the data privacy laws in case of conflict of the requirements applicable to a client under the laws of different jurisdictions;
- Advising on particular industry relating requirements and restrictions with regard to collection, processing and disclosing information to third parties, such as banking secrecy, healthcare information, legally privilege, etc.;
- Advising on the consequences and risks for breach of the laws on personal data in case of unauthorized disclosures and leakage of data;
- Assessment of the risks relating to non-compliance with data protection laws;
- Representing the clients before the Regulator in frames of state audits and the administrative proceedings against companies;
- Supporting release of the websites blacklisted by the Regulator for illegal content or data breache.