Gornitzky’s Cyber-Security, Data Protection and Privacy team offers our clients a practical hands-on approach to handling the ever-growing legal, regulatory and commercial challenges related to cyber-security and the protection of personal data.
We have gained extensive experience in advising Israeli and multi-national corporations on the implementation of requirements under Israeli privacy laws, including the Protection of Privacy Law, 1981 and the Protection of Privacy Regulations (Data Security), 2017, as well as sector-specific legal and regulatory provisions. We also support our clients’ efforts to comply with global data protection standards, such as the EU General Data Protection Regulation (GDPR). In that context, we are skilled in developing appropriate compliance programs, policies and internal records required by such laws, drafting data protection agreements (DPAs) and advising clients on accountability and risk mitigation.
We further provide our clients with practical day-to-day advice on privacy matters emanating from their business operations. Among others, we advise clients on allocation of responsibility for privacy matters, drafting of privacy notices to data subjects, handling data subject requests, registration of databases with the Registrar of Databases, cross-border data transfers, permissible monitoring of employee computer activities, use of CCTV cameras, anonymization and use of data for clinical research, facial recognition, collection of biometric data, profiling and direct marketing.
Our team has gained extensive experience in negotiating complex M&A transactions involving data protection and cyber-security matters, as well as commercial agreements with vendors, business partners, customers and investors that involve such matters.
We also advise clients on measures for mitigating legal, regulatory and reputational risks from data breaches. We provide hands-on support to clients that have been affected by data breaches, guiding them on measures to minimize exposure from such events and helping them meet legal and regulatory requirements, including notification to regulators, law enforcement and data subjects.
We represent companies that offer cyber-security products or services on their day-to-day business activities, in commercial and M&A transactions and in litigation, and advise such companies on legal restrictions on the use, development, commercialization and export of cyber-security technology and know-how, under the Israeli Defense Export Control Law, 2007 and the Law Governing the Control of Commodities and Services, 1957 Order Regarding the Engagement in Encryption Items, 1974. We also advise our clients on international human rights matters related to such products and services.