Data, Privacy & Cybersecurity


The frictionless flow of information is a defining feature of today's information economy. The ability to transfer customer data, employee files, financial records, and other information around the globe quickly and cheaply has opened up a world of opportunity for many businesses. It also presents a new world of risks.


Managing risk and adopting sound privacy and security standards

The potential for misuse of sensitive personal information has triggered legislative and regulatory action worldwide—the risks are high. Privacy laws are continually evolving, vary by jurisdiction, are interpreted unpredictably, and are in a constant state of flux. Even the most well-meaning, conscientious company can make a false step as it captures, uses, transfers and discloses personal information. The same applies to cybersecurity, which is becoming increasingly complex. The consequences can be serious: heavy fines, injunctions, government audits, even criminal liability. Perhaps more importantly, companies that run counter to privacy and cybersecurity standards find themselves open to negative media attention and the immeasurable damage of lost consumer trust and confidence.

These risks have led a growing number of multinational companies to turn to our global data privacy and cybersecurity group for help in adopting sound privacy and security practices, ensuring regulatory and legal compliance, and protecting their competitive advantage.


Advising clients around the world in their compliance efforts

With one of the largest and most experienced data privacy and cybersecurity groups in the world, our global team is on hand to guide clients through the relevant data protection legislation in the jurisdictions in which they are active. Seamlessly working with their counterparts in other practice areas, our global team has the depth of resources to provide integrated, creative and practical advice on the privacy-related concerns faced by our clients, wherever they are located.

Our experience spans the full range of industry sectors including financial institutions and banking, biotechnology, pharmaceuticals and chemicals, construction and engineering, consumer goods and retail, automotive, hotels and leisure, IT, telecommunications, manufacturing and electronics, publishing and media.

Specific data privacy and cybersecurity services we provide for our clients include:

  • Cross-border data transfer (both intra-group and with third parties)
  • Binding Corporate Rules (BCR) and APEC Cross-Border Privacy Rules System
  • Privacy and cybersecurity policies
  • Privacy and cybersecurity audits
  • Data security breach preparedness and response
  • Privacy-related claims and disputes
  • Privacy statements for online activities
  • Employee privacy
  • Financial privacy
  • Healthcare privacy
  • Marketing policies
  • Privacy and cybersecurity aspects of cloud computing and other sourcing arrangements
  • Data processing and data transfer agreements
  • Privacy aspects of investigations and e-discovery
  • Due diligence and warranty negotiation for M&A


Visit our Cybersecurity: Legal implications and risk management pageVisit our US Data Privacy Guide page Visit our GDPR Handbook: Unlocking the EU General Data Protection Regulation pageVisit our GDPR Guide to National Implementation page


View all lawyers in Data, Privacy & Cybersecurity



"Global Elite" – Ranked #4 Overall and #2 for Data Privacy Advisory
Global Data Review 2023

"The firm can provide timely and in-depth input for regulations in different jurisdictions through leveraging its various offices."
Chambers - Data Protection & Information Law - UK - 2023

White & Case enjoys a strong reputation among interviewees for its data protection capabilities, assisting with cyber attacks and large data breach proceedings. Its extensive international footprint allows the effective handling of cross-border mandates, where White & Case often acts for clients from the financial, automotive and technology sectors.
Chambers - TMT: Data Protection - Germany - 2023

Best Lawyer Germany in Data Security and Privacy Law, Information Technology Law, Outsourcing, Technology Law
Handelsblatt, 2023

"Clients praise the team for being focused on delivering results."
Chambers, Data Protection, 2021

"White & Case LLP London has proven to be an excellent team of data privacy experts especially with regards to new technologies."
The Legal 500, Data Protection, 2021

"All their deliverables are provided on time and they're very knowledgeable."
Chambers UK 2019

"Noted for its extensive thought leadership in areas such as the implications of the GDPR."
Chambers UK 2019

Noted for Data Protection
Chambers Global 2019

Noted for Data Protection
Chambers Europe 2018

"Global firm with the resources and expertise to handle multi-jurisdictional compliance programme design for household-name clients in a number of industries."
"The client service is extremely strong, and we are getting significant value for our money."
"The firm is more dynamic and responsive than other firms we have previously used."
Chambers UK 2018

"Recognised for representing technology companies, telecoms players and financial institutions in an array of TMT mandates. Experienced in licensing, litigation, cloud computing and data protection matters, with significant activity in M&A and joint venture agreements."
"What sets them apart is their thought leadership and forward thinking."
"A well-recognised firm with extensive experience and knowledge of the telecoms area, which has helped us to achieve favourable results."
Chambers Global 2017


Global consumer goods company
White & Case is providing this confidential client with advice and strategic guidance on global data protection compliance matters including, but not limited to, compliance with the forthcoming General Data Protection Regulation, the implementation of Binding Corporate Rules, support on data processing agreements and related data protection compliance initiatives. This project is global in scale, involving entities in all major markets around the world.

Privacy-related disputes for social media company in the EU
Advising a leading social media company in relation to privacy-related disputes in several EU jurisdictions.

Multi-country review of in-vehicle systems for car manufacturer
Assisting a leading car manufacturer with respect to the privacy and telecommunications law aspects of in-vehicle systems in 52 jurisdictions.

Multi-country review of security policies for international banking group
Review of the information security policies of an international banking group under the legal and regulatory framework of various major jurisdictions.

Global data privacy compliance project for pharmaceutical manufacturer
Advising an international pharmaceutical manufacturer in relation to a global data privacy compliance project with a particular focus on healthcare privacy.

Cross-border data privacy issues for manufacturer of electronic devices
Advising a multinational manufacturer of electronic devices on all issues related to European, Asian, South American and Pacific human resources and client personal data, including performance of a data privacy audit, drafting of intra-group privacy policies and contracts, assisting with European works council laws, and preparation of binding corporate rules.

Intra-group transfer of personal data for energy supplier
Advising an international energy supplier on the intra-group transfer of personal data (included related agreements with employee representatives).

HR management data protection issues in 30 countries
Review of the proposed introduction of a group-wide HR management system by a leading manufacturer of wires and cables under the data privacy laws of more than 30 countries.

Establishment of shared services centres for international consumer goods manufacturer
Advising a leading international consumer goods manufacturer on data privacy and employment law related matters in 25 countries worldwide with regard to the establishment of intra-group shared services centres for certain HR functions.

Privacy aspects of investigations and e-discovery for financial institutions
Advising several leading financial institutions on data privacy issues in relation to civil, criminal and competition investigations and disputes.

Security breach and notification obligations in various industries
Advising companies in various industries on their respective obligations under federal and state security breach and notification laws.