We expand the capacity of your privacy
and data protection team – as you need it!
and data protection team – as you need it!
European privacy compliance services
Compliance with EU privacy rules can be difficult and costly and requires specialised staff. Companies that rely on personal data from Europe face tough negotiations with EU-based customers and vendors of data processing agreements. Individuals expect standardised compliance, and any non-compliance presents reputational risk and potentially significant administrative sanctions. To address this challenge, EU and non-EU companies either hire full-time in-house privacy lawyers or use expensive outside legal practitioners who don’t understand the ins and outs of your company.
Our Dedicated Privacy Lawyer service presents a flexible and cost-effective opportunity to have world-class privacy lawyers dedicated to your company. We complement your staff according to your needs, providing the right number of lawyers for peak times as well as down times.
What is the dedicated privacy lawyer service?
It’s simple. Within a long-term relationship, we provide you the capacity of our best-in-class lawyers specialised in data protection for a fee arrangement and for as long or as little as you need. You benefit from flexibility and the expertise and talent of our Dedicated Privacy Lawyers, who understand your business and culture, without increasing your staff.
At Kinstellar, we have a true commitment to quality. Working closely with our clients’ teams enables our Dedicated Privacy Lawyers to deliver the highest added value based on our:
Our team’s international expertise (many have worked and/or studied in jurisdictions such as England, France or Germany) makes us well suited to provide not only local advice, but also to support your efforts to manage an EU-wide privacy program.
Our Dedicated Privacy Lawyers rank among the top-tier practitioners in their jurisdictions (e.g., Chambers, Legal500).
Reasonable price range
Using our services helps clients to optimise their human resource expenses, i.e., to cover increased workloads without hiring additional permanent staff.
Life sciences, banking and technology focus
As a significant part of our client portfolio is comprised of healthcare & life sciences, banking and technology companies, our team is very familiar with the specific privacy challenges in these sectors.
Scope of services
While our team is prepared to address any legal privacy or data protection issues, the following services provided by our Dedicated Privacy Lawyers have proven to be particularly effective for our clients:
DPA negotiations – Negotiating data processing, joint-controllership or data sharing agreements with vendors or customers (where applicable, in accordance with a pre-defined set of negotiating positions);
Privacy risk assessments – Conducting various types of privacy risk assessments or legitimate-interest balancing tests (in accordance with your internal policies and procedures);
International data transfer reviews – Drafting data transfer impact assessments and managing follow-up activities (e.g., renegotiating existing data processing agreements or follow-up on additional security measures);
Privacy notice drafting – Composing privacy notices and similar transparency documents;
Data protection impact assessments – Preparing data protection impact assessments in cooperation with all relevant business, IT and legal stakeholders;
Compliance activities – Handling any other day-to-day privacy matters (e.g., drafting privacy policies, handling requests and complaints of data subjects).
Adding real value
Our Dedicated Privacy Lawyers have an established track record adding value to our clients’ businesses based on the following:
Expertise and quality of best-in-class lawyers – We bring you the privacy expertise of lawyers, not consultants. Being admitted to the bar means that we adhere to the highest standards imposed on the legal profession for all our work. We maintain our commercial focus and provide pragmatic, actionable advice.
Flexibility and support even during peak times – We understand that the workload differs each month and that 1 FTE (full-time equivalent) may represent 60% of the baseline hour amount in Month 1 and 130% in Month 2. The structure of our teams allows us to be there even during times that require more effort.
Understanding your specific culture and operations – Our Dedicated Privacy Lawyers may also join a client’s in-house team and have client email accounts or access to its internal systems or intranet. This allows us to fully understand the intricacies of the client’s organisation and communicate with internal stakeholders (e.g., to gather information regarding a privacy risk review).
EU and local know-how – As the GDPR sets the same rules across the European Union, we are well equipped to support EU data protection projects. In addition, having team members from various jurisdictions brings fresh perspectives and increased know-how regarding the application of privacy legislation in practice.
Wide language coverage – Our Dedicated Privacy Lawyers speak a wide range of languages, which enables us to identify the colleagues with the right language skills for each client (e.g., English, German, French in addition to our local languages, such as Bulgarian, Czech, Hungarian, Romanian, Slovak).
EU and non-EU operations – With operations in Bulgaria, Croatia, Czech Republic, Hungary, Kazakhstan, Romania, Serbia, Slovakia, Turkey, Ukraine and Uzbekistan, we are well positioned to provide legal advice on comprehensive EU-wide privacy projects.
Team-member substitutability – Having a team instead of an individual dedicated to your privacy team greatly reduces the risk of unavailability due to public holidays or unforeseen absences.
Examples of how we have supported our clients
Long-term advice – The client, an international life sciences company, needed 1 FTE resource for 12 months to cover the increased workload of its EU Privacy Team. We provided a team of three Dedicated Privacy Lawyers from three jurisdictions working a total of up to 160 hours per month (i.e., 1 FTE).
A specific assignment – The client, a payment services provider, needed additional support only in a specific area requiring particular expertise, such as negotiating data processing agreements with EU-based customers. We suggested a team of two Dedicated Privacy Lawyers from two jurisdictions. In view of the volume of contracts the required capacity was 100–130 hours per month. Our Dedicated Privacy Lawyers first analysed the preferred negotiating positions of the client and then reviewed the required number of agreements in accordance with the client’s expectations.
Summer season step-in – Clients may face periods with a sudden decrease in employee availability. Our client, an IT company, requested 0.5 FTE resources to support its internal team during summer leave. We suggested a team of two Dedicated Privacy Lawyers from two jurisdictions for the required capacity (between 50–100 hours per month) for a duration of three months.