Privacy & Data Protection

Recent matters DGKV’s Data Protection team has worked on include:

 

• Assisting the Bulgarian subsidiaries of a global creative and advertising agency with the preparation of an audit report regarding the data-protection and e-commerce compliance of their websites and with the revising and updating of their privacy and cookie policies.
• Advising numerous clients on employee data protection, personal-data transfers and cross-border data flows, customer data protection/CRM, sensitive data protection (such as health data, including COVID-related issues), data protection pursuant to Bulgaria’s Law on Electronic Communications, the use of cookies and tracking technologies, data-breach notifications, data-processing agreements, etc.
• Providing strategic employment-law advice to Accenture and its Bulgarian group companies regarding day-to-day activities on matters such as remote working, flexibility of work hours, posting of employees and equal treatment, disciplinary cases, benefit structures, the cross-border secondment of employees, the implementation of various policies, the permissibility of electronic exchanges of communication with employees, training and qualification, personal-data-privacy issues, and transaction-related  employment aspects, among others.
• Advising Google on various litigation matters related to a number of Right-to-be-Forgotten deletion requests from Bulgarian citizens.
• Advising Playtech’s Bulgarian group companies on a variety of employment topics, including the data-privacy restrictions applicable to its particular employment structures and relations with employees.
• Providing advice to global tech companies, OTT operators, and platforms on telecom-regulatory, AdTech, data-breach-notification, and security-incident procedures, as well as on consumer-protection and other compliance requirements associated with their operations in Bulgaria.
• Advising Booking.com on data-privacy matters and assisting with the implementation of its desired marketing practices to customers, including via a mobile-phone application and web-based infrastructure, particularly in terms of ensuring compliance with the GDPR, as well as advising it on the export of personal data from the EEA.
• Advising a Bulgarian member of a US corporate group on reporting an accidental data breach to Bulgaria’s data-protection authority and assisting with its response to the follow-up audit by the authority to protect it from any penalties or liability, as well as advising it on applicable safeguards for transferring personal data to the USA after the Schrem II case and helping it update its policies and measures in compliance with the GDPR.