Data Protection & Privacy

Data Protection & Privacy Law

Data Protection & Privacy

Today businesses operate in a territorial agnostic world where technology and data assets have transformed the conventional dynamics of a successful business. It is inconceivable to fathom a situation where business functions are independent of information technology and data. Consequently, data protection, information management, informational privacy and compliance with evolving regulatory requirements across the world are key board room agenda items.

Over the years, the Firm has gathered expansive expertise in advising multi-national conglomerates and domestic companies in IT/ITES, healthcare, insurance, finance, e-commerce, enterprise resource planning, and emerging technologies on diverse aspects of data protection compliances, cross-border transfer, data processing, privacy contracting and negotiations, data inventory and audit, information management and lifecycle processes, policy and process formulation, implementation tools, privacy rights and obligations, and sensitization training. We have and continue to hand hold organizations with cross-border operations to navigate, understand, familiarize, implement and comply with foreign data protection regulations in EU, USA, South East Asia, East Asia, Australia and New Zealand. We firmly believe in the power of awareness advocacy and conduct series of round tables and open house sessions on the importance of a robust privacy governance framework as well as trained legal teams of large global tech companies on EU GDPR and India’s draft Personal Data Protection Bill.

What We Have Done

  • Advised a leading Indian ERP solution provider while closely working with its Data Protection Officer on compliances, data processing protocol, policies, data subject right requests, privacy contracting and negotiations, cross-border data transfer, risk mitigation, and breach management under EU GDPR and other foreign laws
  • Counselled US entities and research organizations engaged in preventive healthcare, diagnostic and clinical studies in setting up information and personal data processing centres in India, launching health data monitoring mobile applications and advising them on data protection and privacy laws in India
  • Advised a US multinational in their India specific data inventorization and retention strategies
  • Represented a US corporation on their in-house social networking policies and procedures and processing of employee   personal information
  • Advised a global conglomerate on their BYOD policies and processes
  • Advised an American healthcare company in carving out their India personal health information assets and cross-border data transfer through cloud services factoring Indian and EU laws as part of their India specific slump sale restructuring
  • Advised a US based healthcare and diagnostics major on collection, storage, analytics, anonymization, and other forms of processing of personal health information
  • Advised insurance third party aggregator on data processing and analytics of health information pursuant to insurance claims
  • Counselled several foreign and Indian clients on compliances, processing requirements, data import-export, reasonable security measures, breach management and reasonable information security practices under the Indian Information Technology laws and EU GDPR
  • Advised several healthtech and fintech start-ups on diverse aspects of data protection, processing and privacy governance framework

Let us help you!

Please feel free to e-mail us on

We are using cookies to give you the best experience. You can find out more about which cookies we are using or switch them off in privacy settings.
AcceptPrivacy Settings




The Bar Council of India restricts advocates from maintaining a website as a source of advertising. This site contains general information for informative purposes only. The reader should not consider / construe information on this site to be an invitation for any attorney-client relationship.