Cyber security and data protection

Protection and privacy for the data of individuals is a critical and high-profile business issue for many consumer-facing organizations, requiring experienced advisors with forward-thinking strategies and expertise on broader cyber security.

New requirements under data privacy and protection laws, such as the European Union (EU) General Data Protection Regulations (GDPR.) are extra-territorial in scope - non-EU organizations often fall within their purview. These obligations are expected to massively increase administration and compliance for business.

As the obligations increase, governments are gaining strong regulatory powers to enforce them. Companies that run afoul of these obligations or otherwise experience a breach may face:

  • Serious financial penalties of up to 4% of annual global turnover, potentially reaching tens of thousands of Euros or dollars; GDPR in particular, can expose entities to a virtually unlimited financial liability
  • Data-related compensation claims such as class action suits, claims based on distress, and even third-party litigation
  • Temporary or indefinite bans on processing as well as data flows with third parties
  • Reputational damage and negative publicity that can impact the company’s brand, its sales, and bottom line for years to come.

In addition, a growing trend is for new cyber security laws to regulate network and information security – in effect, these laws extend regulatory requirements beyond simply focusing on personal data. One example is the Network and Information Security Directive that establishes minimum standards and reporting requirements for serious breaches.

Many organizations are largely unprepared for these new obligations, notwithstanding that there is currently a myriad of them in place, with new laws being enacted across the world. These laws often have a broad jurisdictional scope, applying to various multinational organizations. Those companies embarking on a ‘compliance journey’ to meet these significant challenges are facing difficult choices about priorities and investing considerable resources and time for legal analysis and planning.

ILC Legal, LLP, as an independent law firm in the PwC network, can assist multinational clients with this fast-paced environment and growing data protection and cyber security requirements.

PwC's global legal services network can deliver services tailored to your needs

The PwC network:

  • Has one of the largest teams of multi-disciplinary privacy and data protections professionals in the world, with over 2,900 resources in 120 countries
  • Is the only professional services network that provides both cyber security and data protection legal advice
  • Can provide legal professional privilege – a powerful benefit when regulators and litigants are routinely seeking disclosures
  • Is the only professional services firm that has resources and experience to provide post-breach support across a range of services and a dedicated data breach litigation team


The PwC legal services network provides a wide spectrum of support for both data protection and cyber security. Examples include:

Strategic thinking

  • Privacy ‘transformations’ using an end-to-end, multi-disciplinary methodology to help entities deliver global change and risk reduction
  • Designing the organization’s overarching vision for compliance
  • Evaluating legal barriers when data is first used for new purposes

View more

Proactive approaches and readiness

  • Gap analysis, followed by risk-based prioritization to help pinpoint where a company must focus their compliance efforts
  • ‘Health checks’ – gauging the company’s response to a potential regulatory action or breach; track documentary and other compliance areas
  • Readiness assessment tool enables a targeted assessment of compliance gaps and risk areas to help prioritize remediation tasks 
  • Leading-class benchmarking – companies can compare to other industry peers in any sector in any jurisdiction
  • Implementation of technical and organizational measures and procedures for safeguarding data rights
  • Preparations for pending data protection legislation
  • Analysis of key ‘linchpin’ issues such as transparency, anonymization, pseudonymisation, consent, data portability, and profiling

View more

Analysis of enforcement trends

  • Enforcement Tracker – analysis of data protection regulatory enforcement actions in the United Kingdom and other countries

View more

Regulatory enforcement support

  • Assist with requests for documentation from regulators
  • Ensure timely response to requests (for example, a 72 hour deadline)
  • Review public lists of processing operations that the governmental authority views as risky and requires an impact assessment

View more

Public relations

  • Help companies address inquiries from individual customers

View more

Post-breach mitigation

  • BreachAid tool enables efficient engagement with PwC teams across various disciplines, including Legal, Forensics, and Crisis Management
  • Reputation and brand management issues
  • Communications support
  • Dedicated data breach litigation team

View more

Other support

  • Counsel on cryptography law – legal restrictions on export and import of encryption technology and cryptography methods, largely derived from the Wassenaar Arrangement with 41 participating states

View more

PwC's global legal services network has the largest geographical reach of any legal network with unparalleled access to experienced legal professionals around the world, making it a leader in the marketplace. However, it is the network’s approach and the value you will realize from it that makes it different.

Leading advisors with robust resources worldwide

The PwC cyber security and data protection network is one of the leading practices in this area in the world.  The network operates in all major economies in Europe, Central America, and Asia-Pacific and has some of the largest data protection legal teams across key territories in Western, Central, and Eastern Europe.  The network can advise multinational organizations using professionals in each territory that the business operates, and also have professionals physically present at the business’ offices.  

Complimentary disciplines working together to bring greater value

PwC’s network in this area is unequalled in respect to size and geographical scope.  But in addition, the network delivers services uses a multidisciplinary approach that includes legal, forensics, auditors, risk, and crisis management professionals working together seamlessly.  It offers proven methodologies that were designed together by various disciplines for a more holistic approach.  

After a breach, a range of professionals can be mobilized quickly

The PwC network’s ability to integrate and mobilize a multi-disciplinary range of services sets it apart from its competitors in the aftermath of a breach.  A myriad of issues can arise, but these resources can help companies focus on prioritizing work so that critical risk issues and key business objectives are addressed before less important matters.  

Significant litigation experience

The PwC legal services network has a proven track record in contentious matters, handling many of the recent, biggest security breach cases. When litigation arises, the network uses a ‘follow the sun’ model and is able to make significant progress in short periods of time. Companies that have breaches need a specialized global legal team given the constantly evolving environment and harsh consequences for non-compliance.

Strategic thinking can yield a foundation for years to come

Proactive thinking in this digital era is a cornerstone element of success. The legal service network aims to help companies design their vision first, following by implementing appropriate policies and procedures. Many companies find that a risk-based approach to this design – which forces tough decisions about priorities – may reach a better result than only focusing on legislative requirements. The former takes into account critical business objectives and can serve as an effective basis for future compliance challenges.

Contact us

Richard Edmundson
Managing Partner, ILC Legal, LLP
Tel: +1 (202) 312 0877