Businesses must introduce new data privacy rules – VdA

Companies that can demonstrate they did all they could to prevent a data-related crime have a better chance of success in court

New regulations overhauling Europe’s data protection legislation mean that companies face the task of having to change their business processes and introduce a host of new rules regarding privacy, say compliance experts at Vieira de Almeida (VdA) in Lisbon.
The EU General Data Protection Regulation – which places accountability on data controllers to demonstrate compliance by providing new forms of data consent – presents a major opportunity for law firms, explains Magda Cocco, partner in charge of VdA’s privacy, data protection & cybersecurity practice. “Companies from all sectors will need to change procedures and prepare a lot of privacy rules,” says Cocco. “Although they have over two years to adapt themselves to the new regulations, there is a substantial checklist to get through.”
Furthermore, with these regulations coming into force alongside other directives –such as the Cybersecurity Strategy for the European Union and the European Agenda on Security [which places EU cybersecurity and cybercrime initiatives within an overall strategic framework] – concerned companies are seeking legal advice in two key practice areas: data protection and cybercrime. “With everything that has happened in the financial sector, compliance is still a sensitive issue in Portugal,” says VdA partner Sofia Ribeiro Branco, head of the firm’s criminal, misdemeanour and compliance practice. “While Portuguese criminal law doesn’t expressly mention the relevance of compliance, if a company shows evidence that it did everything it could to prevent the crime, the courts  are beginning to accept it as an argument.”
Cocco adds: “Compliance is the one area where we feel our clients want to be adaptive, aware and do everything they can do.” She says that such is the concern about fulfilling accountability obligations, law firms are now advising companies within certain sectors on incorporating privacy by design. Cocco says: “We’re now seeing companies wanting advice in the very early stages of the design of new products and services.”