Overview
Through Carlton Fields’ International Privacy Compliance services, we assist U.S.-based companies that do business internationally in complying with the ever-changing landscape of data privacy laws. We have particular experience in the European Union and Central and South America, including Brazil.
Whether our clients are seeking to expand products and services to international markets, or are looking to ensure an existing compliance program is up to date with the latest guidance and regulations, Carlton Fields’ multidisciplinary team can assist. As needed, we partner with clients’ existing foreign law firms, or through a referral from within our network of trusted law firms based in your target country, for “on the ground” advice outside the United States.
Assisting Clients With
- GDPR
- Brexit transition from GDPR
- Brazil’s LGPD
- Canada’s PIPEDA
- Jamaica's Data Protection Act
- EU Data Protection Authority guidance and enforcement, including:
- Irish Data Protection Commissioner’s cookie consent and management
- German Data Protection Authority data transfer mechanisms
- Bringing businesses up to date with their data control, processing, and transfers post-Schrems II
- Compliance with global industry standards (PCI-DSS, IAB Frameworks)
Keeping Clients Up to Date and Ahead Of
- Guidance issued from European Union Data Protection Authorities
- Investigations and enforcement actions from international regulators
- Emerging privacy regulations
- Transfer of data, including employee data, from the EU to the United States, and vice versa
Assembling a Compliance Roadmap
Carlton Fields offers flexible programs that leverage prior compliance efforts and allow our clients to adjust without reinventing the wheel:
- Data mapping and risk assessment
- Privacy policy creation and maintenance
- Data subject access request management
- Opt-out processes for data deletion, data portability, and other GDPR consumer rights
- Workflows for responding to data subject access requests (scripts, forms, and operationalization)
- Internal management mechanisms for response and audit trails of data subject access requests
- Draft and negotiate contracts and agreements to reflect data privacy obligations and data processing
- Implementation of employee training related to the GDPR and LGPD and responding to data subject requests
- Creation of an incident response plan for GDPR data security requirements
- Updates to internal and external privacy policies related to the GDPR and LGPD
- Review of consent mechanisms for general data collection
- Cookie consent and management of preferences
- Global data breach notification analysis and compliance
Providing Turnkey Training Solutions
Carlton Fields provides turnkey and white-label training solutions such as:
- GDPR Basic Training for All Employees
- GDPR Data Subject Access Request Management Training
- LGPD Basic Training for All Employees
- LGPD Data Subject Access Request Management Training
- EU Cookie Consent and Management Training
Ramping Up Existing Compliance Programs
Carlton Fields can assist companies in determining effective and innovative ways to build on existing compliance programs, assisting in-house counsel and other legal support staff.
Flexible Solutions for Small to Midsize Businesses
Carlton Fields provides turnkey solutions and applications to help SMBs that are looking to expand sales and relationships abroad meet their compliance needs. Our solutions and alternative fee models get our clients to their compliance goals and in a position to scale their data collection.
Industries Served Include:
- Biotechnology
- Artificial intelligence
- Technology
- Media and entertainment
- Telecommunications
- Professional services
- Video games and esports
- Advertising
- Financial services