Home / Insight / Data protection

Data protection

The challenges arising from data are countless and inescapable in our maturing technological landscape. To future-proof your organisation, and unlock opportunity from your data, you need alert and experienced lawyers who will deliver practical advice. Our team of experts includes former regulators who have been right at the heart of the development of the legal landscape in this critical area.


Clients turn to CMS to advise on global data privacy, protection and information security projects. Leading multinational companies, many of which hold large amounts of sensitive data and are heavily regulated, instruct us to advise on multi-jurisdictional projects.

Global AND local

Our teams are flexible in that they handle both large multinational projects but can also deep-dive for niche, country-specific advice. The teams are on the ground in over 40 countries, speak the local language and understand the local laws – but crucially in a global context.

Pragmatism and business acumen

CMS has a knack for turning legal advice into practical solutions that make sense not just to your legal teams, but to your other employees, such as the HR function, or software engineers.

Please select one of the jurisdictions from the list below to find out more about data protection and data regulation offerings.

Pri­vacy, Data Pro­tec­tion and Cy­ber­se­cur­ity Bro­chure
Leg­al pre­ci­sion in pri­vacy, data se­cur­ity and data pro­tec­tion
Data Law Nav­ig­at­or | Over­view
100% se­cur­ity does not ex­ist. Now more than ever or­gan­isa­tions of all shapes and sizes should pay at­ten­tion to their data pri­vacy and cy­ber se­cur­ity. Un­pre­ced­en­ted num­bers are now work­ing from home, thus rais­ing ex­pos­ure to cy­ber se­cur­ity prob­lems and more com­plex data pro­tec­tion im­plic­a­tions.Wheth­er head­line worthy or not, we know that cy­ber in­cid­ents and breaches of data pro­tec­tion reg­u­la­tion have the po­ten­tial to cause an or­gan­isa­tion sig­ni­fic­ant dis­rup­tion of op­er­a­tions, dam­age to repu­ta­tion, and the risk of fines and losses. Pre­par­a­tion, in­clud­ing un­der­stand­ing the reg­u­lat­ory land­scape, con­tin­ues to be key.The CMS Data Law Nav­ig­at­or is an over­view of data pro­tec­tion and cy­ber se­cur­ity laws in over 30 coun­tries lis­ted be­low. The con­tent will be peri­od­ic­ally up­dated but, giv­en the con­stantly evolving laws in this area, we can­not guar­an­tee the con­tent is com­plete and ac­cur­ate.Vis­it the CMS Data Pro­tec­tion In­sight page to see more of our tools and re­lated pub­lic­a­tions.Vis­it a coun­try pro­fileme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­umme­di­um 
CMS Breach As­sist­ant app
The ul­ti­mate guide to deal­ing with a data breach


Show only
23 June 2020
Coronavir­us (COV­ID-19) and Pri­vacy
In the last few months, we have seen or­gan­isa­tions across Europe im­pos­ing vari­ous ob­lig­a­tions on their em­ploy­ees, vis­it­ors and cus­tom­ers to fight the spread of the COV­ID-19 vir­us. CMS has pub­lished com­pre­hens­ive data pro­tec­tion guid­ance for those em­ploy­er
10 June 2020
DI­FC Data Pro­tec­tion Law
In­tro­duc­tion Fol­low­ing a series of con­sulta­tions, the Dubai In­ter­na­tion­al Fin­an­cial Centre (DI­FC) has is­sued Data Pro­tec­tion Law No.5 of 2020 (DPL), which in­creases pri­vacy com­pli­ance re­quire­ments for...
08 May 2020
Data Law Nav­ig­at­or | Over­view
Find here in­form­a­tion about data pro­tec­tion and cy­ber se­cur­ity laws in vari­ous coun­tries world­wide: Al­bania, Aus­tria, Bel­gi­um, Bos­nia and Herzegov­ina, Bul­garia, Croa­tia, Czech Re­pub­lic, France, Ger­many, Hong Kong, Hun­gary, Italy, Lux­em­bourg, Mex­ico, Monte
12 May 2020
Loc­a­tion apps in the time of COV­ID-19
Con­tact tra­cing and loc­a­tion data-based ap­plic­a­tions have re­cently be­come the sub­ject of the heated de­bates in view of their wide­spread use in the fight against the COV­ID-19 pan­dem­ic. In re­sponse to...
April 2020
Data ac­cord­ing to Private Law
12 March 2020
“High-risk AI”: a European ap­proach to ex­cel­lence and trust
On 19 Feb­ru­ary 2020, the European Com­mis­sion (the “Com­mis­sion”) pub­lished a White Pa­per en­titled ‘On Ar­ti­fi­cial In­tel­li­gence - A European ap­proach to ex­cel­lence’. Build­ing upon the European strategy...
Shar­ing is (S)caring: Your face is a weapon
11 March 2020
China pub­lishes new spe­cific­a­tion on per­son­al data se­cur­ity
On 7 March 2020, China pub­lished an up­dated ver­sion of the “In­form­a­tion se­cur­ity tech­no­logy – Per­son­al in­form­a­tion se­cur­ity spe­cific­a­tion” (“New Spe­cific­a­tion”), which will take ef­fect on 1...
January 2019
The ten­sion between GDPR and the rise of block­chain tech­no­lo­gies
05 March 2020
Coronavir­us and the GDPR – pri­vacy ad­vice for com­pan­ies
When in­tro­du­cing meas­ures for em­ploy­ees, vis­it­ors and con­tract­ors to re­spond to the coronavir­us threat, com­pan­ies must choose pro­ced­ures that min­im­ise both the risk of in­fec­tion and pri­vacy non-com­pli­ance....
18 February 2020
‘Les­sons learnt’ from the Maastricht Uni­versity cy­ber at­tack
On 23 Decem­ber 2019, Maastricht Uni­versity found it­self the vic­tim of a sig­ni­fic­ant cy­ber at­tack, which res­ul­ted in cy­ber crim­in­als tak­ing some of its data host­age. A man­age­ment sum­mary of what happened...
17 February 2020
Opin­ion on stand­ard con­trac­tu­al clauses: more a com­pli­ance head­ache than...
A re­cent non-bind­ing Opin­ion of the Ad­voc­ate Gen­er­al has sig­nalled that the stand­ard con­trac­tu­al clauses can con­tin­ue to be used as a safe­guard for trans­fer­ring per­son­al data out­side the EEA. However,...