Skip to main content

Information Governance & Data Protection

Lydian advises clients in a broad range of industry sectors on all aspects of compliance with data protection and privacy laws and regulations.

Focus areas

Our services range from legal advice to integrated consulting on corporate privacy risk management, as well as legislative strategic policy advice

We advise our clients on:

  • tailored compliance tools and procedures such as Data Protection Impact Assessments (DPIA) and checklists;
  • legal grounds for the processing of (sensitive) personal data;
  • fair processing notices and consent forms;
  • (cross-border) data transfer agreements;
  • data processing agreements;
  • records of processing activities;
  • appointment of the Data Protection Officer;
  • responding to data subjects exercising their rights.

Clients benefit from our strong working relationships with data protection regulators, which gives us a good understanding of regulators’ attitudes and enables us to give clients a risk-based analysis.


The cross-border transfer of personal data is viewed by many privacy professionals and regulators as a risky activity and it is therefore subject to rigorous privacy and data protection requirements.

Companies involved in the exchange of personal data across borders must often implement strict protection measures. We help our clients identify the appropriate means of transferring personal data (Binding Corporate Rules (BCR), Standard Contractual Clauses (SCC), Privacy Shield) and assist them in all steps of this process.

We also help our clients to secure their rights while using cloud computing services. Personal data processing operations through cloud computing services involve risks such as lack of control over the data and insufficient information regarding the processing itself. We work closely with clients to manage and mitigate these key risks.

E-commerce businesses deal with many data: they process everything from customer data to locational and behavioral data. Personal data is shared with retailers or service providers every time a customer or user goes online.

We have extensive experience with respect to the collection, use and disclosure of data through various marketing tools. We advise clients on the rules regarding opt-in and opt-out for direct marketing through all channels. We advise clients on the use of personal data in the context of Big Data projects and ensure that these projects comply with the rules on transparency, automated data processing activities and profiling. We advise clients on the use of cookies and similar technologies. We also assist clients in dealing with data breach response.

All organisations, private or public, need to plan and formulate policies and procedures enabling them to remain competitive and provide good service to their customers. This is also highly advisable in term of protection of the trade secrets of your organisation. The GDPR provides that personal data may not be kept longer than necessary for the purposes for which they are processed. Accordingly, organisations must define clear data retention and records management policies and enforce them. A retention policy offers guidance and provides a framework for staff to manage information across its lifecycle, so that the entire organisation complies with the various laws and regulations pertaining to data management. 

We advise our clients on company-wide records and information management issues and prepare related policies, procedures, guidelines or binding corporate rules.

We have extensive experience in HR data protection and privacy issues at work and advise our clients on:

  • GDPR compliance in HR (data protection notices, data subject requests, GDPR training for HR, agreements with HR service providers);
  • privacy issues in recruitment (background screening) and employment;
  • processing HR data (databases, software);
  • privacy-related questions in investigations of employees and disputes between employees and employers.

We assist our clients in implementing global data protection agreements as well as drafting specific policies on acceptable use of IT, CCTV and other tracking systems or cyber surveillance (including BYOD, social media), and whistleblowing. 

We act as your contact person in dealing with the data protection regulators.

Lydian can prepare you for e-Discovery. We advise our clients on how to organise data before a dispute, in order to mitigate the risks linked to an excessive or uncontrolled volume of data, and to keep control of their important information.

We help our clients to design a clear process in order to proactively address litigation imperatives, from data collection, through production until destruction (establishment of guidelines, clear and advance notice, information of data subjects about their data protection rights.).

We assist our clients in specifying security and confidentiality procedures and in contacts with third-party service providers and authorities.

We ensure data transfers in the context of e-Discovery are permitted under GDPR and local law requirements.

Growing technology and complex digitalisation increase risks of cyber-attacks and loss of data for companies.

We advise clients on the pro-active steps to take in order to protect their business against such attacks. We have experience in legal risks assessment, drafting contractual clauses, efficient insurance coverage and the correct management of personal data.

In the event of a hacking or a cyber-attack, we support clients in rapidly responding to this attack. We monitor investigations closely and take all necessary enforcement actions. Our working relationships with regulators, investigators and other providers of preventive and responsive services are a key ingredient to the service we provide.