Regulatory & Competition Personal Data Protection and Privacy

The team is especially noted for its “understanding of information systems and the technology industry.”

Our lawyers have extensive experience in advising clients from various sectors (e.g. healthcare, financial, IT, hospitality, retail, e-commerce, employment, real estate, industrial, etc) on legal matters pertaining to personal data protection and privacy, with comprehensive know-how in effectively addressing, documenting and managing the EU General Data Protection Regulation (GDPR), e-privacy, and national data protection frameworks.

Our team conducts personal data protection compliance audits designed to identify non-compliance and provides custom action plans with practical guidance on how to eliminate any inconsistencies identified.

The team also offers far-reaching legal assistance in the implementation of action plans to achieve legal compliance. That includes drafting the requisite documentation (e.g. privacy notices, records of processing activities, internal procedures, data processing agreements, data protection impact assessments, etc), assessing clients’ business processes and procedures, well as day-to-day consulting on varied issues pertaining to data protection and privacy (e.g. determining the legality of and legal bases for processing personal data and the roles in processing personal data, defining data retention periods, regulating cross-border transfers of personal data, appointing data protection officers, etc).

Additionally, the team conducts data protection trainings, the content and scope of which depend on the target group and needs of the client, supports the work of data protection officers and inhouse lawyers, and represents clients in the Data Protection Inspectorate and in courts.

Major Deals

05.02.2020
We advised Nasdaq-listed fintech company Opera on the acquisition of Pocosys

TGS Baltic advised the Opera group, which is listed on stock exchange Nasdaq in the USA, on entry into a contract of purchase for the acquisition of fintech company Pocosys and its sister company, a licensed payment institution, Pocopay from Poco Holding where Indrek Neivelt has a large shareholding.
More
24.05.2019
TGS Baltic carried out a full assessment of the GDPR compliance of the Baltic region’s largest retail chain

TGS Baltic carried out a comprehensive assessment of the GDPR compliance of the Baltic region’s largest retail chain. We reviewed the business processes of all the companies in the group and drew up a detailed report and an action plan.
More
24.05.2019
TGS Baltic performed a full assessment of a pharmacy chain's GDPR compliance

TGS Baltic carried out a comprehensive assessment of the GDPR compliance of a pharmacy chain: we reviewed the business processes of all the companies in the group and drew up a particularly detailed report and action plan.
More
31.01.2019
TGS Baltic assessed the evaluation of the GDPR conformity

TGS Baltic assessed the evaluation of the GDPR conformity performed by other service providers and their conclusions, presented comments and identified certain shortcomings. The project included review of prepared reports and documents, also checking of the Company’s employees’ workplaces and instruments.
28.02.2018
TGS Baltic carried out a comprehensive assessment of GDPR compliance

TGS Baltic carried out a comprehensive assessment of GDPR compliance: reviewed and checked the business processes of the company, and drew up a particularly detailed report and an action plan. As the project progressed, detailed consultations relating to the implementation of the action plan and the drawing up and application of the required documents were provided. The implementation of the project required specific knowledge on the regulation of the provision of physical protection services.
15.02.2018
TGS Baltic advised MTS

TGS Baltic carried out a comprehensive assessment of GDPR compliance: reviewed and checked the business processes of the company, and drew up a particularly detailed report and an action plan. As the project progressed, detailed consultations relating to the implementation of the action plan and the drawing up and application of the required documents were provided. The implementation of the project required specific knowledge in a strictly regulated area, i.e. the regulation of payment institutions.