Law firms strengthen Data Protection areas in the face of a boom of consultancies due to the new law

Boutique firms to the titans of the legal world have been preparing for the implementation of the new law for some time. At Bitlaw, Paulina Silva and Javiera Sepúlveda have decided to provide advice on matters such as technology and data protection. The area is made up of six more lawyers, two of whom joined a few months ago (Diego Cuadra and Camila Maureira) and they are now looking for two more specialists.

At Carey, the practice is headed by Guillermo Carey and José Ignacio Mercado and is made up of eight associates specialized in Data, Cybersecurity and Compliance, including a European expert with knowledge in the implementation of the old continent’s regulation (GDPR). This year they reinforced the team with two new hires. The Technology, Media and Tele-communications area of PPU, led by Eduardo Escalona, is the one that handles all Data Protection issues, which also comprises four other associates and 12 professionals.

They also point out that they rely on their regional partners. In the case of PPU, in the last 12 months they have added two associates to their ranks. Carla Illanes joined DLA Piper a year ago to strengthen the area. She works together with three lawyers and two partners.

At Cariola Diez Pérez-Cotapos, Carolina Flisfisch joined this year as a partner to strengthen the Technology, Privacy and Media group. At Alessandri it is Macarena Gatica who leads the sector and her team is also made up of a group of six lawyers in total. This year they were joined by Trinidad Moreno and Bárbara Silva. At Guerrero Olivos the department is led by Juan Enrique Allard, Pedro Pellegrini and Diego Morandé and now has ten specialists. Valentina Mora joined as a senior associate.

AZ’s IP, Tech and Data group is led by Eugenio Gormáz, with Carlos Lazcano, Esteban Orhanovic, Fernanda Rodríguez and Antonia Nudman working alongside him.

Barros & Errázuriz more than seven years ago decided to expand its traditional Tele Communications practice to the areas of Technology and Data Protection, adding to the team professionals such as Fernanda Irrazabal and Magdalena Rojas. In this case, Andrés Rodríguez leads the area. Magliona Abogados, on the other hand, is one of the largest law firms in the area. Claudio Magliona and Nicolás Yuraszeck are in charge, and they are accompanied by 10 other professionals.

Claro & Cia is not far behind with an area led by partner Paulina Bardón and with the participation of two specialists: Marisol Balbontín and Teresita Maturana. Another firm that reconfigured its structure and at the end of 2023 decided to inaugurate this area is Prieto, who signed Romina Garrido as head of Data Protection, Cybersecurity and Artificial Intelligence and has teamed up with Carolina Soto, Kilian Vargas and Josefina Navarrete.

Advisory services on the rise: review of privacy policies, contracts and gap analysis

Data consulting did not appear overnight. Document reviews, data processing agreements, preparation or review of privacy policies, contract clauses, due diligence, risk analysis derived from information processing, as well as implementation of personal data policies, with emphasis on their compatibility with consumer and e-commerce regulations, are part of the long list of assignments that in the last five years have become increasingly common in law firms, from large companies and, particularly, from multinationals.

Other issues that have been developed prior to the implementation of the law refer to the identification, detection and correction of gaps in these matters, adhering to European standards. There is also advice on the legality of certain data processing activities, the preparation of legal documents, the design of new processes, as well as support to the technical areas of the companies for the contracting of technological systems that allow them to manage certain aspects of the law. And that is only the beginning.

The firms pointed out that clients’ requirements are increasing. The diagnosis is lapidary: as a country we do not have a data processing culture, either at user level, or as a State, or as a company, and we are facing a new regulation that has an ‘extremely higher standard than the current one’, they said.

Major concerns: more exposed companies, penalties, regulations and cultural change

The concern is transversal, or at least it should be, according to the professionals consulted. Understanding the scope and background of the project is crucial, because, according to the specialists, we are dealing with a type of law whose management at the organizational level is fundamental and daily. Who are most exposed?

In general, they said, the degree of preparation of the organizations depends on their relationship or interaction with other foreign laws. If they have had such a link, they are much more prepared to face this change.

Other firms that will have a high level of exposure are those that process large volumes of data and those that involve data processing with stricter protective statutes, such as those related to health, financial information or involving minors. Possible sanctions and future authority are another point of concern among lawyers.

This is explained by the size of the fines, which can reach up to UTM 5,000 and, in the event of repeated serious or very serious infringements, fines equivalent to up to 4% of a company’s annual sales revenue could be triggered.

Added to this is the regulatory uncertainty that will remain, said some experts, until all the necessary regulatory standards are in place and the proper coordination between the Data Protection Agency and other sectoral regulatory and supervisory bodies is clear.

Finally, there is the organizational challenge, particularly in relation to the integral coordination that must exist between the different areas that must be involved in the implementation of privacy controls, such as the company’s attorney’s office, information technology (IT) managers, human resources, among other areas.