Data Economy, Privacy and Cybersecurity

Leaders in the fastest growing areas of the digital economy



Garrigues is the leading provider of legal advice in the three main growth areas of the digital economy: technology-based businesses for the processing of personal and non-personal data, data protection and cybersecurity.

Our services

The data economy is based on the understanding of data as an economic asset. This business sector uses a series of different digital technologies that are linked by the use of communication networks such as the internet, generating and sharing data as a commodity and connecting people and things. At Garrigues we have advised, since the early days of the internet, on projects such as the creation of transactional websites, the development of advanced digital environments and the establishment of complex e-commerce structures.

With the influx of new digital environments using distributed ledger technologies, we also advise on blockchain projects and their applications in different areas of the economy, such as the financial sector, insurance, retail and healthcare. We also advise on the legal side of businesses that aim to maximize the value of data using technologies such as artificial intelligence or the internet of things. Our clients range from large technology multinationals to the most innovative startups, taking in the entire current economic infrastructure, on the inexorable road to digital transformation.

  • Advice on joint ventures to maximize data value.
  • Development and implementation of e-commerce platforms, online marketplaces and digital services.
  • Legal analysis of innovative blockchain, AI and IoT projects.

Privacy is based on the understanding of data as a fundamental right and covers the regulatory aspects of data protection. Garrigues professionals are recognized at the highest level by clients and international legal directories as longstanding experts with extensive technical knowledge applied to the world of business.

To give an example of the scope of our work in the sector, we have participated in the passage through parliament of the Spanish Law on Data Protection and the Safeguard of Digital Rights at the invitation of the Justice Committee of the Lower House of the Spanish Parliament, and we are present in the main forums for analysis and research of Spanish, European and international law.

The Garrigues privacy group provides coordinated services in all countries in which we operate, enabling us to advise and assist in major multijurisdictional projects.

To complete our service offering, we advise on penalty proceedings brought by supervisory authorities and on judicial proceedings at all levels and courts. We assist all manner of businesses, from complex corporate groups to individual companies.

  • Projects for adaptation to privacy legislation in different jurisdictions (GDPR, LOPD-GDD, etc.).
  • Specific projects to ensure compliance in areas such as international transfers, privacy impact assessments, etc.
  • Data protection audits.
  • Penalty proceedings, court proceedings in relation to ownership of data or liability deriving from data processing.

At Garrigues we have extensive experience in advising companies from all sectors, not only on how to prevent cyber attacks but also through our cyber incident rapid response team. We have in-depth knowledge of cybersecurity legislation and the mechanisms that need to be activated when a cyber attack occurs, particularly with respect to the required notifications and communications to be made to different public supervisory authorities, insurance companies and contractual counterparties.

We have advised on some of the largest cybersecurity incidents in Spain in recent years, helping targeted businesses manage the situation so as to mitigate the risks and harmful consequences as much as possible.

In Latin America, we have particular experience in prevention strategies and can advise on complex cyber incidents.

  • Preventive advisory services: organization of cybersecurity committees, advice on information assurance strategies.
  • Cyber incident rapid response services: action to be taken, analysis of potential regulatory or contractual notification requirements.

Garrigues Digital

Responsable global

Alejandro Padín

+34 91 514 52 00



Other Garrigues services


  • Regulating AI in the EU, US and OECD: the difficult balance between security and driving innovation

    The regulations that are starting to emerge in various different jurisdictions pose major challenges, not just for users, but also for developers of AI systems. In this article we will look at the main differences and the areas of common ground.