Professionals >

Representative Engagements >

Our Services

Crowell & Moring’s U.S. and European-based team has a wealth of experience advising clients on the European Union’s General Data Protection Regulation (GDPR), along with many other U.S. and related EU Member State-specific regulations. Our GDPR team’s core offerings include:

  • Reviewing organizations’ operations to determine GDPR applicability and impact.
  • Conducting internal analysis of current data flows and data protection policies and practices to identify potential gaps or compliance risks.
  • Identifying areas of concern and defining best practices via on-site training and GDPR tabletop exercises with key members of the organization.
  • Helping design risk-based compliance frameworks tailored to meet the needs of the business.
  • Drafting policies and procedures and a tailored GDPR action plan.
  • Reviewing existing agreements with third-party suppliers for compliance issues.
  • Enhancing awareness of GDPR via workshops and seminars.
  • Monitoring regulatory developments.
  • Continuing review of existing programs based on regulatory and operational changes.
  • Assisting with communications to stakeholders and potential online defamation related to GDPR violations.
  • Defending class action privacy lawsuits.


Crowell & Moring is pleased to offer a guide to help you understand the impacts of GDPR. The guide aims to provide businesses worldwide with a useful tool to further their understanding of the key aspects of the GDPR. It is not, nor is it intended to be, exhaustive. To download a complimentary copy, please click here.

GDPR is a comprehensive EU-wide law that gives individuals the ability to control the collection and use of their personal data. The GDPR is based on the fundamental right to data protection enshrined in the EU Treaties and in the EU Charter of Fundamental Rights. This fundamental right is akin to a constitutional right in the U.S. By empowering individuals to control how their data may be used, the GDPR presents companies doing business in Europe with significant compliance and operational challenges. With significant possible fines for noncompliance – up to the greater of €20 million or four percent of organizations' worldwide annual gross revenue – it is legislation that cannot be ignored.

GDPR’s strict requirements apply to organizations that collect or process the personal data of individuals in the EU. A company does not have to have a physical presence in the EU to be subject to GDPR; as long at the company collects data on EU EU residents, it must comply with the law’s requirements.
Additionally, the regulation requires that organizations:

  • Hire a Data Protection Officer to oversee GDPR compliance;
  • Report data breaches to the relevant EU regulator within 72 hours
  • Enforce strict record keeping for data processing activities;
  • Conduct data protection impact assessments for higher risk processing;
  • Take into account data protection when designing new technologies, systems, or services; and
  • Roll out new compliance policies, procedures, and governance controls requirements.

GDPR compliance is not a mere check-the-box exercise or a problem that has a one-size-fits-all, off-the-shelf solution. Compliance needs to be consistent with the risk environment, business needs, and available resources.

For more information on our offerings, please see our GDPR overview [PDF].

View More

"NIST Keeps IoT Hot with Draft Guidance," Government Contracts Bullet Points (January 22, 2021). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Kristin J. Madigan, CIPP/US, Paul C. Mathis
Client Alert/Newsletter
"FCC Publishes Telecommunications Supply Chain Security Rule," Government Contracts Bullet Points (January 21, 2021). Contacts: Caroline E. Brown, Adelicia R. Cliffe, Kate M. Growley, CIPP/G, CIPP/US, Stephanie L. Crawford
Client Alert/Newsletter
Orrick White Collar Partner Heads To Crowell & Moring The Recorder (January 21, 2021)
Media Mentions
SolarWinds Hack Won't Hurt In-House's Prospects With Regulators—But Won't Help Either Corporate Counsel (January 21, 2021)
Media Mentions
"Virginia Enacts Permanent COVID-19 Employee Health and Safety Requirements," Labor & Employment Law Alert - US (January 15, 2021). Contacts: Thomas P. Gies, Daniel W. Wolff, Katie Erno, Christine B. Hawes
Client Alert/Newsletter
"DoD and GSA Take Aim at Supply Chain Risks," Government Contracts Bullet Points (January 15, 2021). Contacts: Adelicia R. Cliffe, Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff, Michael G. Gruden, CIPP/G, Christopher R. Hebdon
Client Alert/Newsletter
Privacy Lawyers Don’t See Big Hurdles For Digital COVID Screenings, Vaccine Verifications Legaltech News (January 12, 2021)
Media Mentions
"Byte-Sized Q&A: Why is I-O-T so H-O-T?," Podcast: Byte-Sized Q&A (January 11, 2021). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff
Client Alert/Newsletter
PREP Act Protections For COVID-19 Vaccine Liability (January 11, 2021). Authors: Cheryl A. Falvey, Chalana N. Damron, Hilary Johnson, Mariam Sarwar.
Legal Tech's Predictions For Cybersecurity In 2021 Legaltech News (December 29, 2020)
Media Mentions

To view more News & Events for this area, please go to our desktop site.

Crowell & Moring LLP is an international law firm with approximately 550 lawyers representing clients in litigation and arbitration, regulatory and policy, and transactional matters. The firm is internationally recognized for its representation of Fortune 500 companies in high-stakes litigation, as well as its ongoing commitment to pro bono service and diversity, equity and inclusion. The firm has offices in Brussels, Doha, London, Los Angeles, New York, Orange County, San Francisco, Shanghai, and Washington, D.C.

View Desktop Site | Mobile Sitemap

Contact | Subscribe | Terms of Use | Privacy Statement | Alumni

© Crowell & Moring LLP 2021
Attorney advertising - prior results do not guarantee a similar outcome.