As the European regulatory framework has evolved from the GDPR to the NIS 2 Directive and the DORA Regulation, cybersecurity and risk management have become central to organisational governance.
This is particularly true in critical sectors such as energy, transport, banking, digital infrastructure, healthcare and manufacturing.
Information security, confidentiality, data protection and trade secrets are cross-cutting issues for any company, and incidents can cause significant damage and jeopardise business continuity.
Our team supports the implementation of procedures and the drafting of internal policies, including internal reporting, supply chain management and procurement. We have extensive experience in personal data protection and are familiar with the new legal frameworks that apply.
We also support the management of incidents or suspected incidents. Our team applies the relevant legislation, identifies notification obligations and prepares the necessary documentation for communicating with the relevant authorities. This covers both cybersecurity and data protection matters, as well as dealing with sector-specific regulators.
We conduct internal investigations in the context of incidents, suspected breaches, and assessments of compliance with internal policies. Where applicable, we incorporate disciplinary and criminal perspectives. We also carry out incident simulations and audits to test response plans and identify vulnerabilities.
In addition, we provide support in the post-incident phase, including handling any resulting litigation. This includes civil liability claims, disputes with suppliers or customers, and potential class actions. We lead recovery processes and internal reviews to identify lessons learnt, with a view to continuously improving procedures and strengthening the organisation’s resilience.