Partner

Ana Hadnes Bruder

Intellectual Property, Cybersecurity & Data Privacy, EU General Data Protection Regulation

Overview

Clients turn to Ana Bruder for strategic advice in data privacy, cybersecurity and related matters, including the analysis of applicability and impact of old and new EU legislation such as the GDPR, NIS2 Directive, the Digital Operational Resilience Act (DORA), the Cyber Resilience Act (CRA), the Data Act and the Digital Services Act (DSA). Ana assists clients preparing for and reacting to cybersecurity incidents, including working closely with clients' cybersecurity, legal, management and communications teams as well as external forensic investigators, IT consulting firms and PR advisors to mitigate legal risks, assess and make required data breach notifications.

Corporations also benefit from Ana's experience in artificial intelligence (AI) matters, her comprehensive approach to the intersection of AI, privacy and cybersecurity, as well as the regulatory requirements under the EU AI Act. Ana assists clients with governance best practices, the classification of AI systems and AI risk management frameworks. Additionally, clients seek out Ana’s counsel on technology transactions including cloud services, data and software licensing agreements, SaaS agreements, software development projects, e-commerce, and related cybersecurity and data privacy questions.

International clients, in particular, look to Ana for advice, as she has served as legal counsel in Germany, France and Brazil.

Experience

Data Privacy, Cybersecurity and Artificial Intelligence

Advised:

  • A global bank on privacy notification obligations following a third-party breach.
  • A leading private equity firm in Europe on proposed AI regulatory frameworks in the EU, APAC and the US, including insights on how to spot, assess and mitigate AI risk and recommended early compliance steps.
  • A leading global provider of technology solutions on preparing an AI impact assessment questionnaire to assess and document risks relating to AI systems as well as broader compliance with proposed regulatory frameworks in the US and the EU.
  • A provider of cybersecurity solutions in cybersecurity and privacy matters, including with regard to new cybersecurity and data transfer requirements, conducting a cybersecurity tabletop exercise with the Board and executive management and offering privacy training.
  • A global provider of equipment, systems and digital solutions in the railway industry following a ransomware attack, including data review and notifications to 12 data protection authorities.
  • A global aviation company following a ransomware attack, including data review and notifications to four data protection authorities.
  • A US car manufacturer on the regulatory and privacy framework impacting its connected vehicles project in 18 jurisdictions in Europe, Middle East, South America and Asia.
  • A global provider of logistic services following a ransomware attack. Our advice encompassed engaging vendors under privilege and directing their work (forensic investigation, recovery and containment, communications), notifications to data protection authorities, advising on legal risks arising from various issues in connection with the incident in several jurisdictions and assessing potential claims against an IT service provider.
  • One of the world's biggest private equity firms on cybersecurity, privacy requirements and incident reporting obligations in Europe, North America and Asia-Pacific.
  • A global provider of supply chain solutions following a ransomware attack, including notifications to data protection authorities.
  • A German bank on privacy and cybersecurity aspects of agreement with provider of gender pay gap assessment software.
  • A US manufacturer of implantable medical devices on data transfers to the US post Schrems II.
  • A German bank with regard to data transfers enabling the use of one of the bank’s key banking systems.
  • A US bank with regard to compensation claims following a vendor personal data breach. Representing client in litigation and settlement proceedings.
  • A European energy leader with regard to cybersecurity, national security, energy regulatory, export control and antitrust red flags and requirements applying to a project consisting in bringing together data from several energy converter stations into an internal software solution.
  • Leading global provider of technology solutions on proposed AI regulatory frameworks in the US and the EU and recommended preliminary compliance steps.
  • A German software company following a cybersecurity incident.
  • A German bank on data protection and data security implications of complex cross-border outsourcing to a Saas provider reflecting regulatory requirements in the financial services industry.
  • Dozens of companies in all sectors on GDPR compliance, including the development of comprehensive GDPR documentation.

Recognition

  • “The Best LawyersTM in Germany” for Data Security and Privacy Law
  • LLM thesis “Recognition and execution of arbitral awards in Germany and Brazil” graded summa cum laude.
  • Scholarship of the Stiftung der Hessischen Rechtsanwaltschaft.
  • Master 2 Professionnel Droit du commerce international, Université Paris 1 Panthéon Sorbonne – cum laude.
  • Scholarship of the French Ministry of Foreign Affairs – Bourse d’Excellence Eiffel.

Education

  • University of Frankfurt, LLM
  • Université Paris I Panthéon-Sorbonne, LLM, International Business Law
  • University of São Paulo (USP)
  • Université Lumière Lyon 2, Academic exchange program

Admissions

  • Brazil
  • Portugal
  • Frankfurt am Main, Germany

Languages

  • German
  • English
  • French
  • Italian
  • Portuguese
  • Spanish

Professional & Community Involvement

  • Deutsch-Brasilianische Juristenvereinigung (DBJV)
  • Deutscher Anwaltsverein (DAV)
  • DIS40
Share