Ana Hadnes Bruder

• A global provider of equipment, systems and digital solutions in the railway industry following a ransomware attack, including data review and notifications to 12 data protection authorities.
• A global aviation company following a ransomware attack, including data review and notifications to four data protection authorities.
• A US car manufacturer on the regulatory and privacy framework impacting its connected vehicles project in 18 jurisdictions in Europe, Middle East, South America and Asia.
• A global provider of logistic services following a ransomware attack. Our advice encompassed engaging vendors under privilege and directing their work (forensic investigation, recovery and containment, communications), notifications to data protection authorities, advising on legal risks arising from various issues in connection with the incident in several jurisdictions and assessing potential claims against an IT service provider.
• One of the world's biggest private equity firms on cybersecurity, privacy requirements and incident reporting obligations in Europe, North America and Asia-Pacific.
• A global provider of supply chain solutions following a ransomware attack, including notifications to data protection authorities.
• A German bank on privacy and cybersecurity aspects of agreement with provider of gender pay gap assessment software.
• A US manufacturer of implantable medical devices on data transfers to the US post Schrems II.
• A German bank with regard to data transfers enabling the use of one of the bank’s key banking systems.
• A US bank with regard to compensation claims following a vendor personal data breach. Representing client in litigation and settlement proceedings.
• A European energy leader with regard to cybersecurity, national security, energy regulatory, export control and antitrust red flags and requirements applying to a project consisting in bringing together data from several energy converter stations into an internal software solution.
• Leading global provider of technology solutions on proposed AI regulatory frameworks in the US and the EU and recommended preliminary compliance steps.
• A German software company following a cybersecurity incident.
• A German bank on data protection and data security implications of complex cross-border outsourcing to a Saas provider reflecting regulatory requirements in the financial services industry.
• Dozens of companies in all sectors on GDPR compliance, including the development of comprehensive GDPR documentation.

Information Technology / Outsourcing

Advised:

• A German fashion company on outsourcing of website operation, including information security and data transfers.
• A German bank in connection with data protection, information security and bank regulatory aspects of a key outsourcing agreement.
• A US provider of banking systems on the review of their contractual package under German and European law, including EBA Guidelines, Information Security and GDPR Attachments.
• A German bank on the outsourcing of their securities business.
• A German bank on implementation of electronic signature project and on contracts with providers.