Privacy and Data Protection
Home > Expertise

Privacy and Data Protection

Representative Engagements

The expansion of privacy and data protection laws at local, national and international levels imposes complex compliance requirements on all organizations. Both the media and consumers are focusing on how companies use information about individuals, and regulators are actively enforcing against organizations that breach privacy and data protection rules. The evolving privacy and data protection landscape can often seem bewildering.


Promontory’s Privacy and Data Protection practice thrives on a unique combination of regulatory, industry, and consulting expertise, resulting in practical, workable solutions that will allow your organization to meet regulatory requirements. We have more than 85 years of experience in specialized privacy and data protection work. Our team helps clients manage the risks and regulations associated with handling data, including compliance with legal and regulatory obligations across multiple jurisdictions. We understand the challenge of maximizing the value of data while protecting the rights of individuals, and we can provide practical and proactive solutions that align industry standards with the best interests of your business.

We work closely with regulators, industry groups, and our clients to monitor and analyze new and imminent regulation, including the EU General Data Protection Regulation, the U.S. Consumer Privacy Bill of Rights, and emerging regulation in areas such as Asia and South America. 

Promontory’s experience combines an intimate understanding of businesses across many sectors with experience working on a broad range of privacy and data protection projects. Our areas of practice include: 

  • Data Protection and Governance Strategy 
  • Advisory and External Relations 
  • International Personal Data Transfers 
  • Service Providers and Vendor Management 
  • Information Security Governance
  • Personal Data Security Breaches 
  • Audit and Privacy Impact Assessments
  • Employment 
  • Marketing/Social Media 
  • Customized Training

Representative Engagements

  • Promontory was engaged by a large international bank to provide support on the development and implementation of its Privacy & Data Protection Program. Work included developing the project plan for the program, running introductory briefing sessions for management, identifying and addressing "quick wins" for the client, and managing ad hoc issues as the program was implemented. Promontory worked closely with the bank’s project team and its external counsel.
  • Promontory was engaged by a leading international bank to undertake a review of regulatory restrictions on data transfers. More than 60 countries were in scope, and the work included consideration of banking secrecy, confidentiality, and AML restrictions on data sharing, both within the group and with third parties. The deliverables included a handbook for use by local staff covering the scope of typical processing activities for each business unit, providing guidance on compliance, and setting a risk rating for the jurisdiction.
  • Promontory was engaged by a global pharmaceutical group to provide a range of services in support of their privacy program. Work included undertaking data mapping for a range of their operations in several countries, developing new briefing material for internal stakeholders on the use of Safe Harbor in the organization, training of their Internal Audit function, and developing a personal data classification framework.