Curtis McCluskey

• Leading privacy compliance project for global medical device manufacturer, including: drafting and preparing GDPR documentation, leading contract negotiations with service providers, advising on marketing regulations and supporting implementation, providing business operational support in weekly calls, and providing in-house GDPR training to high-risk business areas.*
• Leading GDPR compliance project for a global chemical and materials company. Preparing policies and procedures tailored to the company’s data protection requirements. Acting as the go-to person for advice and guidance in connection with security incidents (including being listed as external counsel in the company’s incident response plan).*
• Advising U.S.-based clinical trial sponsor in connection with EU clinical trials, including drafting patient consent forms and leading contract negotiations with clinical research organisation. Also, providing guidance on the legal basis for transferring personal data to the U.S.*
• Supporting global brand development provider with supplier reviews for GDPR compliance, including preparing supplier due diligence questionnaires, guiding business on incorporating data processing terms in agreements with suppliers and negotiating contract terms.*
• Providing data protection guidance in connection with the purchase of a multi-million pound shipping portfolio. Assessing the transfers of personal data from seller to buyer, preparing data protection provisions for the SPA and advising on amendments to liability and indemnity provisions and addressing follow-up questions throughout the bidding process.*
• Advising global merchant commodities firm and managing GDPR compliance project. Leading weekly calls with client to address any GDPR-related questions and providing in-house training at client’s offices.*
• Advising international company on ransomware attack and requirements to notify the supervisory authority. Following advice on cyberattack, providing further guidance around incident response handling, including drafting an internal data breach procedure.*
• Acting for a U.K. health and beauty retailer in connection with security incident involving access to personal data, including advising on notifications to supervisory authority and individuals affected. Also preparing pre-action responses to subsequent proposed claims brought by individuals.*
• Advising U.S.-based government corporation on its data protection obligations regarding the collection of personal data in the EU (specifically in the U.K. and Germany) and Switzerland. Managing and coordinating advice from local counsel in Germany and Switzerland.*
• Advising worldwide financial services company on its data protection obligations in carrying out marketing activities across 15 jurisdictions, including preparing survey of local law requirements.*
• Preparing terms and conditions of use and website privacy policy for a dating-focussed social network. Advising, also, on data protection implications regarding the launch of an online facial recognition software feature.*

*Denotes experience prior to joining Goodwin.