Much work ahead for Hong Kong compliance staff to comply with EU data privacy regulation
He practices at the intersection of technology, intellectual property and data for leading public and private companies in high growth innovation driven markets. Kolvin assists technology led, fast-growing companies and multinational corporations on their most important, strategic transactions. His work regularly involves complex, cross-border matters that raise multi-faceted intellectual property, data privacy, consumer protection, and Internet regulatory issues.
Kolvin has significant experience advising on the legal issues related to the internalization of technology and internet enabled services including e-commerce, social media, big data, digital marketing and advertising. He has worked extensively with clients who are both providers and users of cloud software, data analytics platforms, IT infrastructure services, and mobile applications, in Europe, Asia and in the United States.
On data privacy matters, Kolvin regularly partners with multi-national clients on the design, development and implementation of enterprise wide global compliance programs and risk mitigation strategies in relation to the use or deployment of privacy impacting technology. He has extensive expertise in all areas relevant to the European data protection regime, including applied practices pursuant to the new General Data Protection Regulation (GDPR):
Privacy readiness and assessment audits and projects
Third party vendor assessments and agreements
Preparation of employee and consumer-facing data protection policies and procedures, and implementation of global data privacy governance frameworks
Privacy diligence and counseling in the context of mergers and acquisitions, joint ventures and other strategic transactions
International and cross-border data transfer mechanisms, including global framework agreements, Model Contracts, safe harbor regimes and binding corporate rules (BCRs)
Cookie and tracking technology rules and compliance methodologies
“Big Data” analytics and applications
Privacy by design (PbD) and privacy impact assessment (PIAs) design and implementation in connection with B2C and B2B products and services
Security incident response planning and data breach response
Regulatory investigations and enforcement actions
Records retention and information management
To make the law more accessible, Kolvin developed Orrick's GDPR Readiness Assessment Tool. The tool provides companies an opportunity to stress test their compliance with the GDPR as a first step to constructing their strategic GDPR roadmap.
Representative clients that Kolvin has assisted include leading players such as Baidu, NVIDIA, Facebook, Instagram, Levi’s, Neiman Marcus, Intuit, Made.com, WNS, Skimlinks, Qubit, 23andMe and Zoosk, Telenor and W.W. Grainger, Thread.com and Depop.