General Data Protection Regulation

Winstead’s Data Privacy Practice Group assists multinational companies in their General Data Protection Regulation (GDPR) compliance efforts. 

Our proficiency in GDPR and other data privacy regulations, understanding of complex industries, and our experience in tackling projects of the size and scope of a GDPR vendor compliance initiative, allows us to effectively counsel and manage our clients’ GDPR contractual compliance programs.

Our services include analyzing our client’s relationships with vendors and business partners that involve the processing of personal data and then preparing agreements or addenda necessary to protect our client’s rights and ensure that those relationships are structured in a manner that will comply with the GDPR.  We also provide counseling on general GDPR compliance matters, cross-border data transfers, and GDPR-specific provisions in commercial agreements.  Our team can help you build and execute a strategy to bring your policies, processes, and contracts into compliance with the GDPR in a manner that is repeatable and defensible to regulators. 

Representative Experience

  • Represent leading international airline in GDPR contractual compliance matters, including required contractual amendments; representation included discovery and analysis of all such contracts, preparation of amendments and data processing agreements, and negotiation of the same
  • Represent leading multinational supplier of equipment to the oil and gas industry in GDPR compliance with respect to customer and employee information, preparation of data processing agreements, and negotiation of privacy provisions in customer and supplier agreements
  • Represent international airline in commercial agreements involving the processing of personal information, including all required amendments for GDPR compliance
  • Represent leading international airline in information technology, human resources and outsourcing services agreements involving the processing of passenger and employee personal information
  • Represent international supplier of consumer loyalty services in GDPR compliance matters, including corporate compliance and counseling, development of privacy notices and terms, preparation of data processing agreements, and negotiation of privacy provisions in customer agreements

Search Tips:

You may use the wildcard symbol (*) as a root expander.  A search for "anti*" will find not only "anti", but also "anti-trust", "antique", etc.

Entering two terms together in a search field will behave as though an "OR" is being used.  For example, entering "Antique Motorcars" as a Client Name search will find results with either word in the Client Name.


AND and OR may be used in a search.  Note: they must be capitalized, e.g., "Project AND Finance." 

The + and - sign operators may be used.  The + sign indicates that the term immediately following is required, while the - sign indicates to omit results that contain that term. E.g., "+real -estate" says results must have "real" but not "estate".

To perform an exact phrase search, surround your search phrase with quotation marks.  For example, "Project Finance".

Searches are not case sensitive.

back to top