Helping Businesses address emerging regulatory concerns

Data Protection, Privacy, and FinTech

Businesses have been increasingly digitising their product and service offerings; and this move towards digitisation has been accelerated by the COVID-19 pandemic. As established businesses take steps towards digitisation or explore opportunities in the online space, they often need to negotiate new and unfamiliar areas of the law, such as data protection and FinTech-related legislation. New businesses that are already familiar with these areas, too are challenged to keep pace with emerging regulatory requirements in view of their expansion into new and unfamiliar jurisdictions or into untested areas of the market.

HB Law assists established and new businesses facing these changes in navigating the evolving areas of data protection and FinTech law practice, as they seek to digitise their product and service offerings or expand into new areas of business.

Our approach

We seek to inform our data protection, privacy, and FinTech practice by involving ourselves in the early stages of the legislative consultative processes about this space, and by leveraging our founding partner’s familiarity with the European and Indian legislative process.

  • Our founding partner’s extensive in-house experience at different organisations equips us to understand varying business contexts and see the business implications of such regulations to a greater degree than many stand-alone practitioners. We are able to engage with the operational teams situated within businesses in consultation with the in-house legal counsel or experienced practitioners.
  • Our founding partner’s past exposure to the working of compliance and risk functions within the financial services and technology sectors gives us the ability to help businesses realistically identify and reduce risk stemming from data privacy issues as well as fine-tune their operations.
  • Our founding partner’s exposure to the actions of regulators and law makers in both an emerging market, India, as well as in mature markets in Western Europe allows us to take an informed and broad-based view of how such laws evolve and consider ways in which they may be enforced. We will help identify where multi-jurisdictional requirements may be triggered.
  • For new businesses seeking to operate in untested areas of the market, or dealing with emerging areas of the law, our founding partner’s familiarity with the “principles-based” data protection and financial regulatory regimes in the United Kingdom will be useful. This helps us take a more innovative, yet grounded, approach to tackle the legal and regulatory uncertainties in these areas, and bridge the gap between new businesses and established legal systems.

Selected examples of our founding partner’s recent work experience

  • Developed a template of best-practices based data protection principles for a leading philanthropic venture fund, when it was looking to introduce a set of relevant data principles into its investment processes concerning emerging markets in Asia and Africa. Efforts involved undertaking a wide-ranging literature review comprising a comparison of the European General Data Protection Regulation with the proposed Indian Data Protection Bill and building out such a set of principles.
  • Involved in the legal and regulatory conversations about data protection in India, since the early stages of the introduction of the concept for legal consideration. Presented to the Indian Parliamentary Standing Committee on IT regarding the IT (Amendment) Bill 2006. Recommendations made about the need for data protection laws recorded in the report of the Standing Committee of Parliament.
  • Advised a globally reputed, publicly-listed IT firm in India on tackling issues arising from data protection and casino regulation, amongst others, while managing the firm’s compliance, employment, and litigation functions as a senior member of the in-house legal team.
  • Assisted a multinational financial technology company in fairly and comprehensively representing its concerns on the proposed regulation of non-personal data to a Government of India established committee.
  • Advised a telecommunications company on consent requirements, data protection, and privacy concerns regarding the sharing of certain types of messages with external vendors. The advice was aimed at reducing business risks and potential financial damages that would stem from non-compliance.
For more about us, write to [email protected]