Skip to content

Counsel Corner: Bridging Data Privacy & Growth in a Dynamic Regulatory Landscape

First Time GC Conference

The era of digital transformation has brought data privacy to the forefront of business strategies. How can organizations design a global data privacy program that ensures compliance, supports business growth, and fosters innovation?


  • Team L Suite

Privacy & Cybersecurity

Our Counsel Corner series brings together the top legal minds from our community to discuss complex challenges that GCs face when growing their companies and navigating their careers. For today's article, we sat down with experts from Cooley, Michael Egan, Partner, and Lupe Sampedro, Partner, as well as Dave Swarthout, SVP & GC at Gainsight, and Osama Hussain, GC at Irdeto to glean insights into this pressing matter.

Navigating Cross-Jurisdictional Challenges

At Irdeto, they've deeply integrated their data privacy program within their business operations, with regional Heads of Legal who have close proximity to regional business operations serving as both regulatory overseers and strategic partners.

Recognizing that data privacy is not just a legal challenge but a business imperative, we've constituted a cross-departmental committee of Privacy Leads. Drawn from various business units, this committee plays a pivotal role in not only supporting the program's technicalities but also evangelizing its principles across the organization. — Osama Hussain

This holistic approach ensures they remain proactive and adaptable in their data privacy stance across different regions.

Michael Egan and Lupe Sampedro at Cooley emphasize a principles-based compliance approach as a foundation for a global privacy program, which offers both clarity and flexibility. Instead of responding to every new law or regulation, they frequently advise concentrating on the underlying principles of these laws as the basis for a global privacy program.

Adapting in a Fluid Regulatory Landscape

In the face of an ever-evolving regulatory landscape where companies grapple with establishing effective mechanisms to monitor and adapt their data privacy program, legal teams must think strategically, integrating technological, cultural, and collaborative dimensions.

To ensure their legal teams can acquire a comprehensive view of upcoming hurdles and optimal strategies GCs should:

  • establish diverse teams
  • collaborate with industry experts and professional bodies
  • keep up to date on inter-sector discussions
  • embed privacy-compliance strategies within current business operations in order to enable compliance efforts to access fresh insights on policy enforcement and collect stakeholder feedback on privacy-related operational hurdles.

These holistic methods elevate the legal role from merely a passive barrier to an active contributor, empowering the organization to flourish amidst changing regulatory landscapes.

Merging Data Privacy with Innovation

“Privacy compliance requires proactive measures that must rise to match the technology of the moment. The key is to have a privacy compliance program that works hand in hand with the business stakeholders to further innovation and growth, rather than one that operates as a final check and is seen as the department of ‘no'.” — Michael Egan

When striking a balance between data privacy and innovation, it’s important to remember that while many compliance areas focus on restrictions, privacy compliance mandates proactive strategies that evolve with current technologies. A successful program should seamlessly collaborate with business stakeholders to promote innovation while also emphasizing the principle of "Privacy by Design" as a way of incorporating privacy from the early development stages.

A forward-thinking strategy guarantees that privacy protections are central to your innovation processes, rather than subsequent additions — and by adopting clear data practices and maintaining open communication, your business will foster trust with stakeholders and be able to present itself as a trustworthy innovator.

If we start doing business in a new jurisdiction, we work specifically with outside privacy counsel to understand how the regulations may differ from our existing compliance requirements. I also subscribe to regional blogs so I can get advance notice of when a jurisdiction is considering a change. — Dave Swarthout

Transferring Data Across Borders

When looking at the implementation of data transfer mechanisms in the context of cross-border data transfer regulations, several pivotal factors come to light. B2B providers must determine which mechanisms resonate most with their clients, bearing in mind that client preferences can vary by region or industry.

The recent introduction of the EU-US DPF, a seemingly less stringent mechanism from a documentation perspective, raises concerns about its acceptance, especially in Europe, given the invalidation of its forerunners, Safe Harbor and Privacy Shield. Many in the EU might be wary of leaning solely on the DPF until its legitimacy is affirmed by the European Court of Justice.

Finally, businesses must evaluate the cost-benefit of various methods, such as Binding Corporate Rules or Standard Contractual Clauses, contingent on their operational model, whether B2B, B2C or a mix of both.


Navigating the intricate landscape of global data privacy is pivotal for businesses aiming to thrive in today's digital age. By embedding robust privacy protocols, understanding cross-border regulations, and fostering a proactive approach, companies can ensure compliance while simultaneously driving innovation and growth. As the regulatory environment continues to evolve, a well-integrated and adaptive data privacy strategy will remain a cornerstone of business success.

About The L Suite

Called “the gold standard for legal peer groups” and “one of the best professional growth investments an in-house attorney can make,” The L Suite is an invitation-only community for in-house legal executives. Over 2,000 members have access to 300+ world-class events per year, a robust online platform where leaders ask and answer pressing questions and share exclusive resources, and industry- and location-based salary survey data.

For more information, visit