Start of main content

Andersen's LegalTech Department is formed by a legal advisory and consulting team specialized in regulatory compliance in the field of information technology and, in particular, data protection and cybersecurity. The team has skills in the field of general risk analysis methodologies, knowledge in the design and operation of operational processes, familiarity with dashboard technology solutions, regulatory risk control models, etc.

Its objective is the application and implementation of regulatory frameworks to the organizational processes of companies, combining legal requirements with the needs of the business, as well as the technology that supports each process. In this sense, we develop control models and regulatory compliance processes. The department also has specialized partners for the development of legal and cybersecurity consulting solutions. 

The area also has the necessary capabilities to develop legal services in the regulatory framework of cybersecurity to protect the company against the growing technological risks, as well as to provide adequate regulatory compliance in the field of network security and information systems.


  • Legal advice and consulting on data protection and cybersecurity.

  • Development of regulatory frameworks for data protection and cybersecurity compliance. 

  • Outsourcing of legal functions of regulatory compliance such as the rights office focused as another business process and finally outsourced in a BPO (Business Process Outsourcing) format.

  • Legal and technical advice in the negotiation of technology contracts.

  • Support service in the selection, monitoring, termination and migration of suppliers. Control of critical third party suppliers.

  • Situation analysis in the field of cybersecurity with respect to all standards at EU or national level, texts and recommendations with normative value emanating from various European or national agencies.

  • Internal governance of cybersecurity. Elaboration of security policies for information and data networks and systems.

  • Elaboration of legal risk maps in terms of data protection, information security and network and systems security. 

  • Elaboration of resilience and recovery plans.

  • Advice on threat intelligence (deep web), pentesting, etc.

  • Elaboration of codes of good practices against inside treath and active defense.

  • Cooperation mechanisms on exclusive competences and coordination on common competences.



End of main content