Pilar advises on a wide range of issues, including:

• Cybersecurity Governance: Developing and implementing frameworks to comply with international regulations and protect critical assets.
• Incident and Data Breach Management: Guiding organizations through data security incidents, from investigation to reporting and mitigation.
• Privacy and Product Compliance: Ensuring data protection by design in new product launches and ongoing operations.
• Artificial Intelligence (AI): Providing comprehensive advice on AI governance, risk assessment, and compliance with evolving regulations.
• Digital Regulation Compliance: Offering strategic counsel on compliance with the Digital Services Act, Data Act, NIS 2 Directive, and other key regulations.

Before joining McDermott, Pilar gained invaluable experience at a top-tier international law firm specializing in data and technology, further strengthening her ability to deliver practical solutions to her clients.

Pilar also maintains an active pro bono practice, assisting organizations with their cybersecurity, data protection, AI, and broader compliance needs.

Show Less

• Provided strategic counsel to a leading e-commerce company during a regulatory investigation following a data security incident. Expertly navigated the investigation process and engaged with regulators, resulting in a favourable outcome, avoiding severe penalties, and ensuring future compliance.
• Advised a major cloud services provider on a multijurisdictional data breach, leading the incident response and ensuring timely and compliant notifications to regulators and affected individuals in over 20 countries. This coordination was crucial for consistency in minimizing operational disruption and legal exposure.
• Counseled a multinational AI company on the development of governance frameworks and risk assessments for its AI solutions, ensuring compliance with the latest EU and UK AI regulations. Guided the company to integrate AI technologies responsibly and in line with regulatory expectations.
• Conducted comprehensive PCI DSS (Payment Card Industry Data Security Standard) training for a China-based payment processor, equipping their teams with the necessary knowledge and tools to achieve compliance. This training was instrumental in strengthening the company’s payment data security and avoiding potential penalties.
• Assisted a global pharmaceutical company in ensuring data protection compliance across multiple jurisdictions during clinical trials. Developed and reviewed informed consent forms, ensured GDPR compliance, and advised on data sharing agreements, facilitating smooth trial processes and compliance with complex regulatory requirements.
• Provided strategic advice on international data transfers, including drafting and negotiating international data transfer agreements to ensure compliance with GDPR and other international data protection laws.
• Assisted in the transfer of patient records during the sale of a hospital, ensuring that the data was handled securely and in full compliance with GDPR and other relevant regulations, safeguarding patient privacy throughout the transaction.
• Developed and implemented global data retention policies and frameworks for a multinational corporation, ensuring compliance with various international regulations while optimizing data management and reducing legal risks.
• Provided strategic advice to medical device manufacturers on data protection for sensitive health data, including drafting robust privacy policies and managing regulatory communications to ensure compliance with global privacy laws.

Show Less