• DPO as a Service. External counsel to companies, data controllers and data processors for the implementation of a privacy program within their organization.
  • Development of data protection compliance programs, privacy policies, policies on information security and procedures to comply with both the GDPR and national European laws on data protection.
  • Drafting and implementation of Privacy Risk Assessments under the GDPR.
  • Drafting, negotiation and follow-up of instruments to transfer personal data to countries located outside the European Economic Area and the European Union (model contractual clauses, standard data protection clauses, binding corporate rules, codes of conduct,
  • Drafting and negotiation of contractual arrangements involving outsourcing activities for he processing and transfer of personal information.
  • General counsel on IT Law (e-commerce, copyright, cybercrime and cyber security).
  • Strong knowledge and practice of global data protection laws and development of proven and effective strategies to comply with national data protection laws and regulation and international standards on information security.


  • Compliance with Mexico’s Federal Law on Protection of Personal Data Held by Private Parties (LPDPPP) and its Regulation.
  • Compliance with the obligations contained in the General Law for the Protection of Personal Data in Possession of Public Entities.
  • Compliance with Federal and State laws in Mexico containing obligations on data protection and information security.
  • Compliance with industry standards and national official norms on data preservation, digitalization, data retention and information security.
  • General counsel for health service providers on privacy and data protection, in particular compliance with electronic health records and medical files.
  • Compliance with foreign data protection laws, in particular with the European legal framework on privacy and data protection and obligations on international trans-border data flows, and other obligations established under privacy laws in North America and Latin-American countries.


  • Privacy and security audits and drafting of privacy impact assessments.
  • Development of privacy and security policies and procedures that comply with national and foreign laws.
  • Counsel on financial data security and identity theft.
  • Due diligence to evaluate information privacy and security risks.


  • Review, negotiation and drafting of agreements and contracts related to the rendering of telecommunications services and agreements for the use, operation and exploitation of infrastructure, equipment and platforms of Internet Service Providers “cloud computing providers.”
  • Contracts for website development, hosting, and content management.
  • Trans-border data transfer agreements and safe harbor obligations.
  • Legal counsel on the protection of databases and digital files intended to collect, use and process personal information.
  • Counsel for advertising and marketing companies with respect to their own and third party online behavioral targeting activities.


  • Legal counsel to e-commerce companies with respect to e-mail dissemination and online marketing strategies and practices.
  • Commercial exploitation of databases.
  • Elaboration of privacy and data protection strategies for social media and social network companies.
  • Policies for e-commerce consumer protection for companies.
  • Counsel on trustmarks for e-commerce companies.
  • Counsel on electronic signatures and certification service providers.


  • Response to complaints and allegations of misuse of personal data and legal support related to litigation and remedies in the areas of access to information and data protection before the National Institute of Access to Information and Data Protection (INAI).
  • Litigation before administrative courts in Mexico.


  • Drafting of initiatives, guidelines and recommendations for the creation of national legal frameworks on privacy, data protection and security.
  • Counsel on technical and legal aspects related to cybercrime and information security and development of cyber-security strategies and frameworks to combat cybercrime at the national level.


  • Training to employees and administrative staff to prevent information and data leaks within private and government organizations and to identify attacks to information and computer systems, mobile communication and geo-location technologies, social networks, cloud computing platforms and services, among other technologies.
  • Specialized training courses, seminars and workshops for Judges, Magistrates and judicial authorities to conduct investigations related to crimes committed through the use of computer systems, Internet and other technologies, as well as for the use of legal evidence contained in electronic and digital formats and compliance with the international legal framework on cybercrime.