Data protection & GDPR

Keep your data lawful across the Atlantic

The moment a European company operates in the United States, its data crosses a regulatory line. GDPR follows that data — and the transfer to the U.S. needs a lawful mechanism. Privello builds the compliance framework that lets you move people and information westward without leaving a gap.

Where to start

The compliance work that travels with your data

European companies entering the U.S. face a recurring set of data-protection questions. These are the areas Privello works on most — each one mapped to how it actually applies to a transatlantic operation.

GDPR Compliance

Lawful bases, records of processing (ROPA), data-processing agreements, DSARs, and the policies that hold up under scrutiny — built for how your business actually handles personal data.

GDPR details

Transatlantic Data Transfers

The mechanism that makes EU–U.S. data flow lawful: the Data Privacy Framework, Standard Contractual Clauses, and Transfer Impact Assessments — chosen and documented for your structure.

Transfer details

Norway · Personal Data Act

GDPR as implemented in Norway through the EEA agreement, including how the Norwegian Personal Data Act and Datatilsynet shape obligations for Norwegian companies.

Norway details

Switzerland · revFADP

The revised Swiss Federal Act on Data Protection — where it tracks GDPR, where it diverges, and what Swiss companies need for U.S. transfers under the Swiss–U.S. DPF.

Switzerland details

The transfer question

Is your EU–U.S. data flow actually lawful?

Most compliance gaps for transatlantic companies sit in the transfer itself — relying on a framework you haven't certified to, or SCCs without the assessment that has to sit behind them. Privello gets the mechanism right and documents it so it survives a regulator's questions.

Transatlantic transfers
  • Data Privacy Framework certification, where it fits
  • Standard Contractual Clauses for the right transfer scenario
  • Transfer Impact Assessments that stand behind the SCCs
  • A defensible record of why your mechanism is lawful

The connected move

Data and immigration, planned together

Relocating staff and moving data are the same project. The visa puts your people in the U.S.; the transfer mechanism keeps the HR and operational data they carry lawful. Privello plans both on one timeline, so neither side waits on the other.

See how the immigration side fits in

Scope: Privello does not claim any privacy certification. Patrick Smith is licensed in the State of Texas, United States; where the law of an EU/EEA member state or another jurisdiction governs, Privello coordinates qualified local counsel and does not practice the law of that jurisdiction.

Begin

Tell us where your data goes, and why

Share how personal data moves between your European and U.S. operations. We'll outline the compliance steps — and how they line up with your immigration plan — in a first conversation.

Request a Consultation Explore Immigration