Rocio de la Cruz
Rocio de la Cruz is a passionate and creative European data protection lawyer who has broad experience in Data Protection, e-Commerce and Information Law applied to both private and public sector. With this she can quickly see the whole scenario, identify legal issues and put solutions in place tailored to clients’ particular needs and timescales.
She works on complex projects where she is able to lead and undertake data protection audits and privacy impact assessments; negotiate and draft data processing agreements, data sharing protocols, binding corporate rules, policies, guidelines and privacy notices.
She assesses the implementation of measures needed in order to meet the data protection standards and help clients to deal with subject access, complaints to the ICO, and matters related to freedom of information (FOIA), and environmental information (EIR) requests where she has developed training and toolkit materials to help organisations to deal with critical points, for example to distinguish between the scope of the FOIA exemptions and the EIR exceptions (which application is more narrowed), not only to advise on responding to requests but also dealing with third parties in a procurement scenario, and revising and drafting resolutions to responses challenged by individuals in need of an internal review.
Rocio also has a multijurisdictional knowledge on implementation of different data protection regimes and she is currently focused on helping clients with the GDPR accountability obligations. She also has reviewed and written articles related to GDPR in practice and the UK Data Protection Act 2018 and has spoken at relevant European cybersecurity and data protection summits, amongst other events.