We advise across the full data lifecycle, helping organisations build trust, meet regulatory expectations and respond effectively to evolving threats and obligations.
We are ranked Tier 1 for Data protection and cyber security in The Legal 500 Asia Pacific 2025, reflecting our market leading expertise and depth of experience on complex, high stakes matters.
We support clients with privacy and data governance fundamentals, including developing and refreshing privacy policies and notices, privacy management frameworks, data retention and disposal schedules, records of processing, and data mapping and classification. We also advise on access and correction requests, complaints handling and engagement with regulators, and we design practical playbooks and training to embed privacy by design and security by default throughout organisations. That includes advice on evolving privacy requirements such as indirect collection (IPP3A), the Biometric Processing Privacy Code and the Consumer Data Right.
Our incident response practice manages the full lifecycle of data breaches and cyber events. We prepare organisations with readiness assessments and incident response plans and assist with coordinating multidisciplinary response teams when incidents occur. We triage and investigate events, coordinate forensic, insurance, and PR workstreams, assess notification thresholds and content, and manage reporting to regulators and other stakeholders. We also regularly handle cross border incidents and international cyber attacks, aligning notification and engagement strategies across jurisdictions and coordinating with insurers, law enforcement and other third parties as needed.
Our team also advises on vendor and data processing arrangements, data sharing and commercialisation strategies, and international data transfers. Our litigation team regularly acts on cyber related disputes, including regulatory investigations, customer and employee claims, contractual disputes over security and service levels, and recovery actions against threat actors and negligent third parties. Our team also advises on cyber insurance: from programme structuring and policy wording to claims and insurer engagement during and after an event.
Privacy and Cyber security
Bell Gully’s Privacy and Cybersecurity team provides an end to end service spanning governance, compliance, transactions, incident response and disputes.
All Expertise
- Banking and finance
- Climate and ESG
- Competition and antitrust
- Construction
- Consumer, regulatory and compliance
- Corporate
- Digital and technology
- Employee share schemes
- Employment
- Energy and renewables
- Environment and planning
- Financial services
- Food and beverage
- Forestry and agribusiness
- Health
- Housing
- Infrastructure
- Insurance
- Intellectual property
- Litigation and dispute resolution
- Media and entertainment
- Māori business and law | Pakihi Māori me te Ture
- Overseas investment
- Private client, family office, immigration
- Public sector
- Real estate
- Restructuring and insolvency
- Tax
- Privacy and Cyber security
