20 years together

Privacy & Data Protection

Dimitrov, Petrov & Co. is a leading law firm, pioneer in the dynamic field of privacy and personal data protection in Bulgaria, as well as in all other aspects of the legal regime of information. The Privacy and Data Protection Practice Group is widely acknowledged for its broad practical experience and in-depth knowledge of the national and EU law requirements, and the lawyers are internationally recognised for the outstanding quality of the services provided to clients. The law firm’s international client base ranges from start-up companies to major blue-chip multinational and domestic companies, state authorities, municipalities, public bodies and NGOs. 
A specific advantage that allows Dimitrov, Petrov & Co.’s team to assist its clients with respect to their needs in the area of data protection and privacy is its boutique expertise in the area of information and communication technologies law gained over the years of investing in knowledge and continuous education of its lawyers. The acquired specific experience and knowledge help our experts to carry out detailed and comprehensive analyses of the legal aspects of various technologies, software, products, services and business models (including outsourcing of services, cloud services, Big Data, etc.), where data processing via various new technologies is involved.  
Over the years, Dimitrov, Petrov & Co.’s lawyers have assisted companies to manage data at every stage of the information life cycle, providing a considerable set of legal services:
 Consultations with regard to all aspects of personal data protection;
 Consultations with respect to the legal regime of special categories of information, such as classified information, public information, public sector information, bank secrecy, medical data, data generated in the telecom sector and other categories of information that are subject to a special legal regime; 
 Compliance with all domestic and European privacy and data protection laws, including with respect to the launch of new complex and advanced IT projects, innovative products and services;
 Full assistance with respect to the adjustment of clients’ business models and internal procedures to the applicable data protection requirements;
 Consultations and management of both national and international compliance projects, and thus effectively addressing clients’ cross-border projects needs;
 Elaboration of corporate privacy and information security policies and procedures; 
 Internal staff trainings focused on specific clients’ needs; 
 Assistance with respect to internal risk assessments projects and internal data protection, information security and compliance audits;
 Elaborating strategies for cross-border development and maintenance of international centralised databases and other complex international data transfers, and preparation of the necessary sets of documents and procedures;
 Full assistance with respect to international HR management projects and the related privacy and data protection issues; 
 Comprehensive and customised advice and assistance with respect to direct marketing and various other types of marketing campaigns;  
 Legal advice, assistance and representation with respect to various cases of requests for disclosure of data to the competent state bodies and other similar procedures, including searches and seizures;
 Legal representation and registration of data controllers at the Bulgarian Commission for Personal Data Protection;
 Legal advice, representation, negotiations and assistance with respect to projects for re-use of public sector information; etc.
Being appraised for their exclusive expertise and knowledge in this area, our lawyers were involved in drafting the guidelines for the implementation of Ordinance No. 1 dated 30 January 2013 on the minimum level of technical and organisational measures and the admissible type of personal data protection, as well as the internal guidelines on the control activities performed by the Bulgarian Commission for Personal Data Protection. They also participated in consultations of the Commission with respect to the improvement of its effectiveness and efficiency, and in the respective trainings of its officials. 
The complex expertise along with the law-making experience of our experts are well  trusted by various government bodies (ministries, state agencies and commissions), and our team is regularly assigned to assist them in drafting the legislation, state strategies and strategical consultations related to their competences and activities. 
Dimitrov, Petrov & Co.’s lawyers lecture on numerous international conferences and forums, sector specific workshops (banking, marketing, media, telecoms, medical, IT national security, etc.) as well as seminars on data protection, including training of state officials, judges, prosecutors and others.


Representative Experience
Dimitrov, Petrov & Co. is the legal counsel of Google on their legal matters in Bulgaria with a special focus on privacy, data protection, ICT law, competition and regulatory issues. Google relies on our team’s interdisciplinary expertise to work in collaboration with its in-house and external legal teams across the world and deal with the legal aspects of its innovative business and technology projects for Central and Eastern Europe as well as the legal compliance of its products and services. 
The law firm advises Fox Networks Group on the drafting and revision of privacy policies for websites and mobile applications, terms and conditions for different online services, promotions, online games and competition on social networks. As part of the provided legal services, recently an expert from Dimitrov, Petrov & Co. trained the local legal team of FOX on relevant personal data protection issues related to their activities.
Telenor Bulgaria EAD has been relying on Dimitrov, Petrov & Co.’s data protection and data security services since 2009 and has assigned the law firm to consult it on its most complicated and important data protection, data retention and data security matters.
The team of Dimitrov, Petrov & Co. provides legal advice and assistance with respect to the online services of Jobs.bg. The lawyers have been assigned the analysis of the client business model, preparation of the relevant documentation, including general terms and conditions and privacy policies, and consultation on the overall legal framework.
The Privacy and Data Protection team assists a Bulgarian transport and logistics company with regard to a large scope of services connected to the daily operation of the client’s online courier platform. The law firm’s experts are responsible for an in-depth analysis of the client’s business models and services, preparation of relevant documentation, including general terms and conditions, and consultation on the overall legal framework.
The team of Dimitrov, Petrov & Co. provides full scope legal advice and assistance with respect to the launch of the innovative e-Health projects and the implementation of the advanced information systems, including with respect to the related processing and protection of sensitive data, to Pharma Marketing Advisors.  
Dimitrov, Petrov & Co. provides interdisciplinary legal services to a leading Bulgarian non-banking financial institution with regard to the in-depth analysis of its client business model and preparation of general terms for provision of financial services through various channels, including remote services. Consulting on the overall legal framework was provided as well.
Dimitrov, Petrov & Co. provides day-to-day legal advice and assistance to a Bulgarian NGO (Law and Internet Foundation) with regard to various legal issues related to the activities of the Foundation. Lawyers from Dimitrov, Petrov & Co. are involved as legal experts in various local and international projects of the Foundation in the area of ICT, e-Government, privacy and data protection, etc. Some of the law firm’s experts have been involved in a number of multinational EU-funded research projects in the area of privacy and data protection, some of which are developed and carried out in collaboration with Interpol.  
One of the world’s leading credit card providers entrusted the law firm with its privacy-related issues, such as review of privacy policies, relations with website users, terms of use for their corporate website, etc.
A major producer of personal computers assigned Dimitrov, Petrov & Co. the necessary legal consultations, preparation of the legal documents and representation before the Bulgarian data protection authority with respect to the implementation of their global HR and other information systems.
The lawyers of Dimitrov, Petrov & Co. have considerable experience in providing legal advice to one of the world’s biggest publishing houses concerning personal data processing for direct marketing purposes and preparation of a wide range of documents related to such processing.
 The team of Dimitrov, Petrov & Co. provides legal advice and assistance with respect to the implementation of global information systems within the corporate group of one of our international clients and the related cross-border data protection issues.
The law firm assists Nestle Bulgaria with regard to the conducting of a multi-level internal privacy and data protection training on the client’s data protection compliance matters and overall online presence. 
Dimitrov, Petrov & Co. has been continuously advising several global pharmaceutical, marketing and IT companies with regard to the implementation of their HR and other multinational cross-border data transfers.


Related News

DPC with a Top-Tier Ranking for 2021 by The Legal 500

We have kept our leading positions in the 2021 series of the long-distance race known as The Legal 500 rankings. view more


DPC Successful in a Dispute over Processing Genetic Data

The DPC team successfully defended a client in a dispute over the application of personal data protection rules in processing genetic data. view more


DPC Top-Ranked by Chambers Europe 2021

DPC ranked in Chambers Europe 2021 for TMT, Competition/Antitrust, Intellectual Property, Tax, Employment, Dispute Resolution, and Real Estate view more


Related Publications

The Consent as a Legal Ground for Personal Data Processing

Subject:ICT Law. Privacy and Data Protection

Published at:Academic Publishing House "Za bukvite - O Pismeneh"

Edition:Information Literacy and Intellectual Property: Modern Scientific and Practical Challenges

According to Regulation 2016/679 (GDPR), consent is one of the possible legal grounds for personal data processing. Consent is placed first among the conditions for the processing of personal data. The purpose of this paper is to analyze the nature of consent as a ground for the processing of personal data. The study traces back the emergence of consent as a basis for processing from historical perspective – its inclusion in national data protection acts and acts of EU law. Examined are the questions: What specifics does consent reveal and what requirements should be fulfilled in order for consent to be valid under GDPR? Does consent enjoy any hierarchical supremacy over other legal grounds for personal data processing? Are there cases where consent is not an appropriate legal basis and why? What opportunities does the consent provide for overcoming some of the GDPR explicit prohibitions – e.g. ones regarding automated individual decision-making or transferring personal data to third countries outside the European Union? What are the consent’s possibilities according to the Bulgarian national rules under the Personal Data Protection Act? This paper addresses the questions raised in the light of European and national practice of applying personal data protection rules, including by analyzing the practice of the national data protection supervisory authority – the Commission for Personal Data Protection.

*This publication is in Bulgarian.

International Competence in Proceedings Related to Infringements of the General Data Protection Regulation

Download:doing-business-2006.pdf (PDF, 1.42 mb)

Subject:ICT Law. Privacy and Data Protection

Published at:International Politics, XVI, Issue 1

Edition:Edition of the South-West University Neofit Rilski, Faculty of Law and History, Blagoevgrad, 2020

On 25 May 2018, Regulation 2016/679 (General Data Protection Regulation, GDPR/ the Regulation) became applicable. It introduced a unified regime for the protection of personal data within the European Union, further developing the existing national rules in this matter, adopted by the Member States when transposing the requirements of Directive 95/46 that precedes GDPR. Among the ambitious goals of the European legislator with the adoption of GDPR is to ensure the control of natural persons over their own personal data and to enhance legal and practical certainty for natural persons, economic operators and public authorities. One of the means to achieve this is to expand the scope of some existing rights of data subjects in the processing of their personal data, the establishment of new, hitherto unknown rights, as well as the regulation of reciprocal obligations of the subjects processing personal data – data controllers and processors. In addition, GDPR introduces specific rules on the remedies of the data subjects in case the requirements of the Regulation on the processing of their personal data are infringed. The purpose of this study is to analyze the rules for determining international jurisdiction in proceedings related to infringements of the rules of GDPR. The types of legal remedies that GDPR provides to data subjects are considered - the right to lodge a complaint with a supervisory authority, the right to effective judicial remedy against a supervisory authority and the right to effective judicial remedy against a controller or processor and the rules for determining international jurisdiction over the said proceedings.

*The publication is in Bulgarian.

On Electronic Documents and Their Practical Application in Modern Business Relations

Download:doing-business-2016.pdf (PDF, 15.10 mb)

Subject:ICT Law. Privacy and Data Protection

Published at:http://epi.bg/

Edition:Commercial and Contractual Law Digest, 2021, book 01, p. 24

Over the last decade there has been a constant trend towards digitalization of many traditional processes in business organizations. This trend has accelerated dramatically in recent months due to the anti-epidemic measures introduced against the COVID-19 pandemic, which have led to the mass introduction of remote work (where possible), remote business meetings, negotiations and signing of contract, etc. Perhaps the most important of these processes is the document flow of the organization, i.e. the creation, signing, exchange and storage of documents both inside the organization (e.g. documents created in connection with the work process) and outside it (e.g. documents connected to relations with suppliers, contractors, business partners and potential ones). However, with the introduction of concepts such as contract, concluded remotely, electronic statement (e-statement), electronic document (e-document) and electronic signature (e-signature), many questions arise, as well as fears that the new digital being of documents is not able to guarantee the interests of legal entities in the same way as the good old paper document. This analysis aims to examine the issues of the legal value and importance of e-documents in the context of commercial and civil law.

*The publication is in Bulgarian.


Contact Person

Desislava Krusteva


Desislava Krusteva