Photo of Ana Hadnes Bruder

Ana Hadnes Bruder is a senior associate in Mayer Brown’s Frankfurt office and an active member of the global Cybersecurity & Data Privacy practice. She is also a member of the firm’s Intellectual Property practice. Ana advises clients on data privacy and cybersecurity matters, including preparing for and reacting to cyber-attacks, assessing and making required data breach notifications, analyzing data protection implications of new products and tools and providing strategic advice with a focus on cross-border data processing. Ana further advises on Technology Transactions including cloud services, data and software licensing agreements, SaaS agreements, software development projects, e-commerce, and related Cybersecurity & Data Privacy questions.

Ana is a registered lawyer in Germany and Brazil and has ten years of international experience as legal counsel in Brazil, France and Germany. Ana started her career at Mayer Brown in the Dispute Resolution practice where she represented clients in litigation and arbitration proceedings involving complex commercial, intellectual property and liability matters.

Before joining Mayer Brown, Ana gained experience representing foreign clients in judicial proceedings in Brazil and also worked as in-house counsel for a leading French company in Paris.

Read full bio

On 25 May 2022, the European Commission published Questions and Answers for the New  Standard Contractual Clauses to provide practical guidance on the use of standard contractual clauses (SCCs) and help organisations with their General Data Protection Regulation (GDPR) compliance efforts. The Commission confirmed that the Q&A document will be regularly updated.

Continue reading.

On March 25, 2022, the United States and the European Union jointly announced an “agreement in principle” to a new trans-Atlantic data privacy framework to facilitate the cross-border transfer of personal data (the “Framework”).1 As part of the Framework, the US has made “unprecedented commitments” related to intelligence collection and surveillance practices.2 The

The UK Online Safety Bill was proposed by the UK government to establish a new regulatory framework to tackle harmful content online and usher in a new age of accountability for tech companies. The bill will impose a duty of care on companies that offer user-generated content, in addition to search engines, to protect users

On 18 November 2021, the European Data Protection Board (“EDPB”) adopted new guidelines which:

  1. Set out a three part criteria for identifying whether an action will be considered an international transfer of personal data; and
  2. Clarify that restrictions on international data transfers do apply to transfers to entities located in a third country, but which

In this National Cybersecurity Awareness Month conversation, Mayer Brown lawyers from our global practice will discuss the latest legal trends and developments relating to cybersecurity in China, Europe and the UK. Topics will include:

  • The implications for international businesses seeking to comply with China’s new Data Security Law and Personal Information Protection Law in combination

Seitdem die Datenschutz-Grundverordnung in Kraft trat, stehen Entwickler und Forschende im Bereich der automatisierten und vernetzten Mobilität immer wieder vor schwierigen Fragestellungen:

  • Welche Daten lassen sich wie DSGVO-konform verarbeiten? Was ist erlaubt, was nicht?
  • Wie können diese Daten anderen zur Verfügung gestellt werden?
  • Welche Unterschiede gibt es hierbei zwischen Universitätsinstituten, öffentlichen Einrichtungen und Unternehmen?

Continue

Today, 28 June 2021, the European Commission formally adopted two adequacy decisions with respect of transferring personal data from the European Economic Area (the “EEA”) to the United Kingdom (the “UK”): one under the EU General Data Protection Regulation and one under the EU Law Enforcement Directive. The two decisions come into

Today, 21 June 2021, the European Data Protection Board (the “EDPB”) has published its final Recommendations 01/2020 on supplementary measures to ensure compliance with data protection laws when transferring personal data from Europe (the “Recommendations”).

The adoption of these Recommendations is the latest in a series of developments which demonstrate that it is

In this webinar Oliver Yaros, Ana Bruder, Cristiane Manzueto and Rodrigo Leal discuss how the concepts of controllers, joint controllers and processors are defined under the European GDPR and how the analogous terms are interpreted under the LGPD when companies are considering how to comply with this new piece of legislation in Brazil.

View the

Today, 4 June 2021, the European Commission has formally adopted new standard contractual clauses for international personal data transfers from the European Union to third countries (“New EU SCCs”).

The 34-page New EU SCCs, which have been adopted to reflect the introduction of the General Data Protection Regulation (“GDPR”) and the