Member Spotlight: PCV, Cyprus

Global Reach, Boutique Approach

Founded in 1993 by Jordi Font Bardía, Barcelona-based FONT & YILDIZ has grown into a distinguished boutique law firm. With a foundation rooted in tax law, the firm has broadened its expertise to encompass a wide array of legal services, including commercial and corporate law, strategic consulting, and international investment advice. Since its inception, FONT & YILDIZ has been committed to delivering high-level legal and economic counsel to both domestic and international clients.

Expertise Spanning Borders and Industries

FONT & YILDIZ offers a robust portfolio of legal and financial services tailored to meet the complex needs of both domestic and international clients. With a deep understanding of the Spanish and global business markets, the firm provides strategic guidance across multiple sectors, ensuring clients receive comprehensive, high-quality support at every stage of their operations.

• Tax Advisory: Providing guidance on financial operations for companies of all sizes, both nationally and internationally. The firm is especially skilled at defending clients during tax audits and managing claims and appeals in court.
• Corporate and Commercial Law: Offering expert advice on corporate transactions, group restructurings, and contract drafting, with a strong focus on mergers and acquisitions (M&A).
• International Expansion and Investment: Helping Spanish companies grow internationally and supporting foreign investors entering the Spanish market, especially in Catalonia.
• Real Estate and Development: Advising on property acquisitions and real estate investments.
• Litigation and Compliance Services: Bookkeeping, accounting, and payroll compliance.

A Culture of Excellence

At the core of FONT & YILDIZ is a corporate culture that values technical expertise, a global outlook, and a dedication to excellence. The firm emphasizes ethics, quality, innovation, and empathy, operating with the hallmarks of a boutique practice: specialization, direct accountability, and personalized service.

Distinguishing Characteristics

FONT & YILDIZ distinguishes itself through its specialized expertise in tax and corporate law, its strategic approach to international business, and its multilingual team fluent in Spanish, Catalan, English, French, Turkish, and Portuguese. This linguistic diversity allows the firm to serve a wide-ranging international client base, especially from Turkey and Latin America.

Since Axel Yildiz joined the firm, he has strategically implemented a one-stop shop approach, thanks to his understanding of the profession as one that must provide comprehensive 360º legal services. This model combines legal, tax, and economic advisory expertise to deliver full-service support for complex and cross-border operations. Notably, Jordi Font Bardía brings valuable experience from his previous role as a Financial and Tax Inspector, enhancing the firm’s audit and litigation capabilities.

Globalaw Membership: Expanding Horizons

As a proud member of Globalaw for over 15 years, FONT & YILDIZ actively participates in the network’s Business Development Committee. The firm leverages this global alliance to connect clients with trusted legal partners worldwide, promoting international growth and cross-border collaboration.

Through Globalaw, FONT & YILDIZ offers clients access to a network of law firms that share its commitment to excellence and global service standards.

For more information about FONT & YILDIZ, visit www.fontyildiz.com.

While obtaining informed and voluntary consent from data subjects, organisations should clearly state the reasons for collecting the data, how it will be handled, and how it will be used.

Being transparent with subjects about data collection and use is especially important as data creation has proliferated across social media, streaming, digital transactions, smart devices, logins and other identifying information on search browsers, and the rise of AI and metadata in files.

In practice, the manner in which informed and voluntary data subject consent is conducted may vary from jurisdiction to jurisdiction.

This article explores guidelines and best practices for informing data subjects and obtaining voluntary consent in countries within Globalaw’s APAC region, including Hong Kong, India, Japan, South Korea, and Taiwan.

Hong Kong

In Hong Kong, where the governing body is the Office of the Privacy Commissioner for Personal Data (PCPD), a data user must expressly inform the data subject of the purpose for which the data is to be used on or before collection of the data.

Provision of personal data pursuant to such information by the data subject shall be deemed sufficient consent, which is implied.

However, new consent from the data subject is required if such personal data shall be used for a new purpose. For example, changing policies to begin sharing data with a third-party partner for direct marketing.

For cross-border transfers, the Personal Data (Privacy) Ordinance stipulates, among other requirements, that the data subject must also provide written consent specifically; however, this requirement has not yet come into effect.

India

In India, where the governing body is the country’s Ministry of Electronics and Information Technology (MeitY), principal data subject consent should be free, specific, informed, unconditional and unambiguous.

Also, while seeking consent from data principals, a notice must be displayed informing them about: (i) the personal data and the purpose for which the same has been processed; (ii) the manner in which they may exercise their rights; and (iii) the manner in which the data principal may make a complaint to the board. These basic requirements also apply to consent for cross-border transfer of personal information.

Japan

In Japan, where the governing body is the country’s Personal Information Protection Commission, business operators must clearly outline the purpose of data collection and obtain specific consent for the cross-border transfer of personal information, with certain exceptions.

South Korea

In South Korea, where the governing body is the country’s Personal Information Protection Commission, informed and voluntary consent is essential for collecting and using personal data, unless a legal exception applies.

Additionally, consent for collection, third-party provision, and cross-border transfers must be obtained separately and clearly distinguished.

Since March 2023, amendments have expanded the grounds for data collection to include cases necessary for fulfilling contracts or implementing measures requested by data subjects during the contract formation process. The practical application of these changes continues to develop and adapt.

Taiwan

In Taiwan, where the Taiwanese government is in the process of forming the Personal Data Protection Commission, organisations must expressly inform data subjects when collecting personal data.

Organisations must detail the purposes of collection, types of data, usage scope (including duration, geography, territory, and methods), data subject rights, and consequences of non-disclosure, unless exempt by law. When collection involves planning for cross-border transfers, intended overseas jurisdictions should also be specified.

--

This article is part of a series by our Globalaw APAC Data Privacy & Protection Taskforce members.

Globalaw’s APAC Data Privacy & Protection Taskforce comprises 15 law firms in the Asia-Pacific region with specialized expertise in advising international companies on how to implement and manage a multijurisdictional data protection program.

Taskforce member firms combine a strategic, business-minded approach with cross-border collaboration to help clients build and maintain sophisticated and resilient data practices, effectively mitigate and respond to incidents, and provide sophisticated representation to resolve disputes or regulatory investigations.

Explore the Globalaw APAC Data Privacy & Protection Taskforce brochure for more information and regional contacts.

Disclaimer: The information provided in this article is for general informational purposes only and does not constitute legal advice. Information, including laws and statutes, cited are subject to change and is accurate as of 30 June 2025, but readers should verify such current status. We and our member firms shall not be held liable for any loss and/or damage incurred by any person acting as a result of the information contained in this article. Reliance on this content is at the reader’s own risk, and no attorney-client relationship is formed by reading or acting upon this article. Always seek professional legal counsel to ensure compliance with applicable laws and regulations.

It’s a privilege to honour the contributions of my dear friend and mentor, Bill Taylor, a former Partner at Hanson Bridgett LLP, on his retirement. From 2012 to 2014, Bill was President of Globalaw, and for many years before and after, he was an active member of the Board of Directors and an Officer. His leadership, vision, and dedication helped shape Globalaw into the dynamic, global community we know today.

Beyond his formal roles, Bill gave generously of his time and energy. He spent countless hours building and supporting the network, genuinely caring for the people around him. He was never one to sit quietly in meetings; he was always eager to share insightful ideas and perspectives that advanced the discussion. When Bill spoke, people listened. He possessed that rare combination of wisdom and warmth that made his voice both respected and welcomed.

I believe I’m not alone in seeing Bill as a valuable mentor. He was often the first to reach out, whether to offer guidance during challenging times or to invite someone to dinner or a social event. His welcoming spirit left a lasting impression on me, and I know many others feel the same.

One unforgettable memory I share with Bill was during a Globalaw meeting in Tel Aviv, where we had the opportunity to meet Shimon Peres, the former Prime Minister of Israel. In true Bill fashion, he offered to buy a bottle of wine for Prime Minister Peres. Although the offer was politely declined, the Prime Minister approached our table and talked with us.

On that same trip, Bill and I visited Caesarea together. By the end of the ride, he had become best friends with our taxi driver. That’s just who Bill is—he has a gift for connecting with people, no matter where he is or who he’s with.

Bill’s family has also been a cherished part of the Globalaw community. His wife (Kim) has attended many meetings, and his daughter (Lily), of whom he is immensely proud, has been a familiar and welcome presence as well.

Although he may no longer hold an official position, Bill remains a good friend of Globalaw. His legacy lives on through the strength and spirit of our network, and he will always be welcomed at our meetings and events.

A Data Protection Officer (DPO) ensures that an organisation’s data collection, processing and use complies with applicable data protection rules and regulations. DPOs are generally data protection experts with specialized knowledge and experience. They provide advice and guidance on best practices, compliance, policies and procedures, education and training, risk management and data breach response protocols.

The rapid pace of data creation, accelerated by content generated by AI, social media, streaming, digital transactions and smart technology, has increased government intervention in data governance and protection.

As such, certain jurisdictions require that companies appoint a DPO, while others strongly recommend it. This article explores the DPO requirements, qualifications and responsibilities in countries within Globalaw’s Asia Pacific region, including Hong Kong, India, Japan, South Korea, and Taiwan.

DPO Requirements by Jurisdiction

Appointing a DPO is a recommended practice rather than a requirement in both Hong Kong and Japan. By contrast, South Korea requires most companies to appoint a DPO, except those with fewer than 10 permanent employees.

In India, DPOs are required for significant data fiduciaries. While Taiwan does not require DPOs, certain industries mandate the designation of data protection personnel.

• Hong Kong: Recommended
• India: Required for significant data fiduciaries (to be notified by the government)
• Japan: Recommended
• South Korea: Required for companies with more than 0 permanent employees
• Taiwan: Required by certain industries to designate responsible personnel

Qualifications of a DPO

For Hong Kong, Japan, Taiwan, and South Korea, there are no mandatory certifications, licenses, or qualifications required before someone can be appointed as a company’s DPO.

While there are also no legal or technical qualification mandates for India, a DPO shall be (a) based in India, and (b) be an individual responsible to the Board of Directors or similar governing body of the significant data fiduciary.

Responsibilities of a DPO

The responsibilities of a DPO vary by jurisdiction and, in some cases, by industry and are authorized by the governing authority of that jurisdiction.

Hong Kong

Governing Body: The Office of the Privacy Commissioner for Personal Data (PCPD).

The PCPD provides the following recommendations:

• Establish and implement the Privacy Management Programme (PMP), such as maintaining a record of the organisation's data inventory, conducting periodic risk assessments, and providing training and education.
• Review the effectiveness of the PMP, including preparing an oversight and review plan.
• Report regularly to top management on the organization's compliance issues, problems encountered, and complaints received related to personnel.

India

Governing Body: Government of India, Ministry of Electronics and Information Technology (MeitY)

Under the Digital Personal Data Protection Act (DPDP), the DPO shall represent the significant data fiduciary under the provisions of the legislation and be the point of contact for the grievance redressal mechanism.

Japan

Governing Body: Personal Information Protection Commission

A DPO is not subject to any legally mandated responsibilities.

South Korea

Governing Body: The Personal Information Protection Commission

Under the Personal Information Protection Act (PIPA), the DPO handles personal information for business purposes to comply with the regulations. These responsibilities include:

• Overseeing the handling and protection of personal data,
• Establishing internal policies and safeguards,
• Responding to data subject requests (e.g., correction, deletion),
• Managing incident response for data breaches,
• Serving as the liaison with the Personal Information Protection Commission (PIPC),
• Conducting regular audits and training

Taiwan

Governing Body: The Taiwanese government is in the process of forming the Personal Data Protection Commission.

Only specific industries are required to designate responsible personnel, and sector-specific regulations govern their responsibilities.

--

This article is part of a series by our Globalaw APAC Data Privacy & Protection Taskforce members.

Globalaw’s APAC Data Privacy & Protection Taskforce comprises 15 law firms in the Asia-Pacific region with specialized expertise in advising international companies on how to implement and manage a multijurisdictional data protection program.

Taskforce member firms combine a strategic, business-minded approach with cross-border collaboration to help clients build and maintain sophisticated and resilient data practices, effectively mitigate and respond to incidents, and provide sophisticated representation to resolve disputes or regulatory investigations.

Explore the Globalaw APAC Data Privacy & Protection Taskforce brochure for more information and regional contacts.

Disclaimer: The information provided in this article is for general informational purposes only and does not constitute legal advice. Information, including laws and statutes, cited are subject to change and is accurate as of 30 June 2025, but readers should verify such current status. We and our member firms shall not be held liable for any loss and/or damage incurred by any person acting as a result of the information contained in this article. Reliance on this content is at the reader’s own risk, and no attorney-client relationship is formed by reading or acting upon this article. Always seek professional legal counsel to ensure compliance with applicable laws and regulations.