Pilar Arzuaga has over a decade of experience advising companies across various industries on cybersecurity governance, data protection, artificial intelligence, and digital regulation. She works with clients in sectors such as telecommunications, media, IoT, cloud services, health, life sciences, robotics, ad tech, retail, and finance, providing strategic guidance to navigate complex regulatory landscapes and manage risks effectively.
Pilar's expertise is enriched by her significant in-house experience at leading global companies, where she focused on privacy, product compliance, and cybersecurity. Her practical, business-oriented approach ensures that legal requirements are aligned with operational goals, bridging the gap between compliance and business strategy.
Pilar advises on a wide range of issues, including:
- Online Safety Act / DSA governance: Recently advised on cross-jurisdictional assessments for major digital platforms (including large social and immersive-content providers) on the UK Online Safety Act and EU Digital Services Act, focusing on practical implementation and regulator-readiness.
- Management-body accountability: Advised on Board and senior-leadership responsibility frameworks, including Ofcom-style “duty of care” mapping, internal reporting structures, and accountability statements for global tech companies.
- Risk-assessment frameworks: Designed and operationalized systemic risk-assessment models integrating OSA and DSA transparency-law obligations, ensuring interoperability and proportionality across jurisdictions.
- Content governance and safety management: Supported the creation of safety management plans, risk registers, and escalation workflows aligned with both Ofcom and DSA transparency expectations.
- Cross-regulatory insight: Experience bridging privacy, online safety, and AI governance to align compliance strategies multiple jurisdictions
- Cybersecurity Governance: Developing and implementing frameworks to comply with international regulations and protect critical assets.
- Incident and Data Breach Management: Guiding organizations through data security incidents, from investigation to reporting and mitigation.
- Privacy and Product Compliance: Ensuring data protection by design in new product launches and ongoing operations.
- Artificial Intelligence (AI): Providing comprehensive advice on AI governance, risk assessment, and compliance with evolving regulations.
- Digital Regulation Compliance: Offering strategic counsel on compliance with the Digital Services Act, Data Act, NIS 2 Directive, and other key regulations.
Pilar could also cover:
- Initial legal and governance assessment for obligations under the UK OSA and DSA frameworks
- Evaluation of management-body oversight and accountability, including Board-level duties and internal governance structures.
- Design of a cross-jurisdictional risk-analysis and mitigation framework, covering systemic risk, content moderation, child safety, and transparency.
- Development or refinement of core compliance documentation (risk registers, accountability statements, transparency reports, Board briefings and training to management bodies).
- Gap analysis and enhancement recommendations for existing online-safety and trust-and-safety processes.
- Executive workshop or tabletop exercise to prepare for Ofcom or EU regulator engagement.
Before joining McDermott, Pilar gained invaluable experience at a top-tier international law firm specializing in data and technology, further strengthening her ability to deliver practical solutions to her clients.
Pilar also maintains an active pro bono practice, assisting organizations with their cybersecurity, data protection, AI, and broader compliance needs.