Kamil Yegelev
privacy and IP lawyer. since 2010.
GDPR compliance, DPO support,
IP due diligence.
Europe / CIS.
IP due diligence.
Europe / CIS.
About
Legal and IAPP-certified privacy specialist. Held senior and lead positions at a NASDAQ-listed tech (Yandex, €3.8B, 20K+ staff), an international scaleup (Yango, €1.6B, 20+ countries), a reputable law firm (Tolkachev / Deloitte Legal), a music major (Gala / Warner). Worked with startups and big tech, conducted IP due diligence, secured IP assets, implemented privacy programs.
Services
Вернуться
Portfolio
A health tech startup from U.S. was preparing to enter the European market and needed compliant landing pages for collecting user data under both GDPR and U.S. privacy laws. The task was to develop privacy and cookie policies, as well as clear consent and notice templates for data collection.
After mapping data flows, identifying the types of personal data collected, and determining data recipients, I drafted concise and transparent privacy and cookie policies compliant with GDPR, HIPAA, and COPPA. I also prepared detailed implementation guidelines and templates for consent and notice texts tailored to different user scenarios.
As a result, the company received legally sound documentation and UI adjustments that maintained conversion rates while minimizing privacy risks.
After mapping data flows, identifying the types of personal data collected, and determining data recipients, I drafted concise and transparent privacy and cookie policies compliant with GDPR, HIPAA, and COPPA. I also prepared detailed implementation guidelines and templates for consent and notice texts tailored to different user scenarios.
As a result, the company received legally sound documentation and UI adjustments that maintained conversion rates while minimizing privacy risks.
A CIS-based law firm with offices in the MENA region wanted to verify whether its data processing practices complied with the privacy and professional secrecy requirements of the countries where it operated. The project also had to address data localization and cross-border transfer restrictions.
I conducted an audit of the data processing practices established at the firm’s HQ, reviewed vendors, contractors, and IT/cloud service providers, and analyzed applicable industry and privacy laws across jurisdictions.
As a result, the law firm received a compliance checklist outlining its current compliance status, recommended process and documentation improvements, and a quantified assessment of regulatory risks.
I conducted an audit of the data processing practices established at the firm’s HQ, reviewed vendors, contractors, and IT/cloud service providers, and analyzed applicable industry and privacy laws across jurisdictions.
As a result, the law firm received a compliance checklist outlining its current compliance status, recommended process and documentation improvements, and a quantified assessment of regulatory risks.
A group of companies planned to notify the Russian data protection authority (Roskomnadzor) of personal data (PD) processing before new fines came into effect. To prepare the notification, it was necessary to conduct an internal audit and identify all systems and business processes where personal data was processed.
Within the agreed timeframe, my assistant and I completed the full scope of work: prepared all required documentation under Law No. 152-FZ, clarified processes and information systems (ISPDn, software), implemented procedures for handling personal data and data subject requests, and developed data breach response plans. As a result, all notifications were successfully submitted to Roskomnadzor on time.
Within the agreed timeframe, my assistant and I completed the full scope of work: prepared all required documentation under Law No. 152-FZ, clarified processes and information systems (ISPDn, software), implemented procedures for handling personal data and data subject requests, and developed data breach response plans. As a result, all notifications were successfully submitted to Roskomnadzor on time.
A MedTech startup was preparing to receive investment from a venture fund.
To assess the value of its main asset - medical software - it was necessary to confirm the company’s rights.
I conducted an IP audit, identified gaps, and prepared the required documents and agreements to sign with developers and employees. I also provided a roadmap and detailed guidance for registering the software with Rospatent and the Ministry of Digital Development, as well as for obtaining medical device certification (through partners).
As a result, the startup successfully secured investment from the fund.
To assess the value of its main asset - medical software - it was necessary to confirm the company’s rights.
I conducted an IP audit, identified gaps, and prepared the required documents and agreements to sign with developers and employees. I also provided a roadmap and detailed guidance for registering the software with Rospatent and the Ministry of Digital Development, as well as for obtaining medical device certification (through partners).
As a result, the startup successfully secured investment from the fund.
A European company wanted to understand the risks of collecting personal data of U.S. residents for advertising purposes.
The goal was to assess the applicability of U.S. and EU privacy laws, as well as the potential penalties for non-compliance.
After analyzing the company’s lead generation practices, I identified the relevant laws, reviewed enforcement cases from U.S. regulators and the company’s home jurisdiction, and examined how potential U.S. fines could be enforced abroad.
As a result, the company received a clear risk assessment report with practical recommendations to mitigate those risks.
The goal was to assess the applicability of U.S. and EU privacy laws, as well as the potential penalties for non-compliance.
After analyzing the company’s lead generation practices, I identified the relevant laws, reviewed enforcement cases from U.S. regulators and the company’s home jurisdiction, and examined how potential U.S. fines could be enforced abroad.
As a result, the company received a clear risk assessment report with practical recommendations to mitigate those risks.
Q&A
Yes. The GDPR applies to non-EU companies if you target goods or services to EU-based clients or monitor their behavior. Additionally, your country of incorporation may have international agreements with the EU, which can make GDPR enforcement and fines applicable even without an EU office. I can help you assess whether GDPR applies to your business and guide you on compliance requirements.
Yes. The GDPR applies if your company has an office, agent, or holding company in the EU/EEA. It also applies if you target your services or goods to representatives of potential clients in the EU and collect their contact information. I can help you take the necessary steps to ensure your business is GDPR compliant.
While there are many privacy policy generators available online, relying solely on a template is not enough.
- Your privacy policy must accurately reflect what personal data you process and how, which usually requires a preliminary privacy audit.
- The policy must align with your actual business processes. Otherwise, you risk significant fines under the GDPR.
- Compliance involves more than just the privacy policy. Your company must also maintain a record of processing activities (ROPA), data subject request procedures (DSARs/DSRs), impact assessments, and data processing agreements.
In most cases, yes. GDPR requires companies to appoint a data protection officer (DPO) to oversee data processing activities. This function can be outsourced. As an IAPP-certified professional, I provide external DPO services across the EU.
Your intellectual property (IP) is a valuable company asset, including trademarks, software, designs, visual and textual content. During an IP audit (or IP due diligence), I verify who owns the company’s IP, whether rights are properly transferred, and identify potential risks or disputes.
Your intellectual property (IP) is a valuable company asset, including trademarks, software, designs, visual, and textual content. Registration requirements vary by country: in most cases, content and software do not require mandatory registration. However, registering them helps prove ownership to third parties and increases the value of your assets for investment rounds. Trademarks, on the other hand, must always be registered to be considered enforceable assets.
The key is to verify the rights you actually own and address any gaps. I can help you secure all necessary rights from creators and developers and register your IP with relevant offices across the EU.
The key is to verify the rights you actually own and address any gaps. I can help you secure all necessary rights from creators and developers and register your IP with relevant offices across the EU.
Yes It's Legal