Tocheva & Mandazhieva Law Office

Established in 2004 as a boutique law firm initially focused on advising and representing clients in the financial industry and real estate & construction sector, the T&M Law Office has expanded to offer advice to Bulgarian and foreign corporate clients on all range of Bulgarian legal issues. The T&M Law Office is not among the largest Bulgarian law firms, however, it has been widely recognised and respected for its quality, integrity and business friendly, flexible solutions.

The firm’s list of clients includes major foreign investors such as Tishman in its real estate development and construction projects in Bulgaria, RWE Power AG in the country’s largest energy project for the Belene nuclear power plant, Artio Global Investment Fund, Tradeville SA, etc. At the same time, the firm continues to be a benchmark in offering legal advice in the capital markets/financial services field and to represent a large part of the financial industry players. T&M has been the pioneer in providing the legal framework for many new products on the Bulgarian financial market and advises firms wanting to enter the market for the first time as well as established players.

Our Team

tanaya tocheva

Tanya Tocheva
Partner

encho dinev

Encho Dinev
Partner

Даяна Славева

Dayana Slaveva
Associate

Georgi Traikov

Georgi Traikov
Associate


Nevena Yaneva
Associate


Valeria Nikolova
Associate

Polina Slavova

Polina Slavova
Junior Associate


Stefan Sokolov
Junior Associate

Latest News and Publicatians

Free flow of non-personal data is now in the spotlight. What will happen to GDPR?

As of 28th May enters into force the new EU Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union.   The Regulation focuses primarily on prohibition of mandatory localisation requirements, established by the EU Member States' national laws. The new rules will allow data to be stored and processed everywhere in the EU without unjustified restrictions. This Regulation should apply to natural or legal persons who provide data processing services to users residing or having an establishment
Read More

Can Google really forget us?

The right to be forgotten was recognized in Google Spain SL, Google Inc v Agencia Española de Protección de Datos, Mario Costeja González (2014) and was later sanctioned in Art. 17 of GDPR. It obliges the data controller to erase all personal data upon request. The right to be forgotten in the context of search engines like Google means that a data subject can request the engine to delist a link with personal data from the search results. The information would still be accessible, but it would not be connected to a certain person after the
Read More

Labour law aspects when appointing Data Protection Officer (“DPO”)

Data Protection Regulation (EU) 2016/679 (GDPR or the Regulation), in force since 25th May 2018th, introduces several obligations for data controllers and processors. One of these obligations is to designate a Data Protection Officer (DPO). In general, this person has the task of informing and advising (shall inform and advice) the administrator or processor of personal data and the processing staff (staff which processes the data) of their obligations under the Regulation, to monitor compliance with the Regulation and to cooperate with the Supervisory Authority. The figure of the DPO is not new for the Bulgarian
Read More

Could GDPR be applied retroactively?

Recently Т&М Law office won a case in front of the first court instance, which answers this seem to be rhetorical question. In 2018th the Bulgarian Commission of Protection of Personal Data ("CPDP") adopted decisions finding infringements of GDPR for acts that occurred before its entry into force on 25 May 2018. Often the actions in question could be interpreted as an infringement of the national Personal Data Protection Act ("PDPA") but CPDP has not referred to these provisions. Separately, for infringements before the date of application of GDPR, the CPDP has imposed corrective measures under GDPR. At
Read More

Right to be forgotten in the context of journalism

This week Bulgarian Data Protection Commission came up with an opinion (here in Bulgarian) concerning the right to be forgotten and its limits in the context of journalism. Background The opinion follows the harsh opposition of the Bulgarian media against certain wording in the Bulgarian Data Protection Act (DPA). The latter was finally promulgated on 26 February 2019. The DPA introduced some of the areas which GDPR allowed to be developed in local Member States laws. One of these areas concerns using personal data for the purposes of media publications. The new DPA envisages that when a journalist
Read More

E-shops and the latest NRA’s requirements

At the end of February 2019, the long-awaited amendments in the Ordinance No. H-18 (dated 13 December 2006) were adopted on the recording and reporting of sales in business premises through fiscal devices ("The Ordinance"). Following that, the latest amendments affect the sales reporting procedures in the premises: introduce new requirements to the software that manage the sales as well as new obligations to the distributors and users of such software. The most essential ones, are the requirements for the online retailers. A brand-new chapter in Ordinance regulates the information that should be submitted by the
Read More

“The internet as we know it” has just changed

European Parliament approves new copyright rules for the internet. They will have huge influence on sharing online content with respect to the copyright protection. It is important to note that the Directive was fully adopted, including the disputable provisions (Article 11 and Article 13) which affected prior public discussions on "copyright vs right to freedom of speech". Indeed, Article 11 provides publishers' copyrights with protection in case of digital use of their press publications. It requires permission for such use on a contract basis, licensing and payment respectively. This would affect referrals and excerpts when a
Read More

Bulgarian Data Protection Authority published new list of data processing operations requiring obligatory data impact assessment

Bulgarian Data Protection Authority - the Commission for Personal Data Protection ("the CPDP") published a new version of the List which contains the types of processing operations requiring prior data protection impact assessment under the provisions of Art. 35, par. 4 of Regulation (EC) 2016/679 (the "List"). The initial version of the List passed a conciliation procedure with the European Data Protection Board ("the EDPB"). Since the latter made recommendations to the CPDP, the wording of most of the personal data processing operations underwent changes. In its current version, the List contains eight operations which should
Read More