Data Protection Law

Digitisation opens up new opportunities for companies of all sectors and sizes and creates space for infinitely scalable, forward-thinking business models. Digital progress also means new challenges for its players: for companies to secure their competitive advantages in the long term, they must become active and implement legal regulations relating to data protection and IT security.

We develop customised concepts for data protection and for the use of data for the increasing requirements – both legal and technical – in the field of digital business. The collection, analysis and use of all (personal) data must be carried out in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (FDPA) and other sector-specific national and international data protection regulations. Innovation and data protection are not contradictory: As a future-oriented, technology-oriented law firm, we combine legal know-how with an excellent technical understanding of economic, innovative and technology-driven solutions.

Our experience and successes have proven us right: On 29 October 2020, our technology law firm received the JUVE Award 2020 in the category “Law Firm of the Year for IT and Data Protection“. In addition, The Legal 500, the JUVE handbook, Best Lawyers and recommend us as a top law firm in data protection law.

Our offer

We are at your disposal for the following questions and topics:

Sector-specific data protection

We develop approaches to data processing that is compliant with data protection requirements in the sectors:

  • Energy
  • Pharma & Health
  • E-Commerce & Trade
  • Mobility
  • Finance
Data protection and new technologies

We develop sustainable data usage concepts to achieve your goals in the use of new technologies, such as:

  • Artificial Intelligence
  • Big Data
  • Internet of Things (IoT)
  • Scoring
  • Blockchain and Smart Contracts
Data protection and marketing

Advice on legally compliant usage of databases for marketing purposes, e.g:

  • Establishment and review of customer loyalty programmes
  • Implementation of customer relationship management systems that comply with data protection regulations
  • Use of Data Lakes
  • Omnichannel Marketing in compliance with data protection laws
Staff data protection

Implementation of data protection regulations within your individual company structure:

  • Employee data protection
  • Set up of regulations for video surveillance of your company and your employees
  • Construction of a whistle blower framework in compliance with data protection
Data protection in IT projects

Data protection compliance in national and international IT projects, in particular:

  • Data protection & IT outsourcing
  • Drafting of data protection contract documents for IT projects
Cross-border data protection

Advice on the data protection requirements when transferring data abroad, in particular:

  • Advice on the outsourcing of data processing processes
  • Legitimisation of the data transfer by means of appropriate guarantees, such as standard data protection clauses between data importer and exporter
  • Support and advice on the preparation of Binding Corporate Rules (BCR)
  • Advice on the implementation and drafting of sector-specific codes of conduct for data transfer abroad
Advice at the interface of data protection and IT security

We see data protection in synergy with IT security and work out solutions that transcend legal areas, which we also implement in technical concepts. This includes, i.a.:

  • Implementation of the requirements from Payment Services Directive 2 (PSD2), Payment Services Supervision Act (ZAG), Governance Banking Act (KWG), The Supervisory Requirements for IT in Insurance Undertakings (VAIT), The Supervisory Requirements for IT in Financial Institutions (BAIT), Minimum Requirements for Risk Management (MaRisk) and other requirements for IT systems from the Federal Financial Supervisory Authority (BaFin) and the European Banking Authority
  • Advising companies in the KRITIS sector on data protection and IT security
  • Consulting on compliance for technical and organisational measures (TOM) as to secure IT
  • Consultation regarding C5 requirements for data protection and IT security
  • TISAX consulting for automobile companies
Communication with the authorities and official procedures

Advice on the correct and successful handling of data protection authorities, handling of correspondence, e.g:

  • Hearings and information requests in administrative proceedings of the data protection authorities; advice, handling of correspondence with the data protection authorities, representation in court proceedings
  • preparation of company audits by data protection authorities (rehearsal)
  • Support in administrative offence proceedings (fine proceedings)
General advice on data protection law

Development and implementation of customised data protection compliance programmes:

  • Development of data protection management systems (DPMS)
  • Development of customised internal data protection guidelines
  • Preparation of data privacy impact assessments (DPIA)
  • Advice on monitoring measures
  • Individual design of concepts to safeguard the rights of data subjects
  • Preparation of declarations of consent and information for data subjects
  • Drafting individual data protection declarations
  • Advice on establishment of records of processing activities

Contract management in data protection law:

  • Preparation of contracts and company agreements
  • Drafting of data processing agreements (DPA) and joint controller agreements (JCA)

Implementation of staff training and audits

Data protection check as part of the due diligence (M&A)

Do you have any questions about our services? Our lawyers will be pleased to help you.

Law firm of the year technology and media
law firm of the year it and data protection
JUVE Handbuch 2023 2023 SRD Webseite
kanzleimonitor 2023 SRD
Legal 500


Subscribe to our monthly newsletter with information on judgments, professional articles and events (currently only in german).

By clicking on "Subscribe", you consent to receive our monthly newsletter (with information on judgments, professional articles and events) as well as to the aggregated usage analysis (measurement of the opening rate by means of pixels, measurement of clicks on links) in the e-mails. You will find an unsubscribe link in each newsletter and can use it to withdraw your consent. You can find more information in our privacy policy.