Data Protection Law
Digitisation opens up new opportunities for companies of all sectors and sizes and creates space for infinitely scalable, forward-thinking business models. Digital progress also means new challenges for its players: for companies to secure their competitive advantages in the long term, they must become active and implement legal regulations relating to data protection and IT security.
We develop customised concepts for data protection and for the use of data for the increasing requirements – both legal and technical – in the field of digital business. The collection, analysis and use of all (personal) data must be carried out in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (FDPA) and other sector-specific national and international data protection regulations. Innovation and data protection are not contradictory: As a future-oriented, technology-oriented law firm, we combine legal know-how with an excellent technical understanding of economic, innovative and technology-driven solutions.
Our offer
We are at your disposal for the following questions and topics:
We develop approaches to data processing that is compliant with data protection requirements in the sectors:
- Energy
- Pharma & Health
- E-Commerce & Trade
- Mobility
- Finance
We develop sustainable data usage concepts to achieve your goals in the use of new technologies, such as:
- Artificial Intelligence
- Big Data
- Internet of Things (IoT)
- Scoring
- Blockchain and Smart Contracts
Advice on legally compliant usage of databases for marketing purposes, e.g:
- Establishment and review of customer loyalty programmes
- Implementation of customer relationship management systems that comply with data protection regulations
- Use of Data Lakes
- Omnichannel Marketing in compliance with data protection laws
Implementation of data protection regulations within your individual company structure:
- Employee data protection
- Set up of regulations for video surveillance of your company and your employees
- Construction of a whistle blower framework in compliance with data protection
Data protection compliance in national and international IT projects, in particular:
- Data protection & IT outsourcing
- Drafting of data protection contract documents for IT projects
Advice on the data protection requirements when transferring data abroad, in particular:
- Advice on the outsourcing of data processing processes
- Legitimisation of the data transfer by means of appropriate guarantees, such as standard data protection clauses between data importer and exporter
- Support and advice on the preparation of Binding Corporate Rules (BCR)
- Advice on the implementation and drafting of sector-specific codes of conduct for data transfer abroad
We see data protection in synergy with IT security and work out solutions that transcend legal areas, which we also implement in technical concepts. This includes, i.a.:
- Implementation of the requirements from Payment Services Directive 2 (PSD2), Payment Services Supervision Act (ZAG), Governance Banking Act (KWG), The Supervisory Requirements for IT in Insurance Undertakings (VAIT), The Supervisory Requirements for IT in Financial Institutions (BAIT), Minimum Requirements for Risk Management (MaRisk) and other requirements for IT systems from the Federal Financial Supervisory Authority (BaFin) and the European Banking Authority
- Advising companies in the KRITIS sector on data protection and IT security
- Consulting on compliance for technical and organisational measures (TOM) as to secure IT
- Consultation regarding C5 requirements for data protection and IT security
- TISAX consulting for automobile companies
Advice on the correct and successful handling of data protection authorities, handling of correspondence, e.g:
- Hearings and information requests in administrative proceedings of the data protection authorities; advice, handling of correspondence with the data protection authorities, representation in court proceedings
- preparation of company audits by data protection authorities (rehearsal)
- Support in administrative offence proceedings (fine proceedings)
Development and implementation of customised data protection compliance programmes:
- Development of data protection management systems (DPMS)
- Development of customised internal data protection guidelines
- Preparation of data privacy impact assessments (DPIA)
- Advice on monitoring measures
- Individual design of concepts to safeguard the rights of data subjects
- Preparation of declarations of consent and information for data subjects
- Drafting individual data protection declarations
- Advice on establishment of records of processing activities
Contract management in data protection law:
- Preparation of contracts and company agreements
- Drafting of data processing agreements (DPA) and joint controller agreements (JCA)
Implementation of staff training and audits
Data protection check as part of the due diligence (M&A)
Initial Consultation on Data Protection Law
Do you have questions about data protection law? Our lawyers specializing in data protection law are happy to assist you in the areas listed.