Data Protection Law

In an era where data is considered the “new gold”, your personal information and your customers’ privacy are more than just digital currency – they form the basis of trust between you and your customer base. This is why legal advisors play a central part in the digital revolution: they must build a bridge between the dynamic landscape of innovation and the solid ground of data protection. Our expertise in data protection law paves the way for your company to make full use of the opportunities presented by the digital world without compromising the confidentiality and security of data.

The increasing integration of technologies such as cloud computing, big data and artificial intelligence into everyday business life raises a flood of questions regarding legal issues. It’s not just about navigating strict regulations like the EU General Data Protection Regulation (GDPR) or the German Federal Data Protection Act (BDSG), but also about developing a robust data protection strategy that protects your company from potential risks whilst maximising the value of your services.

Our specialised team not only offers sound advice on current legislation, but can also support you by coming up with pragmatic and future-oriented solutions that are tailored to your company’s specific needs. We can guide you through the regulatory jungle and help you develop a data protection strategy that is both innovative and compliant. In doing so, we always keep our finger on the pulse of time and update our strategies in line with the latest rulings and regulations to ensure that you are always one step ahead.

Working with you, we develop data protection solutions which, in addition to being in conformity with the legal framework, are also conducive to your business objectives. Whether it’s a matter of secure international data transfers or of implementing data protection-friendly technology, our goal is to make your business processes seamless and secure. With a clear vision for the future and a firm understanding of the present, we are committed to helping your company navigate the digital landscape successfully, always using data protection as a compass.

Our range of advisory services:

Data protection in the public sector
  • Advising on all matters pertaining to data protection law, particularly taking into account the special requirements in the public sector 
  • Advising on organising matters in a data protection compliant way and on maintaining such organisation
  • Defending against claims for information and damages with the protection of personal data in mind
Data protection in the company
  • Providing comprehensive data protection law advice for national and international companies and for internal data protection officers
  • Appointment as an external data protection officer and providing support as such
  • Advising on introducing and implementing organisational data protection rules and procedures
  • Advising on introducing data protection compliant business models and processes
  • Advising on carrying out data protection impact assessments, e.g. in connection with the introduction of Microsoft 365, video surveillance or big data applications
  • Drafting and updating relevant documents under data protection law, such as data protection policies, data protection notices or agreements
  • Advising on setting up, implementing and maintaining a data protection compliance system in the company
  • Advising on international data transfers involving countries outside the EU, taking into account the new EU standard contractual clauses and other appropriate safeguards
  • Advising on implementing authorisation and deletion concepts
  • Providing representation vis-à-vis data protection supervisory authorities
  • Advising on risk management in the event of data protection incidents
  • Providing representation in judicial disputes regarding breaches of data protection law
  • Carrying out national and international data protection audits
  • Advise on the Data Act
Data protection management/data protection compliance
  • Carrying out a complete survey and audit of compliance management systems (based largely on the PS 981 audit standard)
  • Analysing the existing data protection management
  • Examining existing processes for whether they meet the requirements under data protection law
  • Advising on introducing a new, data protection compliant data protection management system
  • Examining processes, policies and other procedures for their conformity with the GDPR
  • Drafting and updating data protection management records and other documentation
  • Implementing new standard contractual clauses
Employee data protection
  • Advising, for example, on introducing whistleblowing programmes, human resource or assessment systems at national and international levels
  • Advising on drafting and negotiating works agreements on the basis of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG)
  • Training courses and data protection workshops (e.g. employee workshops)
Data protection for IT projects and web-based applications
  • Data protection-compatible design when using new technologies, such as smart home, car data or health apps
  • Transactional advice (GDPR-compliant due diligence reviews)
  • Advising on setting up websites, online shops and cookie walls and on using tracking and analysis tools
Cross-border data transfer and cloud computing
  • Advising regarding cross-border data processing both for intra-group data exchange and with external parties
  • Drafting and negotiating the necessary agreements (group data privacy framework agreements)
  • Advising on introducing EU standard contractual clauses and binding corporate rules (BCRs)
  • Carrying out national and international data protection audits
  • Assisting with transfer impact assessments
  • Analysing actual international data transfers and advising on the conclusion of data protection compliant agreements
  • Identifying intra-group transfers and helping draft contractual clauses containing additional guarantees
  • First-aid kit for “Schremss II” compliance
GDPR administrative fine map
  • Compiling information about fines already known
  • Providing an overview of offences committed
  • Presenting the information in an overview by federal state


01.07.2024 Press Release
Healthcare: Luther supports the state of Brandenburg in establishing the Medical University of Lusatia
Luther advises AG Capital on partnership with Layenberger Nutrition Group GmbH
Acquisition of an international management consultancy: Luther advises Vocatus on the sale of all shares to Accenture
06.09.2023 Press Release
Brewery group Haus Cramer on course for growth: Luther advises on participation in online beer trade
27.01.2022 Press Release
The Legal 500 Germany – Luther again in the Top Tier twice

Key Contact >>

Key Contact

Silvia C. Bauer


T +49 221 9937 25789

Dr Stefanie Hellmich, LL.M.


T +49 69 27229 24118

Dr Michael Rath


T +49 221 9937 25795

Dr Kay Oelschlägel


T +49 40 18067 12175