Data Protection Law

Industry 4.0, Business 4.0, big data, car data, internet of things (IoT), cloud computing, smart home, smart car or e-health: personal data and the way it is being used is becoming an increasingly important part of existing or completely new business areas. At the same time, as digitalisation advances, there is always a situation of potential conflict between economic innovation and the protection of personal data. Compliance with and the violation of data protection laws are thus increasingly becoming the focus of public attention. This means that companies need to find their way around the conflict between their business interests and the legal requirements by ensuring their data protection is very well organised. Our pragmatic and solution-oriented team that specialises in data protection law can help you ensure that this succeeds as best as possible.

The processing of personal data is highly regulated. In addition to the EU General Data Protection Regulation (GDPR) and the new German Federal Data Protection Act (BDSG-neu), which has been amended to accord with EU law, sector-specific laws such as the German Telecommunications Act (TKG) or the German Act Against Unfair Competition (UWG) regulate how personal data is handled. Compliance and liability risks must be considered and safeguarded with regard to the exploitation of personal data, which offers attractive business opportunities for companies. The public sector, too, must take into account the special data protection requirements within the framework of the German Federal Data Protection Act.

Together with our clients, we develop the best industry-focused data protection solution for the respective client, tailored to this client’s individual corporate needs, on the basis of the current legislation, jurisprudence and the announcements made by the data protection supervisory authorities. This strategy is constantly being updated and is already taking into consideration the consequences of possible future developments.

We work with our clients to implement the requirements for complying with data protection law and develop processes to ensure such compliance is maintained in the long term. In particular, we verify compliance with the requirements under data protection law regarding the security of data transfers, taking into account current case law and developments in EU legislation, such as the ECJ’s Schrems II judgment or the new standard contractual clauses.

When implementing data protection management systems or new technologies, such as the digital twin or autonomous driving, we can support our clients based on our many years of experience.

Our range of advisory services:

Analysing actual international data transfers to external contractual partners and advising on the conclusion of data protection compliant agreements
Identifying intra-group transfers and helping draft contractual clauses containing additional guarantees
First-aid kit for “Schrems II” compliance

Compiling information about fines already known
Providing an overview of the offences committed
Presenting the information in an overview by federal state

Advising on all matters pertaining to data protection law, particularly taking into account the special requirements in the public sector
Advising on organising matters in a data protection compliant way and on maintaining such organisation
Defending against claims for information with the protection of personal data in mind

Providing comprehensive data protection law advice for national and international companies and for internal data protection officers
Appointment as an external data protection officer and providing support as such
Advising on introducing and implementing data protection organisation
Advising on introducing data protection compliant business models and processes
Advising on carrying out data protection impact assessments, e.g. in connection with video surveillance or big data applications
Drafting and updating relevant documents under data protection law, such as data protection policies, data protection notices or agreements
Advising on setting up, implementing and maintaining data protection compliance in the company
Advising on international data transfers involving countries outside the EU, taking into account the new EU standard contractual clauses and other appropriate safeguards
Advising on implementing authorisation and deletion concepts
Representation vis-à-vis data protection supervisory authorities
Risk management in the event of data protection incidents
Providing representation in judicial disputes regarding breaches of data protection law
Carrying out national and international data protection audits

Ascertaining the current situation and examining compliance management systems
- Checking on the existing data protection management
- Comparing the existing processes with the requirements under data protection law
- Advising on introducing a new, data protection compliant data protection management system
Examining processes, policies and other procedures for their conformity with the GDPR
Drafting and updating data protection management records and other documentation
Applying the IDW PS 980 auditing standard
Making the required adjustments to ensure compliance with the Schrems II judgment
Implementing new standard contractual clauses

Advising, for example, on introducing whistleblowing programmes, human resources or assessment systems at national and international levels
Advising on drafting and negotiating works agreements on the basis of the EU General Data Protection Regulation (GDPR) and the new German Federal Data Protection Act (BDSG-neu)
Training courses and workshops (e.g. employee workshops)

Data protection-compatible design when using new technologies, such as smart home, car data or health apps
Transactional advice
Advising on setting up websites, online shops and cookie walls and on using tracking and analysis tools

Advising regarding cross-border data processing both for intra-group data exchange and with external parties
Drafting and negotiating the necessary contracts
Advising on introducing binding corporate rules (BCRs)
Carrying out national and international data protection audits