Silvia C. Bauer | LUTHER Rechtsanwaltsgesellschaft mbH

Silvia C. Bauer specialises in assistance pertaining to data privacy. She conducts data privacy audits and advises national and international companies on the organisation of their data protection and the safeguarding of data protection compliance. Her field of activity comprises support regarding the implementation of the requirements of the European General Data Protection Regulation, the examination of the admissibility of data handling, outsourcing or implementation of cloud based IT-systems, AI-based applications or whistleblowing systems, the legitimacy of data transfer in international company groups, the drafting and negotiation of contracts and works agreement with regard to data privacy, the drafting of leaflets on data privacy or data privacy guidelines. Furthermore, Silvia C. Bauer acts as external Data Security Officer for various national and international companies and company groups, is Data Security Officer at Luther and is a guest lecturer at numerous events related to data protection and IT law. She regularly publishes articles regarding data protection issues in various journals.

Data Protection Law
IP & Copyright Law
IT Law
Data Protection, Antitrust & Compliance
Digital Infrastructure

After completing vocational training as a Business Administration Manager, Silvia C. Bauer spent three years at Hoechst AG in Frankfurt, Germany, as a Country Consultant. While working, she studied Economic Sciences at the University of Applied Sciences in Mainz, Germany. She received her degree in law from the University of Frankfurt. She joined Luther’s predecessor firm in 2000.

The Legal 500 Germany 2022: Recommendation in "Data Protection" (first recommendation in 2022, first mentioned in 2015)
kanzleimonitor.de 2018/2019: Recommendation in "Data Protection Law" (first recommendation in 2017/2018)
Best Lawyers 2023: Recommendations in "Information Technology Law" (first recommendation in 2021) and "Data Security and Privacy Law" (first recommendation in 2022)

Ongoing advice to internationally operating companies from the pharmaceuticals, automotive, finance and industrial engineering industries, amongst others, on the fulfilment of the requirements under the European General Data Protection Regulation, the introduction of organisational data protection measures, the performance of data protection audits and on how to ensure compliance with data protection law
Comprehensive advice to internationally operating groups of companies, such as McKesson, UDG, Imperial Tobacco, Tokyo Electron or Atlas Copco (in some of the cases, as an external data protection officer) in all areas of data protection law, in particular with regard to the worldwide exchange of data within the group and with third parties, the performance of risk assessments, the introduction and implementation of erasure and authorisation concepts, the review of Big Data applications, the introduction of cloud-based CRM or personnel information systems, the negotiation of works agreements or in the area of digital marketing
Ongoing data protection law advice to companies from the energy industry, e.g. E.ON SE, when introducing cloud-based IT systems, verifying the lawful operation of such systems, performing data protection impact assessments, globally exchanging data, etc.
Data protection law advice in the area of digital health, for example, to Gematik in connection with the introduction of the electronic health card, the introduction and implementation of health apps and corresponding technologies of diverse companies, as well as the implementation of data protection by design and default
Comprehensive data protection law advice to companies from the real estate industry on how to handle the data of tenants and interested parties and on the introduction of smart technologies, amongst other things
Data protection law advice to groups of companies from the food industry on the implementation of websites and marketing strategies

Microsoft Exchange – should affected companies report to the regulatory authorities as late as now?

Gesellschaft für Datenschutz und Datensicherheit e.V., Deutsche Gesellschaft für Recht und Informatik e.V.