Data Protection
Over recent years, data protection has increasingly become the focus of public attention. Ongoing digitalization is fuelled by data, and optimizing the use of new technical opportunities in collecting and analysing information is crucial to competitiveness. At the same time, fundamental reforms to data protection law have placed firm limits on the permissibility of processing personal data, set high requirements as to how companies organize their data protection, and threaten tough penalties in the event of legal breaches. Thus, data protection compliance constitutes one of the key risk avoidance strategies for companies.
As a full service law firm, we have for many years taken an integrated approach in advising German and foreign companies on data protection and its interfaces with all relevant legal areas, including IT, corporate, antitrust and employment law.
“… as a full service law firm, covers all data-related issues that companies may face.”
Data protection and compliance structures
EU data protection law places special demands on companies regarding data protection management and organization. We develop tailor-made compliance programmes to minimize the risk of fines. And we advise on how to implement the General Data Protection Regulation, supporting companies in making the necessary modifications to their data protection organization and infrastructure.
On behalf of our clients, we review organisational structures and documentation processes and develop data protection guidelines, declarations of consent and company guidelines that exactly fit our clients’ needs. We also offer our clients training sessions (face-to-face or online) in implementing in-company data protection compliance rules in order to strengthen awareness within the company.
Securing internal investigations and whistleblowing systems under data protection law
We assist companies in internal investigations to clarify compliance violations and in reacting to such violations. This includes handling employees’ personal data in a legally sound and practical manner, organizing and ensuring legal compliance in evaluations of email communication, and checking the permissibility of data transfer to group companies and public authorities in states outside the EU.
We also shape internal whistleblowing systems to comply with data protection laws, both in Germany and internationally, and negotiate the necessary rules with employee representatives.
Data protection advice on IT projects and cloud computing
Our clients profit from our many years of experience in dealing with all kinds of major IT projects. In data protection, we advise on IT outsourcing, on migrating IT functions to the cloud, and on transitional service agreements in the framework of transactions, for example.
For IT product and service providers as well as for their customers, we structure the requisite data protection agreements and terms of use, e.g. for commissioned data processing agreements and remote servicing of IT systems.
Data protection in employment law
Digitalization is changing the world of work faster than the legal framework of employment law is changing. In companies with works councils, we negotiate how digitalized processes will be introduced and how technical opportunities in staff monitoring can be handled in an up-to-date manner. Additionally, we advise companies on using their systems such as email and internet as well as on matters like bring your own device or home offices and the relevant aspects of employment and data protection law.
Data protection in the healthcare sector (sensitive data)
For the healthcare sector, digital progress means major opportunities as well as special data protection challenges given the highly sensitive nature of health data and genetic information.
We advise healthcare sector players such as statutory health insurance funds, drug and medical device manufacturers, pharmacies, trade associations, ambulatory healthcare centres and clinic groups on all relevant legal issues. These include IT outsourcing projects, research initiatives (including use of big data analyses and biobanks), transactions, and structuring online presence.
Cross-border data exchange / data transfers within the group
We advise our clients in Germany and abroad on all issues raised by cross-border exchange of personal data, such as in connection with transactions or where global customer or staff databases are planned, in connection with telematics, on data transfer within corporate groups etc.
Global reach
Internationally, our clients profit from integrated advice from our international network on various data protection rules outside of Germany. In cases extending across jurisdictions, we work together with top international law firms on a steady basis of trust, offering a one-stop shop for optimal advice on each case.