Digital business models
With our legal expertise we provide support for companies and their digitisation plans from the basic concept to going live.
It may be necessary in the case of critical business processes to examine compliance with data protection laws by providing an expert opinion. Our evaluations always conclude with a clear result and a practical recommendation for action. If necessary, we also accompany the preparation of data protection impact assessments.
Data protection for transactions
Whether asset deal or share deal, we advise companies on the legally secure transfer of customer data in connection with corporate transactions. The question of the permissibility of access to personal data by the potential acquirer regularly arises as early as the due diligence stage. We also provide advice to insolvency administrators on the realisation of assets involving personal data.
Consent declarations and data protection declarations
We prepare all necessary legal texts: Data protection information for websites and apps, advertising consent, declarations of consent or social media guidelines. This also includes the actual textual design of potentially annoying cookie banners and the integration of content management tools.
Data protection projects
In the course of implementing the GDPR, we have supported data protection projects in many companies, primarily larger ones. We help you to make your company or individual areas compliant with the GDPR. In most cases, this now involves a re-evaluation of the list of processing activities or data protection management systems that have been introduced.
Order processing contracts and joint control agreements
When working with service providers and cooperation partners, the question of the legal basis for data protection always arises. We examine whether this is the case from a data protection perspective (Art. 28 GDPR, Art. 26 GDPR or controller-to-controller) and draw up the necessary legal texts.
Examination of suspected cases according to Art. 33, 34 GDPR
Over the past 2 years, we have investigated more than 2,000 cases of possible data protection breaches to determine whether the incident should be reported to the relevant data protection authority. In many cases, the result is that notification is not required because there is no likely risk to the data subjects. You will usually receive documentation of the incident and a clear recommendation on the obligation to report it, together with information on legally required immediate measures, on the same day.
Employee data protection
We advise companies on all legal issues concerning the contemporary workplace. Our HR-IT team will assist you in all questions of employee data protection. From the digitalisation of the application procedure to the digital personnel file for home office and mobile working to the use of digital control and monitoring measures – we will put the digitalisation of your personnel department and employee management on a secure footing in terms of data protection and employment law.
Dispute with data protection authorities
We have been representing clients in proceedings against German data protection authorities long before the GDPR came into force. However, the number and importance of these proceedings has increased significantly in recent years. Our data protection litigation team handles many challenging proceedings for companies against data protection authorities. While there are potentially large GDPR fines in some cases, there are sometimes (seemingly) minor issues that need to be resolved.
Data protection officer...
…this is not us. We are not offering to provide an external data protection officer because we consider ourselves precluded from doing so by our professional regulations. As lawyers, we cannot advise you on data protection issues and at the same time perform the functions of the monitoring data protection officer. However, we work together with specialised data protection officers, in whose services we have great confidence. Please do not hesitate to contact us in this regard.
Long-term data protection project management for a major bank
On behalf of a German automotive bank, we are constantly reviewing incoming cases of potentially reportable protection violations under Art. 33 and 34 DSGVO. We have advised the client for years on various internal data protection projects and their digital business models. Several of our colleagues have been working directly within the client’s systems.
Formulation of a new declaration of consent for an insurance group
On several occasions in the past, we have been involved in the process of obtaining a new advertising permit where the GDPR and UWG intersect. This always involves striking a balance between the greatest possible degree of authorisation to advertise potential customers on the various channels and the effectiveness of the consent. Very often we are also responsible for recording the consent and implementing any objections to advertising. We are currently working together with in-house colleagues from a large international insurance group on the fundamental redesign of the group-wide advertising consent.
Data protection due diligence for mobility companies
Commissioned by a potential investor, we are currently examining the data protection documentation and records of a mobility provider for obvious risks to the company.