Data Protection & Data Law

Our advisory approach relating to data protection & data security

Our Data Protection lawyers advise on all issues of corporate data protection: from reviewing and assessing technical and organizational measures to conducting data protection impact assessments and offering support in handling data protection incidents. We always focus on legal protection for our clients to protect them from the risks of unlawful data processing.

Legal protection faces complexity specifically where personal data is transferred to third countries, in particular if they are considered to have a low level of data protection, such as the USA, China, or India. Following landmark decisions by the European courts, it is evident that very high legal requirements must be placed on such data transfers, which companies frequently find difficult to achieve. We assist you in carrying out international data transfers legally compliant and in avoiding any pitfalls. Such data protection violations may be sanctioned with fines of up to EUR 20 million or 4% of global annual revenue.

The processing of personal data on web servers also requires comprehensive legal review. Under current law, any tracking tool requires the prior consent of data subjects, and any data collection requires the existence of a comprehensive privacy policy. When operating platforms, these transparency obligations are even further increased, necessitating a detailed breakdown and assessment of individual processing operations.
 

Legally compliant data processing: data protection in employment law

The processing of employee data is governed by Section 26 German Federal Data Protection Act as a special provision and places demands on German companies that are higher than in other EU member states. A separate legal review is therefore essential where employee behavior is recorded, for example by video surveillance, timekeeping, or location services. It may even be mandatory to conduct a data protection impact assessment in some instances.

Our data protection experts collaborate closely with our Employment lawyers on these legal issues and regularly find pragmatic yet legally compliant solutions to enable the use of such technologies. Advice is particularly required on the following topics:

• negotiating and concluding technology-related company agreements
• drafting and reviewing technology-related employee policies
• legally compliant responses to requests for information from (former) employees
• legally compliant access to business email correspondence where private use is permitted

Dealing with data protection incidents – reporting cyberattacks

Cyberattacks on companies have enormously increased in recent years. It is important to be prepared for such attacks and to take appropriate measures in advance. Under certain circumstances, you are required to report the incident without delay, usually within 72 hours, to the data protection authorities – and, where necessary, also to notify the data subjects.

It is not uncommon for such reports to lead to monitoring measures by the authorities. Since even inadequate wording may entail negative consequences, the notification to the authorities should be drafted by lawyers specializing in data protection law. We have legally advised on a large number of data protection incidents and our experts will gladly assist you.

Our Data Protection & Data Securityadvisors are leaders in their field and are regularly recognized by the relevant industry media. They collaborate closely with lawyers in other fields to examine legal issues relating to digital transformation (see here for more information) from all sides and to resolve them by involving specialists from the following fields:

• Corporate (Corporate 4.0)
• M&A (technology transactions)
• Antitrust (platforms)
• IP (patents, trademarks)
• Health Care (digital medical devices)
• Energy (smart metering)