The importance of data protection issues continues to grow with the advancing digitalization and data economy in all industries.

By now, data is often more valuable than physical assets. Thus, the protection of personal data, but also the protection of corporate data, has gained in importance. The legal framework for a secure and legal handling of data is very complex. It is essential to identify and avoid legal risks in these areas at an early stage, not least against the background of the international nature of various business models and transactions in these areas. Our experts will advise you on this comprehensively and with a view to your individual business model.

To this end, we are familiar with all relevant legal frameworks for a secure and legal handling of data, provide support in all data protection issues and represent your interests in the event of a dispute, even in court.

Our services in the field of Data Protection Law

Companies with 20 or more employees are required to appoint a data protection officer. As an external data protection officer, we support you with our expertise in all data protection issues.

The appointment of an external data protection officer has various advantages for companies:

  • No costs and time spent on the necessary qualification
    As external data protection officers, we already have the legal and technical knowledge to perform this role.
  • No protection against dismissal
    Internal data privacy officers enjoy protection against dismissal comparable to that of a works council
  • No organizational blindness
    The external data protection officer can assess data protection in your company without bias.
  • Personnel resources
    Your employees do not have to be removed from their actual jobs for data protection officer tasks.
  • A wealth of experience
    As an external data protection officer, we can draw on a wealth of experience from our ongoing data protection consulting.
  • Independence
    As an external data protection officer, we are perceived as independent both internally and externally by data protection authorities.
  • Neutral position
    The data protection officer can mediate between the company, the works council and the employees.
  • Unification
    We can provide data protection officers throughout the Group. This standardizes processes and helps you keep an overview.
  • Wide reach
    We can even provide data protection officers throughout the EU.

As data protection officers, we support you in setting up and implementing a GDPR-compliant data protection organization in your company. All of our consultants are licensed attorneys who additionally practice in labor law or IT law, two areas of law with the greatest points of contact with data protection law.

  • Data protection audit
    At the beginning of our work, we conduct a detailed data protection audit at your company and draw up a list of measures. The audit includes an on-site inspection of the company and a review of the technical and organizational measures.
  • Ongoing consulting
    As part of ongoing consulting, we work with you to implement the list of measures and support you in all data protection issues.
  • Review of websites and online shops
    We check your websites and online shops for data protection compliance and inform you about changes relevant to you.
  • Control of processors
    Anyone who uses processors in the company must monitor them accordingly. As data protection officers, we conduct the initial check for you and, if necessary, all further checks, including on-site checks.
  • Employee data protection
    In the employment relationship, further regulations on employee data protection apply in addition to the general data protection regulations. Here, too, we provide you with the relevant templates, fact sheets or checklists.

Since the introduction of the GDPR in May 2018, controllers have been subject to a large number of documentation and verification obligations. As external data protection officers, we support you in creating and updating the documents relevant to you: 

  • Data protection concept
  • Processing lists, retention and deletion concepts, IT usage guidelines
  • Data protection impact assessments (e.g., for video surveillance)
  • Fact sheets in the area of personnel data processing

We offer training for employees and managers that is tailored specifically to your company and your needs. Training courses can be held annually or on an as-needed basis. We will be happy to coordinate the specific content of the training with you. Possible topics include:

  • General employee training
    Create a basic understanding of data protection, related requirements and best practices among all your employees for a consistently high level of data protection in your company.
  • IT department
    Employees in IT departments are often involved with data protection issues. Topics of training include data protection through technical and organizational measures, data protection-friendly settings of programs and authorization concepts. Dealing with data breaches can also be the subject of training.
  • Human resources department
    The HR department also encounters data protection issues on an ongoing basis. Sensitive personal data in particular, such as health data (e.g., severe disability or sick leave) or trade union membership, are repeatedly the subject of processing in the HR department. Due to the amount and type of data processed, it makes sense to train employees on a regular basis.
  • Works Council
    As part of its participation rights, the works council has comprehensive access rights to employee data and may also use this data for its own purposes, however, the employer remains the controller. It therefore makes sense for companies to offer regular training in data protection issues to works council members.
Dr. Christian Engelhardt, LL.M.

Dr. Christian Engelhardt, LL.M.

Partner

Attorney-at-Law (Rechtsanwalt)

What can we do for you?

Talk to us. Simply without obligation.

Contact now