Digitalisation is associated with big opportunities, but it also harbours enormous risks. The biggest of those risks relate to the need for more effective cybersecurity, IT and data security solutions, and increasingly stringent compliance obligations for the company management. The GDPR and the German Data Protection Act (BDSG) have to be systematically adopted and complied with. Otherwise the company faces fines and actions for damages. Also, digital trust must be built through privacy by design and privacy by default.

These are the main areas of data law in which we provide our clients with professional support:
  • Data protection audits and GDPR/BDSG pre-screenings
  • Data protection audits and inspections (GDPR/BDSG gap analyses)
  • Business modelling changes/ digitalisation-related change projects
  • Market entry and exit in Europe (data compliance)
  • Product/service/app evaluation (data compliance)
  • Internet business models and online marketing
  • Health data as a value/business model
  • Drafting and checking of data-related contracts
  • DSGVO/BDSG-Pre-Screenings and Audits
  • HR and employee data processing
  • Roll out of HCM/HR controlling software
  • Data protection elements of compliance systems
  • Introduction of whistle-blowing systems (WBS)
  • International data transfers (especially US/Asia data exports)
  • Data and data protection in M&A transactions
  • Outsourcing/cloud solutions
  • Information rights under GDPR
  • Know-how and data loss prevention
  • Crisis management/reputation management/communication (especially in connection with cyberattacks and data loss)
  • Data sovereignty
  • Data ecosystems (especially IDS-compliant, GAIA-X)
  • Data litigation involving competitors and authorities
Technical data protection

Defend against cybersecurity attacks – Cyber Security Incident Response deploy

Organisations have to put suitable technical and organisational measures in place to guarantee a risk-appropriate level of security. Technical measures must also include protection against cybersecurity attacks. If those measures fail, we support you with a comprehensive Cybersecurity Incident Response Plan (CIRP), including the mandatory notification of the data protection authorities, communications with customers, employees, the police and the state prosecutor’s office.

Digital ecosystem

Big Data, AI and networked data structures in digital ecosystems

New legal issues are emerging relating to the use and commercialisation of data, e.g. for big data, AI and interconnected data structures in digital ecosystems such as the European GAIA-X. Who owns the data, who has data sovereignty and how can the use of data be commercialised? How is the value of data shown in a company balance sheet? There are also new challenges in the areas of data ethics and corporate digital responsibility (CDR).
Data Protection Management System

Secure structures for data privacy compliance

Effective data protection legislation such as the GDPR and BDSG demand secure in-company structures and processes to ensure data privacy compliance. A data protection management system is the basis for risk management. It is also the key to avoiding draconian fines and averting or successfully defending a multitude of actions for damages.


If you have any questions about data protection please feel free to mail us.