FIELDS OF LAW

Data Protection, IT & Outsourcing

Our Data Protection, IT & Outsourcing team offers comprehensive all-round advice on data protection and IT law.

In the area of data protection law, we are familiar with digital business models and issues relating to data protection in e-commerce and digital marketing, data protection in corporate groups, employee data protection and national and international data transfer. In addition, we have many years of experience in data protection management, conduct training courses, prepare expert opinions and represent clients in all proceedings before courts and authorities.

In IT law, we provide comprehensive advice on the drafting and negotiation of all types of IT contracts and assist our clients with specific contractual and licensing issues in the areas of transactions, IT tenders and projects such as outsourcing or the introduction of new hardware and software.

If complications arise in an IT project, we represent our clients in the assertion of warranty and compensation claims or the termination or reversal of contractual relationships both out of court and in court. We also enforce our clients’ rights to software in the event of infringement.

Our Range of Services

  • Adaptation of systems and processes to changed legal or regulatory requirements
  • Implementation of an extended “record of processing activities” as an “accountability backbone”
  • Implementation of “privacy by default”, “privacy by design” and the “data protection impact assessment”
  • Advice on changing and designing business processes, business models and products
  • Adaptation of data protection organization/ management and adaptation of data protection documentation to the requirements of the GDPR (data protection contracts, company agreements, internal data protection guidelines,
  • declarations of consent and data subject information)
  • Structuring and development of a data protection organization in the company
  • Conceptual design of data protection management systems and support during implementation
  • Creation and review of internal data protection guidelines, in particular regarding the handling of personal data by employees, dealing with data protection breaches, data protection impact assessment, and data retention/deletion
  • Employee training and workshops
  • Design and support of monitoring measures and audits
  • Analysis, design and adaptation of business processes and business models
  • Advice on digital products, e.g., in the areas of Big Data and Internet of Things
  • Process- and product-specific review, creation and adaptation of data protection contracts, declarations of consent and data subject information
  • Review and data protection-compliant design of data transfers, especially when using external service providers in outsourcing and cloud computing
  • Data protection-compliant design of intragroup and international data transfers
  • Structuring and development of a data protection organization within the group
  • Examination and data protection-compliant design of intragroup data transfers, in particular in matrix organizations
  • Data privacy-compliant design of group-wide centralization of IT infrastructures and IT services
  • Review and data protection-compliant design of e-commerce and mobile commerce offers and advertising in the digital environment, especially in the subject area of targeted advertising
  • Conceptual design and support in the implementation of customer relationship management systems
  • Review and data protection-compliant design of HR processes and advice on the digitalization of HR processes
  • Design of regulations for the (private) use of company IT infrastructure and private IT in the company context
  • Design of regulations for (video) monitoring of employees
  • Design of whistleblowing systems and support during implementation