Data protection - GDPR

The EU General Data Protection Regulation (GDPR) came into force in May 2016 and the data protection regulations have been binding since May 2018. The GDPR imposes extensive obligations on companies, such as reporting obligations, accountability obligations, ensuring data security and implementing data subject rights. Despite the threat of high penalties (up to 20 million euros in fines or up to 4% of annual global turnover, whichever is higher), not all companies are fully aware of how to deal with consent, rights of withdrawal, purposefulness, prohibition of coupling, rights to information, erasure and reporting obligations in compliance with data protection regulations. In addition, the GDPR grants claims for damages for material and immaterial damage resulting from a breach of the provisions of the GDPR. Our certified data protection experts and lawyers will support you in implementing the GDPR in your company. Among other things, we carry out data protection audits and customised employee training.

External data protection officer as a service

With data protection as a service, you have the option of completely outsourcing the topic of data protection to our lawyers. We act as your external data protection officer and support you in complying with data protection obligations and thus minimising your liability risks. Support with the implementation of GDPR requirements We act as your data protection officer and work with you to identify and document processing activities and check their legality. Our consulting services focus on

  • Drafting of erasure concepts
  • Review of websites and apps
  • Creation of the necessary processes (data subject rights, data breach, etc.)
  • Handling of data protection incidents and risk assessment
  • Creation of data protection organisations
  • Software development and data protection
  • Implementation of data protection impact assessments
  • Creation of data protection guidelines, video surveillance
  • Conducting audits of your processors
  • Identification of joint controllers etc.

Data protection training for employees

We create awareness of the GDPR and data protection in your organisation. Your employees must know the data protection framework and be able to comply with it - in relation to their work - in order to minimise the potential risk of reputational damage, high fines or claims for damages. The more specific and customised the content of a data protection training course is to the individual areas of work of the participating employees, the more efficient it will be. We offer customised training tailored to the needs of your company for every area of the company, e.g. HR department, marketing department, IT department (technical data protection), purchasing department, etc. Our data protection training courses cover the most important data protection topics as well as selected practical examples from your company’s field of activity. These preferably take place on site, remote training is also possible.

Data protection / GDPR audit service

For your own protection, we review the current status of your company’s data protection management. We identify potential risks and support you in minimising them. Relevant activities are checked for compliance with the GDPR and coordinated with your responsible/responsible persons. Once the data protection audit is complete, you will receive a final report with a list of identified potential improvements and recommendations for action.

DORA Readieness - Digital Operational Resilience Act

With DORA, a harmonised and comprehensive legal framework for the digital operational resilience of European “financial companies” and “ICT third-party service providers” was adopted at the beginning of 2023, which is to be applied from 17.01.2025. The scope is divided into five core areas and depends on the size and risks of the business model (proportionality principle) and the maturity of the digital operational resilience of the respective financial organisation. For the companies covered by DORA, the obligations associated with the regulation represent an enormous financial and technical challenge, and there is an immediate need for action! We support you with a gap analysis as the basis for the subsequent implementation project to establish DORA readiness in order to ensure fulfilment of the regulatory requirements, which must be implemented by January 2025.