With the coming into force of the EU Data Protection Basic Regulation (DSGVO) on 25 May 2018, data protection law has moved more into the focus of public awareness. Since personal data is collected and processed in almost every process in companies and public authorities, data protection law must be considered as a so-called “cross-sectional matter” in practically all projects and fields of activity. Due to the broad positioning of our firm in advising technology projects, we are able to provide comprehensive advice in this regard.

In particular, the GDPR has introduced and also extended extensive documentation and notification obligations, which require precise knowledge of the processing procedures implemented in one’s own organization (so-called “accountability”). The obligation to communicate the legal basis on which personal data is processed forces organizations to document the relevant considerations. Data protection legal know-how within the organization is therefore essential in order not to run the risk of being exposed to possible sanctions by the supervisory authorities or, if applicable, warning letters from competitors. In addition to substantial fines, there is also the threat of negative media coverage. The importance of data security and the technical and organizational measures required for this, which must of course be professionally documented, are increasingly emphasized by the GDPR.

• Data protection assessment of processing activities and projects
• Creation/verification of lists of processing activities
• Preparation of data protection declarations and consents
• Advice on the introduction of measures to establish data protection as part of com-pliance (e.g. Group and corporate guidelines on data protection and compliance with them)
• Training courses on data protection in general and on specific topics, such as press and public relations, data protection in award procedures, etc.
• Legal advice to data protection officers