At the same time the Internet is developing into an omnipresent companion in today’s world, data protection has become a fundamentally relevant issue both socially and in all areas of business.

In particular, since the EU-wide introduction of the General Data Protection Regulation (GDPR) in 2018, strict requirements regarding the protection and security of personal data apply to all those who offer services on the Internet. Failure to comply with these requirements can result in enormous fines of up to EUR 20 million or 4% of the company’s global turnover.

With the introduction of the “Privacy by design” approach, the GDPR requires that data protection is technically integrated when developing data processing procedures. Accordingly, we advise our clients right from the product development phase on how they can best meet data protection requirements. In the same way, we review existing products and processes with our clients with regard to their compatibility with the current requirements.

The General Data Protection Regulation has also introduced a number of other formal obligations which must be observed. These include, among others,

• detailed data protection statements not only for end customers but also for employees and business partners,
• maintaining a register of processing activities with regard to internal procedures,
• agreements entered into on the processing of data on behalf of external service providers,
• the use of the EU Commission’s standard clauses in international legal relations with third countries.

We offer our clients expert, individual and reliable support and assistance at all these levels, e.g. with internal audits or structuring and formulating the necessary documentation.