Data Protection Law

Data protection is a matter of design, not a playground for professional pessimists. Businesses need advice that enables projects and treats data protection requirements as solvable legal and technical challenges. 

We support our clients in all data protection matters – from fundamental implementation work and the resolution of specialist issues through to dealing with supervisory authorities where necessary. Our advice combines legal expertise with technical understanding and the willingness to challenge one-sided interpretations by regulators where appropriate.
 

Data Protection as an Enabler of Digital Projects

Data protection law is often perceived as a brake on innovation. We take a different view: data protection is a framework for shaping digital business. Our task is to find ways for innovative business models and digital projects to be implemented in compliance with data protection law. This ranges from data-driven platforms and personalised services to AI-driven products that depend on large datasets. 

We design solutions for complex data processing operations, assess legal bases and structure data protection-compliant processes. In doing so, we develop pragmatic approaches that combine legal certainty with commercial flexibility.
 

Data Protection in IT Projects and Cloud Environments

Modern IT infrastructures are inconceivable without cloud technologies. Designing cloud services, SaaS solutions and digital platforms in compliance with data protection law requires an understanding of technical architectures and international data flows. 

We advise on the data protection-compliant design and implementation of IT projects and cloud environments. This includes developing data protection concepts that are aligned with technical realities and commercial needs. Particular focus areas are the structuring of processing activities, the selection of appropriate processors and the requirements for international data transfers.
 

Artificial Intelligence and Data Protection

The use of AI systems can give rise to complex data protection issues. Here, the detailed regulation of the AI Act meets the already demanding requirements of the GDPR. We advise on the data protection-compliant design of AI projects, on the interplay between the AI Act and the GDPR and on the legal assessment of AI-driven business models. Our goal is to develop solutions that enable innovation rather than prevent it.
 

Dealing with Supervisory Authorities

Supervisory authorities often approach data protection law from their own institutional perspective. However, their legal views do not always stand up in court. We develop defence strategies that seek both an amicable solution with the authority and a robust position for potential court proceedings. Our primary focus is to avoid disputes or escalation to litigation wherever possible and instead to work with supervisory authorities towards a measured solution that is acceptable to both sides.

Our work includes representation in fine proceedings, challenging regulatory orders and clarifying contentious legal questions.
 

Damages Claims under Article 82 GDPR

Infringements of the GDPR can give rise to claims for damages. Case law on Article 82 GDPR has already established clear guiding principles for dealing with data protection breaches, but it continues to evolve dynamically and still leaves questions open in individual cases. We advise companies on defending against damages claims and represent them in court proceedings.
 

Data Protection Compliance and Governance

The GDPR requires companies to implement organisational and technical measures. We advise on the implementation of data protection management systems, the role of the data protection officer, the conduct of data protection impact assessments and the documentation of processing activities. 

Our focus is on solutions that meet regulatory expectations while maintaining the company’s ability to act. We structure processes and documentation so that they remain manageable in day-to-day operations and can withstand scrutiny in audits or crisis situations.
 

Intersection of Data Protection and Cybersecurity

Data protection and IT security are closely intertwined. The NIS 2 Directive, the Cyber Resilience Act and the technical and organisational measures required under Article 32 GDPR form part of a connected framework. 

We advise on designing IT security concepts in compliance with data protection law, on notification obligations in the event of personal data breaches under Articles 33 and 34 GDPR, and on the interface between cybersecurity requirements and data protection law. 

Let us work with you to find ways to make your project compliant with data protection law.