Data Privacy

Data protection is an integral part of digitalisation. Digitalisation and connectivity offer seemingly unlimited opportunities for collecting, analysing and commercially using data, especially personal data.

Mann in Stadt
Highly specialised team of data protection experts
Top-tier law firm for data protection, IT and outsourcing (JUVE, Chambers, Legal 500, Best Lawyers, Who’s Who Legal)
Thought leadership: “The New European General Data Protection Regulation, Impact on Corporate Practice – Guidance for Legal Advisors and Enterprises” (2018) Rechtshandbuch “Internet of Things” (2021)
Thanks to our recognised, outstanding expertise in data protection law as well as a rich dose of creativity, we are able to assist you in planning and implementing your business models and processes in a legally compliant manner. Thus, we ensure that the use and commercialisation of personal data does not become a compliance trap for you.


For us, data protection law is not just a field of law secondary to other areas of law, but an important advisory field in its own right. Our data protection experts focus on this very dynamic and fast-developing area of law. We provide highly specialised and effective advice on all data protection issues, including in litigation, especially involving regulatory authorities.

  • Adapting business processes, products and business models to the requirements of the GDPR
  • Preparing documentation required under data protection law such as data protection agreements, privacy policies, legality audits, consent forms and privacy impact assessments (PIA)
  • Analysing the gap between a client’s existing data protection and the protection required under the GDPR; implementing the necessary changes while applying a risk-based approach pursuant to the GDPR
  • Designing, establishing and implementing data protection structures within a company or corporate group, including preparing policies that govern such data protection structures
  • Preparing internal privacy policies, especially for employees’ handling of personal data, dealing with data breaches and privacy impact assessments (PIA) as well as the storage/deletion of data


  • Representing clients in administrative proceedings with data protection authorities (DPAs), e.g. injunctions
  • Defending clients in relation to the imposition of regulatory fines
  • Representing clients in civil and mass actions, e.g. against claims for non-physical damage suffered by data subjects due to violations of data protection law
  • Advising on data subject access rights 
  • Data subject access requests (DSAR)
  • Assisting in the preparation of requests for detailed information (“DSAR readiness”) and the preparation of responses to requests (“DSAR reaction”) as well as in cases involving the imposition of fines and other measures imposed by supervisory authorities; in addition, handling extra-judicial claims as well as law suits instigated by data subjects seeking information and damages (“DSAR defence”).
  • Advising clients on how to organise data transfers in compliance with data protection legislation, especially when relying on external service providers for outsourcing and cloud computing
  • Providing advice on centralising group-wide IT infrastructure and IT services
  • Drafting binding corporate rules
  • Implementing guidelines for erasing data (rights and obligations to retain data versus obligations to erase data (“right to be forgotten”) under data protection law)
  • Providing advice on organising HR processes so that they comply with data protection legislation as well as advising on the digitalisation of such processes
  • Drafting arrangements for the (personal) use of company IT infrastructure and personal IT in a company context
  • Drafting guidelines for (CCTV) employee surveillance
  • Designing whistleblowing systems and assisting with their implementation
  • Reviewing digital offerings and advertising in e-commerce, especially (behavioural) targeted advertising, to ensure compliance with data protection legislation
  • Designing and assisting with the implementation of customer relationship management systems and customer loyalty programmes
Conducting training and data protection workshops for company employees (including e-learning) tailored to the client’s specific requirements 
Developing and assisting in the implementation of monitoring measures and data protection audits

Selected projects

  • Federal Ministry for Economic Affairs and Energy
    Evaluating hurdles and operating latitude available under data protection law for testing innovative business models as part of the German Regulatory Sandbox Strategy
  • Global Foundries
    Providing ongoing advice to data protection officers on all issues relevant in the context of an international corporate group
  • Incubator for a leading German car manufacturer
    Providing advice on data protection law for the design of a web-based “peer-2-peer-charging” platform for managing charging infrastructures for electric vehicles
  • McDonald’s Germany
    Providing ongoing advice on data protection law in a complex franchise and group-structure environment, e.g. on implementing a new customer loyalty programme
  • Microsoft
    Advising Microsoft on data protection law in relation to specific topics, such as the use of tracking and analysis tools or the use of biometric methods
  • HeyCar
    Advising Mobility Trader GmbH extensively on data protection issues in relation to its used car platform “heycar” 
  • Europcar/Buchbinder
    Advising the client on dealing with a data leak which attracted significant attention in the German press - from representing the client in investigations launched by the supervisory authorities to handling requests for information and complaints from data subjects
  • EVE Germany GmbH
    Advising the Chinese group on privacy issues in the context of its entry to the EU market, including the implementation of a governance structure from a privacy perspective as well as the preparation of data protection information for employees, business partners and the group’s website
  • Federal Ministry for Economic Affairs and Climate Action
    Analysing the legal framework for AI in the finance, mobility, administration, health, legal services and climate/energy sectors, and assessing the hurdles to be overcome and the requirements to be met before AI can be used
  • Ada Health GmbH
    Providing data protection law advice to the company on the interface between the regulation of medical devices and AI, including assisting in the international rollout of a medical device

The team [...] has many years of experience and is ideally equipped to support its clients in establishing and improving their data protection structures. [...] In addition, work in this field involves a large number of official procedures and requests for information so that the team’s good relationship with the data protection authorities is a real bonus.

JUVE Handbook, 2022

The quality of their legal work is excellent in every respect and so is the value for money.

Client, Legal 500 Deutschland, 2022


Subscribe to our newsletter now to stay up to date on the latest developments.

Subscribe now