Data Protection Law

In an era where data is considered the “new gold”, your personal information and your customers’ privacy are more than just digital currency – they form the basis of trust between you and your customer base. This is why legal advisors play a central part in the digital revolution: they must build a bridge between the dynamic landscape of innovation and the solid ground of data protection. Our expertise in data protection law paves the way for your company to make full use of the opportunities presented by the digital world without compromising the confidentiality and security of data.

The increasing integration of technologies such as cloud computing, big data and artificial intelligence into everyday business life raises a flood of questions regarding legal issues. It’s not just about navigating strict regulations like the EU General Data Protection Regulation (GDPR) or the German Federal Data Protection Act (BDSG), but also about developing a robust data protection strategy that protects your company from potential risks whilst maximising the value of your services.

Our specialised team not only offers sound advice on current legislation, but can also support you by coming up with pragmatic and future-oriented solutions that are tailored to your company’s specific needs. We can guide you through the regulatory jungle and help you develop a data protection strategy that is both innovative and compliant. In doing so, we always keep our finger on the pulse of time and update our strategies in line with the latest rulings and regulations to ensure that you are always one step ahead.

Working with you, we develop data protection solutions which, in addition to being in conformity with the legal framework, are also conducive to your business objectives. Whether it’s a matter of secure international data transfers or of implementing data protection-friendly technology, our goal is to make your business processes seamless and secure. With a clear vision for the future and a firm understanding of the present, we are committed to helping your company navigate the digital landscape successfully, always using data protection as a compass.

Our range of advisory services:

Advising on all matters pertaining to data protection law, particularly taking into account the special requirements in the public sector
Advising on organising matters in a data protection compliant way and on maintaining such organisation
Defending against claims for information and damages with the protection of personal data in mind

Providing comprehensive data protection law advice for national and international companies and for internal data protection officers
Appointment as an external data protection officer and providing support as such
Advising on introducing and implementing organisational data protection rules and procedures
Advising on introducing data protection compliant business models and processes
Advising on carrying out data protection impact assessments, e.g. in connection with the introduction of Microsoft 365, video surveillance or big data applications
Drafting and updating relevant documents under data protection law, such as data protection policies, data protection notices or agreements
Advising on setting up, implementing and maintaining a data protection compliance system in the company
Advising on international data transfers involving countries outside the EU, taking into account the new EU standard contractual clauses and other appropriate safeguards
Advising on implementing authorisation and deletion concepts
Providing representation vis-à-vis data protection supervisory authorities
Advising on risk management in the event of data protection incidents
Providing representation in judicial disputes regarding breaches of data protection law
Carrying out national and international data protection audits
Advise on the Data Act

Carrying out a complete survey and audit of compliance management systems (based largely on the PS 981 audit standard)
Analysing the existing data protection management
Examining existing processes for whether they meet the requirements under data protection law
Advising on introducing a new, data protection compliant data protection management system
Examining processes, policies and other procedures for their conformity with the GDPR
Drafting and updating data protection management records and other documentation
Implementing new standard contractual clauses

Advising, for example, on introducing whistleblowing programmes, human resource or assessment systems at national and international levels
Advising on drafting and negotiating works agreements on the basis of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG)
Training courses and data protection workshops (e.g. employee workshops)

Data protection-compatible design when using new technologies, such as smart home, car data or health apps
Transactional advice (GDPR-compliant due diligence reviews)
Advising on setting up websites, online shops and cookie walls and on using tracking and analysis tools

Advising regarding cross-border data processing both for intra-group data exchange and with external parties
Drafting and negotiating the necessary agreements (group data privacy framework agreements)
Advising on introducing EU standard contractual clauses and binding corporate rules (BCRs)
Carrying out national and international data protection audits
Assisting with transfer impact assessments
Analysing actual international data transfers and advising on the conclusion of data protection compliant agreements
Identifying intra-group transfers and helping draft contractual clauses containing additional guarantees
First-aid kit for “Schremss II” compliance

Compiling information about fines already known
Providing an overview of offences committed
Presenting the information in an overview by federal state

News

01.07.2024 Press Release

Healthcare: Luther supports the state of Brandenburg in establishing the Medical University of Lusatia

15.02.2024

Luther advises AG Capital on partnership with Layenberger Nutrition Group GmbH

19.01.2024

Acquisition of an international management consultancy: Luther advises Vocatus on the sale of all shares to Accenture

06.09.2023 Press Release

Brewery group Haus Cramer on course for growth: Luther advises on participation in online beer trade

27.01.2022 Press Release

The Legal 500 Germany – Luther again in the Top Tier twice

Key Contact >>

Key Contact

Silvia C. Bauer

Partner

T +49 221 9937 25789

View Profile >>

Dr Stefanie Hellmich, LL.M.

Partner

T +49 69 27229 24118

View Profile >>

Dr Michael Rath

Partner

T +49 221 9937 25795

View Profile >>

Dr Kay Oelschlägel

Partner

T +49 40 18067 12175

View Profile >>

Team Data Protection Law

Silvia C. Bauer
Partner
Cologne

Dr Maximilian Dorndorf
Partner
Essen

Adrian Freidank
Counsel
Cologne

István Fancsik, LL.M. (London)
Senior Associate
Essen

Jonny H. Giessel
Senior Associate
Frankfurt a.M.

Dr Stefanie Hellmich, LL.M.
Partner
Frankfurt a.M.

Felix Hielscher
Senior Associate
Stuttgart

Laura Hoffmann, LL.M. (Dresden/London)
Senior Associate
Frankfurt a.M.

Johannes Klausch, LL.M. (London)
Partner
Berlin

Elisabeth Kohoutek
Partner
Frankfurt a.M.

Dr Maximilian Kressner, M.Jur. (Oxford)
Partner
Singapore

Christian Kuß, LL.M.
Partner
Cologne

Niccolo Langenheim, LL.M.
Associate
Cologne

Dominik Menhaj
Senior Associate
Hamburg

Anna-Laura Martens
Associate
Berlin

Alina Moers
Associate
Cologne

Franziska Neugebauer
Senior Associate
Cologne

Dr Kay Oelschlägel
Partner
Hamburg

Michelle Petruzzelli
Senior Associate
Cologne

Dr Michael Rath
Partner
Cologne

Dr Christian Rabe
Senior Associate
Hamburg

Manuel Rueß
Associate
Hamburg

Leif Dustin Schneider
Counsel
Ho Chi Minh City

Alisa Schöneberg
Associate
Cologne

Dr. Clara Schulze Velmede
Associate
Leipzig

Marc Theiner
Associate
Singapore

Pierre Daniel Wittmann
Senior Associate
Frankfurt a.M.

Clara von Wolffersdorff
Associate
Leipzig