"Personal data", "employee data protection", "outsourcing", "cookies", "e-privacy", "e-marketing" - these buzzwords have one thing in common: the protection of and handling of personal data and information, both offline and on the Internet. In the digital age, this represents an ever greater challenge and it requires a great deal of legal sensitivity and know-how when it comes to implementing legal requirements. Data and information - the "gold of the 21st century" - are the driving force behind the advancement of digitalization; the optimum use of the new technical options for the collection and analysis of information is of decisive importance for many companies as they compete in business. However, not everything that is technically feasible is also legally permissible - the legal limits must be observed at all times, failing which sanctions may be imposed. Compliance with legislation is thus one of the most important risk avoidance strategies.
KWR will support you in this process so that you always aware of the situation and safe all around.
Our experts provide comprehensive advice on all aspects of information and data processing, from customer and patient data, outsourcing and data storage to social media campaigns, targeted marketing, employee data protection, data leaks and cyber attacks. Our expertise across legal fields and our professional experience, not only based in the law firm, but also in the work of corporate counsels as well as in the fields of PR and marketing, enable us to offer a integrated advisory approach which specifically addresses our clients' need for a pragmatic, easy-to-implement strategy which is also legally compliant. Our focus is not only on the implementation of legal requirements in domestic and foreign companies of all shapes and forms - we also see ourselves as a sparring partner when it comes to developing the best strategy and solutions to achieve your goals - even despite the legal requirements are demanding.
Data protection and telecommunications law, in particular the GDPR and the Telecommunications Act (TKG) 2003, are demanding standards for the lawful management of data and information. Among other things, data protection controllers are obliged to comply with the legal obligations at all times. For example, this means that all processing activities must be documented in a register; if necessary, data protection impact assessments must be carried out, and technical and organizational measures must be taken to protect and secure the data.
Together with you, we will identify the areas where there is still need for action and the optimum strategy for implementing the obligations in accordance with your needs. We will also support you in all matters relating to data protection law, including contract negotiations, data transfers to third countries, the development of an erasure concept, and the implementation of whistleblower hotlines. Furthermore, we will assist you in the implementation of your online presence (social media, website, online shops, etc.) and draft the documents legally required for this purpose.
In our globally networked world, it seems indispensable to share or outsource data from customers, employees, etc. worldwide in order to be able to design internal organizational processes more effectively. However, data transfers, especially to third countries, are not always legally feasible "without further ado". We will be happy to support you in all aspects of data transfer and transmission in order to minimize any risks.
If data are "lost", this is usually a very unpleasant situation requiring rapid action. We will support you in the event of data breaches as well as in the design or implementation of appropriate protection management.
In times of IoT and Industry 4.0, cybercrimes such as "hacker attacks" pose a serious threat to organizations, as this may e.g. mean that all internal processes are jeopardized – and this may go as far as the manipulation of supply chains and production facilities or even to the loss of business and trade secrets. We will be happy to provide you with legal support in the implementation of appropriate measures to prevent such risks.
We are happy to support you in this context, not only by advising you "up front" to minimize risks in respect of data processing but also by representing you in disputes before authorities and courts if necessary.
Mandatory vaccination? Video surveillance? Consent in the employer/employee relationship? A works agreement as a legal basis? Our team can also provide you with specific advice in the field of employee data protection. With our comprehensive expertise in all aspects of data protection and employment law, we can design tailor-made implementation strategies for you as an employer and thus help minimize legal risks.
Not every company has the internal resources to appoint its own data protection officer. We would be happy to take on the function of data protection officer or data protection coordinator for you in relations with authorities and courts.
The past few years have shown how important it is to train employees in the secure handling of personal data and information - especially in order to avoid data breaches and to comply with the latest regulations. We offer customized training for your employees and your executives, either in the form of an in-house workshop or as regular refresher training for individual employees so they are always abreast of the latest innovations and requirements.