Data Protection Law and services as external Data Protection Officer belongs to the fastest growing areas in the Consulting business, this applies to our firm as well. Technology such as Big Data enabled applications that involve highly relevant data protection issues. Many of our clients are by now using solutions such as Amazon Web Services, Google Apps or Microsoft Azure, which, depending on their business model, might not in line with data protection law. Cross-country IT solutions as well as new IT products and solutions increasingly trigger relevant data protection issues. This makes a reasonable compliance with data protection law and IT security necessary.

Based on our long lasting experience and our technical and economical understanding we are advising and supporting you with and data protection or IT issue from the very first beginning. The support often begins with the development of a new product or a new solution or increasingly with the question whether technical IT-solutions (such as Cloud Computing) comply with data protection laws. We are performing data protection compliance audits and are serving our clients as external data protection officers (through our sister company SBR IT & Data Services GmbH).

Advice and Support

Design of Contracts

In the data protection area the drafting of contracts comprises – in particular for companies with international business – not only the conventional controller-processor data processing, but also solutions for other countries, e.g. in the case of cloud computing (either within EU or outside). IT comprises also the draft of privacy statements (e.g. for websites), solutions for the use of telecommunication at the workplace (Internet, E-Mail and Telephone or BYOD) or data usage contracts.

In the data protection area lawsuits are rare, even if the data protection authorities regularly have opinions that have a small basis in the legal provisions at best. Therefore, the communication with the data protection authorities and our clients is more important in order to avoid lawsuits. In particular, in the area data protection long lasting legal procedures are not helpful (especially if they might result in a negative publicity). Therefore advice and support at the earliest stage possible is important in order to be able to support with the correct actions.


Project experience

  • Continuous support of various clients regarding data protection questions in the areas of the German Telecommunications Act, German Telemedia Act, German Federal Data Protection Act, performance of data protection audits and support in the area of IT Compliance and IT Security, including services as external data protection officer for software provider and medium sized companies
  • Continuous data protection support of clients (including startups) concerning the implementation of new products and services including a design being compliant with data protection laws and if necessary the coordination with authorities
  • Continuous representation of various medium-sized clients with audits by data protection authorities and procedures with data protection authorities
  • Continuous advice of various clients with international data protection issues (data processing or controller-processor data processing outside of Germany as well as EU standard contractual provisions; recently in particular in connection with Amazon Web Services, Google Apps and MS Azure
  • Numerous opinions, reports and court briefs for various clients regarding data preservation as well advice regarding connection data according to the German Telecommunications Act