Data Protection Law

Commercial law firm & law firm for the public sector

We are a commercial law firm through and through. This means that your business success is the focus of our efforts. With our high level of specialization, we create economically sensible and pragmatic solutions for you. Our data protection lawyers speak your language as entrepreneurs, understand your needs and thus enable you to make informed and well-prepared decisions.

Our experts are also familiar with the special features of government agencies - usually because they themselves can look back on a period of employment with one. We understand government structures and have an instinctive feel for the organizational and political dimensions of compliance with data protection laws at public institutions.

Advice

The focus of our work is on advising you. You can easily discuss your business model with us and we will identify any need for action under data protection law. We then use our legal expertise to support you in designing your business processes in compliance with data protection law. We clarify where processes may need to be adapted and which contractual agreements you need to make. We keep an eye on the data protection aspects of your activities to ensure that data protection obligations do not stand in the way of your business success. One major topic here is the transfer of personal data to third countries. Our data protection lawyers also provide support on cross-cutting issues such as media law, the general right to informational self-determination or special features of the regulations in other member states.

And if you have a specific question? Then you will quickly receive a well-founded answer via a direct line to your data protection lawyer.

Drafting legal texts and procedural documentation

Once the concept and the organizational framework are in place, our data protection lawyers will prepare all legal texts relating to data protection law in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):

• Data protection management system
• auditing
• training
• Data protection officer
• Sector-specific data protection (e.g. social data protection)
• CRM data protection
• Employee data protection
• Data protection on websites
• Social media data protection
• Data breaches
• Privacy policy
• Declaration of consent
• Confidentiality obligation
• Order processing agreement (AVV)
• List of processing activities (VVT)
• Rights of data subjects
• Data protection guideline
• Risk assessment & data protection impact assessment (DPIA)
• Data transfer to third countries
• Photos & data protection
• Data security (technical and organizational measures)
• Privacy by design / privacy by default
• Deletion concept
• Permissibility of video surveillance
• Automated decision-making

By the way: We offer data protection template packages for small and medium-sized companies. This enables start-ups in particular to begin with a solid foundation in data protection law - including a checklist of the most important provisions of the General Data Protection Regulation and the Federal Data Protection Act.

Representation

If the worst comes to the worst, we will represent you competently in court, vis-à-vis the supervisory authorities and data subjects. We support you in defending against unjustified claims for damages or a fine imposed on you. We also take on the defense in the event of warnings from competitors or if data subjects abuse their right to information. Our data protection lawyers develop the appropriate defense strategies in each individual case. Of course, we also assist and support you with legitimate third-party concerns - always with the greatest possible legal certainty for your company in mind.

Expert opinion

We offer you qualified expert opinions prepared by our data protection lawyers. Once you have commissioned us, we will first gain a thorough understanding of your business model and the specific processing situation. Our experienced team will begin with a concrete inventory and risk analysis in order to identify data protection risks and provide you with clear recommendations for action to ensure compliance.

Training courses

Our training courses provide in-depth knowledge of current data protection law in order to sensitize and train your employees or your data protection officer to the requirements of data protection law. On the Training page you will find an overview of the training courses offered by our data protection lawyers.

Corporate data protection & order processing

As a law firm for data protection law, we support companies with a clearly structured data protection action plan. Our specialist data protection lawyers will help you to establish an effective level of data protection in a short space of time - always with a view to the requirements of the GDPR and the BDSG. We draw up the necessary legal texts for you, such as the data protection declaration or a record of processing activities (VVT), and advise you on the data protection-compliant design of your business processes.

We pay particular attention to practical solutions that are economically viable. Our risk-based approach helps to achieve a high degree of legal certainty with a manageable amount of effort. We are happy to support your company's data protection officers with specialized second-level advice.

We advise IT companies acting as processors on the contractual design of data processing agreements (DPAs) and help them to negotiate IT contracts with customers that are both robust and practicable in terms of data protection law. Our goal: a coherent overall concept for your data protection compliance.

Digital services & data protection: cloud, e-commerce and CRM

As lawyers specializing in data protection law, we support companies in the secure and data protection-compliant use of digital systems - be it in cloud computing, e-commerce or the use of CRM systems. Our advice combines technical expertise with in-depth data protection knowledge. This enables our legal advice to help you determine where action is required in order to consistently implement the obligations arising from the GDPR, the BDSG and other data protection laws. This allows you to avoid violations and fines.

Cloud services pose particular challenges: Data processing in distributed systems - for example in Kubernetes clusters, S3 storage or backups in US data centers - requires coordinated contracts and optimized processes. Our data protection lawyers support you in implementing the technical and organizational measures for data security in accordance with Art. 32 GDPR and integrating basic data protection principles such as data minimization and privacy by design when processing personal data. Our law firm, led by a specialist lawyer for IT law, also has the necessary technical expertise for this. As part of our legal advice, your data protection lawyer will also assist you in carrying out any necessary data protection impact assessment. This means you are optimally equipped for audits by the data protection authority or in the event of warnings.

In e-commerce, we advise you on the creation and implementation of all relevant standard data protection texts, such as data protection declarations and declarations of consent for sending newsletters. Through targeted test purchases, we analyze the entire checkout process for data protection weaknesses and provide concrete, practical suggestions for improvement.

We support CRM systems from the collection of personal data through to the legally compliant design of the required consents. Our data protection lawyers work with you to develop processes that not only comply with legal requirements, but also meet your company's commercial requirements.

International data transfer

The transfer of personal data to third countries - for example within international group structures - is subject to the requirements of Art. 44 et seq. GDPR. We advise you on legally compliant implementation, for example via EU standard contractual clauses (Art. 46 para. 2 lit. c GDPR) or Binding Corporate Rules (Art. 47 GDPR). This allows you to minimize risks in global data flows and protect your company - even without “group privilege”.

Special data protection in sensitive areas

Employment law: We support companies and employers in the legally compliant drafting of employment contracts, the implementation of data protection guidelines, legally compliant consents in the employment relationship and the training of employees - always taking into account the special requirements of employee data protection in accordance with Section 26 BDSG. Our data protection lawyers will help you to identify and avoid typical pitfalls (e.g. private e-mail use or internet access at work).

Social Data Protection: We offer specialized advice in social data protection, based on in-depth expertise – including the specific regulations of the German Social Code Book X (SGB X). Our data protection lawyers develop tailored data protection concepts for companies, public authorities, and social institutions, to implement data protection-compliant policies and procedures that sustainably strengthen the trust of your clients and partners.

Data Protection for Political Parties and Organizations: For political parties and political organizations facing particular data protection challenges, our data protection lawyers offer customized solutions. In doing so, our lawyers not only consider the legal requirements of European data protection law but also take into account the specific organizational and political contexts to ensure legally compliant advice. Additionally, at the intersections with media law, we provide comprehensive advice on all relevant aspects.

Defense Against Compensation Claims

TRÖBER@ legal specializes in the successful defense against compensation claims under Article 82 GDPR in connection with data protection breaches. With extensive experience and precise knowledge of the relevant laws, we develop effective defense strategies to best protect our clients' interests. Whether in cases of mass cease-and-desist letters or follow-up actions after a data protection incident, our data protection lawyers are at your side.

Support in Data Protection Incidents

In the event of a data breach, swift action is crucial: In addition to technical measures such as shutting down systems and blocking accounts, it is necessary to inform the data protection authorities and, if necessary, notify affected individuals within 72 hours pursuant to Article 34 GDPR.

With our standardized procedures and legal expertise, we guide you and your data protection officer throughout the entire process. In particular, we support processors in challenging client discussions and in formulating their position to minimize liability risks and secure the trust of your business partners.

Data Protection Officers

Of course, we also support you in selecting an internal or external data protection officer. We have an extensive network and are happy to connect you with suitable contacts to help you find the right data protection officer. Furthermore, we assist you with all legal matters related to your corporate or public data protection officer, especially concerning their appointment and dismissal.