Frequently Asked Questions (FAQs)

On this page, we have compiled frequently asked questions from the fields of IT law, data protection law, IT security law and intellectual property law. From our more than 30 years of experience, we know what is important. These brief descriptions cannot replace individual legal advice in each case, but can only provide a first impression. We will be happy to provide you with comprehensive advice at any time.

  • Is there state support for legal assistance if I have no money?

    Advice assistance is often granted in the case of low income. The corresponding application must be submitted to the local court, where a counseling aid certificate will then be issued. With this advice assistance certificate, you have the opportunity to be advised and, if necessary, represented out of court by a lawyer of your choice. However, you will have to pay a one-off fee of €10 to your lawyer.

  • I have legal expenses insurance. Does this cover the costs of a lawyer and a lawsuit in every case?

    No. Legal expenses insurance only covers the costs for the area for which it was taken out, e.g. employment law, traffic law, contract law. However, there are also many exceptions to this rule, which result from your insurance contract and the law. For example, if you have agreed an excess, the insurance will only cover you if the costs exceed the excess amount. Legal expenses insurance cover is generally excluded for certain cases, e.g. warnings or criminal offenses. We will be happy to clarify whether or not your legal expenses insurance will cover you in an initial consultation or by submitting a cover request to your insurance company.

  • Does a telephone enquiry cost money if I ask for an initial assessment of the chances of success of my case?

    As a rule, a telephone consultation is only a rough estimate, as not all the information required for a serious assessment is usually available. For this reason, we usually recommend a consultation appointment, which we are also happy to arrange at your premises. The initial telephone consultation is limited by the German Lawyers' Fees Act (RVG). If there is only an initial consultation with the lawyer, regardless of how long this consultation lasts, the lawyer may charge consumers a maximum of € 190.00 (plus VAT). Whether this amount is reached depends on the value of your matter, which in turn is regulated in the RVG.

  • What legal fees should I expect? Can I also negotiate a cost agreement with the lawyer?

    Unless otherwise agreed, the lawyer's fees are based on the German Lawyers' Fees Act (Rechtsanwaltsvergütungsgesetz). The amount then depends on the value of your request and the individual measures that your lawyer has to take. In many cases, it makes sense to agree a fee with your lawyer, for example to save costs. We will be happy to discuss which type of remuneration makes economic sense with you during the initial consultation.

  • Does the state also cover legal costs if I want to sue or am sued and I have no money?

    If your income is not sufficient to cover any legal costs, you have the option of applying for legal aid (PKH). This is granted if your case has a chance of success and if you would not be financially able to bear any legal costs. You can find the required PKH form under Services/Download. You must provide evidence of your financial circumstances (income, living expenses such as rent, etc.). You may only be granted an interest-free loan, which must be repaid.

  • What are the main objectives of the GDPR?

    The General Data Protection Regulation consists of provisions for the protection of natural persons with regard to the processing of their personal data. Essentially, the fundamental rights and freedoms, in particular the right to informational self-determination, of data subjects are to be protected. At the same time, the free movement of such data within the EU is to be guaranteed. The GDPR creates a uniform and directly applicable legal framework throughout Europe to achieve these objectives.

  • What are the consequences of violating the GDPR?

    In the event of violations of the GDPR, the competent supervisory authority can warn the controller or issue instructions, orders or processing bans. It is also able to impose fines. The amount of the fine is at the discretion of the supervisory authorities and varies depending on the severity of the breach and the company's annual turnover.

  • Do I need a data protection officer for my company?

    You need a data protection officer if at least ten employees regularly process data or, regardless of the number, if special types of personal data are involved. A data protection officer is also required if the processing of personal data is the core activity of the company.

  • Who can I appoint as data protection officer?

    Pursuant to Art. 37 para. 5 GDPR, a person may be appointed as data protection officer if he or she appears suitable on the basis of his or her professional qualifications and expertise in the field of data protection law and data protection practice. In addition to specialist knowledge, the data protection officer should have legal knowledge - in the area of IT law.

  • What is a data protection audit?

    As part of a data protection audit, the data protection concept of a data processing body is reviewed to improve data protection standards and data security. This is carried out by independent and accredited experts on a voluntary basis.

  • Under what conditions is the transfer of personal data to a third country permitted?

    The decisive factor for the permissibility of data transfer to a third country is whether the recipient country has an adequate level of data protection compared to the EU legal framework (Art. 45-47 GDPR). This can be guaranteed, for example, by the EU-US Privacy Shield.
    If data is transferred without an adequate level of protection, the provisions of Art. 46 para. 1 GDPR must be observed. According to this, the transfer of data is permitted despite the lack of adequacy decisions, provided that the controller has provided appropriate safeguards for these. If these are also lacking, admissibility can only be established in exceptional cases under Art. 49 GDPR, e.g. through the express consent of the data subject.

  • What is a processing directory and do I need one?

    The record of processing activities within the meaning of the GDPR provides for written documentation and an overview of procedures in which personal data is processed. Companies with fewer than 250 employees do not have to keep a record of processing activities in accordance with Art. 30 para. 5 GDPR. However, there is an exception if your company processes personal data more than occasionally, if the data is particularly sensitive or if there is a risk to the rights and freedoms of the data subjects.

  • What is meant by TOM - Technical and organizational measures?

    Technical and organizational measures (TOM) are a central component of data protection and data security law. TOM refers to the specific steps and precautions that organizations must take to adequately protect personal data. This includes technical security measures such as encryption, access controls and data backup, as well as organizational measures such as data protection guidelines, training and the implementation of data protection impact assessments. TOMs are designed to ensure that personal data is protected against unauthorized access, loss, destruction or other data breaches. The exact requirements for TOMs vary depending on the type of data processing and the risk to the data protection rights of the data subjects.

  • What is a data breach under the GDPR?

    A data breach generally refers to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. This includes incidents in which personal data is compromised, stolen or accidentally disclosed. In the event of a data breach, the controller is obliged to notify the competent data protection authority and, under certain circumstances, the data subjects. The data breach can result in legal consequences and fines, especially if appropriate security measures have not been taken. Not all "data breaches" pose a risk to the data subjects. Whether a data breach has occurred should be legally examined.

Gewerblicher Rechtsschutz
  • Is it better to protect a technical innovation as a patent or as a utility model?

    In principle, patents and utility models differ from each other in degrees. Sometimes, however, a combination of both is advisable for tactical reasons.

  • Wie kann ich ein beispielsweise ein "Logo" schützen? Kann ich ein "Logo" zugleich als Marke und als Geschmacksmuster anmelden?

    Marken- und Designschutz sind möglich und je nach Zweck auch sinnvoll. Schutz als Marke Der Schutz als Marke ist vor allem dann sinnvoll, wenn Sie eine markenmäßige Kennzeichnung von bestimmten Waren- oder Dienstleistungsgruppen beabsichtigen. Das Logo kann sowohl als Bild- wie auch als Wort-Bild-Marke geschützt werden. Schutz als Design Mit einem Design wird die besondere neue Erscheinungsform eines Logos geschützt. Die Erscheinungsform wird durch Konturen, Farben, Schattierungen usw. bestimmt. Auch wenn Sie als Entwerfer des Logos überhaupt keine konkrete Benutzungsabsicht verfolgen und Ihr Design einfach schützen lassen möchten, kann dies bei entsprechender Qualität im Hinblick auf die Zukunft durchaus sinnvoll sein.

  • What rights do I have after registering a trademark?

    A trademark ensures a certain recognition value of the company or product. Once the trademark has been registered, the owner acquires the exclusive right to use it. The right to the trademark can be sold or disposed of by the owner.

  • What is a trademark in the legal sense?

    A trademark in the legal sense is a protected sign of origin. A trademark serves to distinguish a company or product from others. Therefore, signs that are suitable for distinguishing the company or product from others are eligible for protection.

IT security law
  • What is IT security law?

    IT security law refers to the entirety of laws, regulations and provisions that govern the protection of information technology and the handling of IT security risks. It covers topics such as cybersecurity, liability in connection with IT security incidents, compliance requirements and data protection in the field of information technology.

  • What does NIS2 mean and does it affect my company?

    The NIS2 Directive, short for Network and Information Systems Directive 2, is a European directive on cyber security. It aims to strengthen the security of network and information systems in the European Union. NIS2 is a further development of the original NIS Directive and contains provisions for reporting security incidents, improving cooperation between member states and strengthening the cyber security of critical infrastructures. It sets out requirements for operators of essential services and digital service providers to increase their resilience to cyber attacks. Its scope of application covers companies with 50 or more employees and must be implemented by around 30,000 companies in Germany by October 2024, not just in the critical infrastructure sector.

  • What is the main content of the EU Security Directive NIS2?

    The EU Security Directive NIS2 (Network and Information Systems Directive 2) aims to strengthen cybersecurity in the European Union. Its main content includes the extension of the scope of application to additional sectors, the introduction of requirements for operators of critical services, extended reporting obligations for security incidents, improved cooperation between member states, the creation of an EU-wide cybersecurity competence platform and measures to increase resilience to cyber threats.

  • Welche Rolle spielt die Datenschutz-Grundverordnung (DSGVO) im IT-Sicherheitsrecht?

    Die Datenschutz-Grundverordnung (DSGVO) spielt eine zentrale Rolle im IT-Sicherheitsrecht, indem sie die Anforderungen an den Schutz personenbezogener Daten verschärft. Sie verpflichtet Organisationen, angemessene technische und organisatorische Maßnahmen zur Gewährleistung der Datensicherheit zu ergreifen. Dies umfasst die Verschlüsselung von Daten, die Einführung von Zugriffskontrollen, die Durchführung von Datenschutz-Folgenabschätzungen und die Meldung von Datenschutzverletzungen. Die DSGVO verlangt außerdem, dass Unternehmen Datenschutz in ihre IT-Systeme und -Prozesse integrieren, wodurch sie zu einem wichtigen Instrument zur Förderung der IT-Sicherheit und zum Schutz der Privatsphäre von Einzelpersonen in der EU wird.

  • Can the board of directors or management be held personally liable for IT security breaches?

    Yes, in Germany, board members and management can be held liable for IT security gaps in the company. This is within the scope of their statutory duties to manage the company properly. In particular, the GmbH Act and the Stock Corporation Act require managing directors and board members to perform their duties with the diligence of a prudent manager. They can be held personally liable in the event of negligence or breaches of duty that lead to IT security gaps and jeopardize the company's assets or the rights of third parties. The exact liability depends on the circumstances of the case and often requires legal review.

  • What is IT compliance?

    IT compliance refers to adherence to laws, regulations, guidelines and industry standards in the area of information technology (IT). This includes ensuring that IT systems, processes and practices comply with legal requirements and standards, particularly with regard to data protection, data security, governance and risk management. IT compliance aims to minimize risks, avoid legal consequences and strengthen the trust of customers and stakeholders in a company's IT systems and services. This can include tasks such as audits, documentation, training and the implementation of security measures.