Frequently Asked Questions (FAQs)

Advice assistance is often granted in the case of low income. The corresponding application must be submitted to the local court, where a counseling aid certificate will then be issued. With this advice assistance certificate, you have the opportunity to be advised and, if necessary, represented out of court by a lawyer of your choice. However, you will have to pay a one-off fee of €10 to your lawyer.

No. Legal expenses insurance only covers the costs for the area for which it was taken out, e.g. employment law, traffic law, contract law. However, there are also many exceptions to this rule, which result from your insurance contract and the law. For example, if you have agreed an excess, the insurance will only cover you if the costs exceed the excess amount. Legal expenses insurance cover is generally excluded for certain cases, e.g. warnings or criminal offenses. We will be happy to clarify whether or not your legal expenses insurance will cover you in an initial consultation or by submitting a cover request to your insurance company.

As a rule, a telephone consultation is only a rough estimate, as not all the information required for a serious assessment is usually available. For this reason, we usually recommend a consultation appointment, which we are also happy to arrange at your premises. The initial telephone consultation is limited by the German Lawyers' Fees Act (RVG). If there is only an initial consultation with the lawyer, regardless of how long this consultation lasts, the lawyer may charge consumers a maximum of € 190.00 (plus VAT). Whether this amount is reached depends on the value of your matter, which in turn is regulated in the RVG.

Unless otherwise agreed, the lawyer's fees are based on the German Lawyers' Fees Act (Rechtsanwaltsvergütungsgesetz). The amount then depends on the value of your request and the individual measures that your lawyer has to take. In many cases, it makes sense to agree a fee with your lawyer, for example to save costs. We will be happy to discuss which type of remuneration makes economic sense with you during the initial consultation.

If your income is not sufficient to cover any legal costs, you have the option of applying for legal aid (PKH). This is granted if your case has a chance of success and if you would not be financially able to bear any legal costs. You can find the required PKH form under Services/Download. You must provide evidence of your financial circumstances (income, living expenses such as rent, etc.). You may only be granted an interest-free loan, which must be repaid.

The General Data Protection Regulation consists of provisions for the protection of natural persons with regard to the processing of their personal data. Essentially, the fundamental rights and freedoms, in particular the right to informational self-determination, of data subjects are to be protected. At the same time, the free movement of such data within the EU is to be guaranteed. The GDPR creates a uniform and directly applicable legal framework throughout Europe to achieve these objectives.

In the event of violations of the GDPR, the competent supervisory authority can warn the controller or issue instructions, orders or processing bans. It is also able to impose fines. The amount of the fine is at the discretion of the supervisory authorities and varies depending on the severity of the breach and the company's annual turnover.

You need a data protection officer if at least ten employees regularly process data or, regardless of the number, if special types of personal data are involved. A data protection officer is also required if the processing of personal data is the core activity of the company.

Pursuant to Art. 37 para. 5 GDPR, a person may be appointed as data protection officer if he or she appears suitable on the basis of his or her professional qualifications and expertise in the field of data protection law and data protection practice. In addition to specialist knowledge, the data protection officer should have legal knowledge - in the area of IT law.

As part of a data protection audit, the data protection concept of a data processing body is reviewed to improve data protection standards and data security. This is carried out by independent and accredited experts on a voluntary basis.

The decisive factor for the permissibility of data transfer to a third country is whether the recipient country has an adequate level of data protection compared to the EU legal framework (Art. 45-47 GDPR). This can be guaranteed, for example, by the EU-US Privacy Shield.
If data is transferred without an adequate level of protection, the provisions of Art. 46 para. 1 GDPR must be observed. According to this, the transfer of data is permitted despite the lack of adequacy decisions, provided that the controller has provided appropriate safeguards for these. If these are also lacking, admissibility can only be established in exceptional cases under Art. 49 GDPR, e.g. through the express consent of the data subject.

The record of processing activities within the meaning of the GDPR provides for written documentation and an overview of procedures in which personal data is processed. Companies with fewer than 250 employees do not have to keep a record of processing activities in accordance with Art. 30 para. 5 GDPR. However, there is an exception if your company processes personal data more than occasionally, if the data is particularly sensitive or if there is a risk to the rights and freedoms of the data subjects.

Technical and organizational measures (TOM) are a central component of data protection and data security law. TOM refers to the specific steps and precautions that organizations must take to adequately protect personal data. This includes technical security measures such as encryption, access controls and data backup, as well as organizational measures such as data protection guidelines, training and the implementation of data protection impact assessments. TOMs are designed to ensure that personal data is protected against unauthorized access, loss, destruction or other data breaches. The exact requirements for TOMs vary depending on the type of data processing and the risk to the data protection rights of the data subjects.

A data breach generally refers to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. This includes incidents in which personal data is compromised, stolen or accidentally disclosed. In the event of a data breach, the controller is obliged to notify the competent data protection authority and, under certain circumstances, the data subjects. The data breach can result in legal consequences and fines, especially if appropriate security measures have not been taken. Not all "data breaches" pose a risk to the data subjects. Whether a data breach has occurred should be legally examined.

In principle, patents and utility models differ from each other in degrees. Sometimes, however, a combination of both is advisable for tactical reasons.

Marken- und Designschutz sind möglich und je nach Zweck auch sinnvoll. Schutz als Marke Der Schutz als Marke ist vor allem dann sinnvoll, wenn Sie eine markenmäßige Kennzeichnung von bestimmten Waren- oder Dienstleistungsgruppen beabsichtigen. Das Logo kann sowohl als Bild- wie auch als Wort-Bild-Marke geschützt werden. Schutz als Design Mit einem Design wird die besondere neue Erscheinungsform eines Logos geschützt. Die Erscheinungsform wird durch Konturen, Farben, Schattierungen usw. bestimmt. Auch wenn Sie als Entwerfer des Logos überhaupt keine konkrete Benutzungsabsicht verfolgen und Ihr Design einfach schützen lassen möchten, kann dies bei entsprechender Qualität im Hinblick auf die Zukunft durchaus sinnvoll sein.

A trademark ensures a certain recognition value of the company or product. Once the trademark has been registered, the owner acquires the exclusive right to use it. The right to the trademark can be sold or disposed of by the owner.

A trademark in the legal sense is a protected sign of origin. A trademark serves to distinguish a company or product from others. Therefore, signs that are suitable for distinguishing the company or product from others are eligible for protection.

In principle, general terms and conditions are not mandatory. However, it is possible to regulate certain contractual issues such as warranty and liability in your own favor. However, the legislator has set limits, especially in trade with consumers.

We also use templates for general terms and conditions that illustrate certain situations. However, in all seriousness, GTCs should be tailored to the philosophy of the user. Therefore, all GTCs are ultimately clauses that are individually tailored to the user and that, for example, limit liability to a greater or lesser extent.

General terms and conditions can also be subject to protection under copyright law. When using third-party terms and conditions, the risk of a chargeable warning cannot be ruled out.

A notice on your own website that a phone call or email is sufficient to remedy a legal infringement before a warning is issued does not protect against warnings. The infringed party is free to decide how to draw attention to an infringement.

The legislator has not only issued regulations on the wording of the GTC clauses and the withdrawal policy, but also on the way in which information is provided. For this reason, the integration of the information in a store must also be observed. A violation can lead to a warning.

As a rule, legal violations that result in a warning letter are excluded from the terms and conditions of legal protection insurers.

A breach of data protection regulations may constitute an administrative offense. In certain cases, there is also the risk of a chargeable warning due to a breach of competition law.

According to Section 5 TMG, the imprint obligation applies to all service providers who provide business-related telemedia, usually offered for a fee. Please note: an imprint must also be included on "fan pages" on Facebook, Twitter, Instagram, etc. if these are business-related.

The obligation to provide a legal notice is intended to protect the consumer and create transparency by naming the person responsible for the content provided. In the event of legal disputes, the legal notice also helps to quickly find the contact details of the person responsible.

IT security law refers to the entirety of laws, regulations and provisions that govern the protection of information technology and the handling of IT security risks. It covers topics such as cybersecurity, liability in connection with IT security incidents, compliance requirements and data protection in the field of information technology.

The NIS2 Directive, short for Network and Information Systems Directive 2, is a European directive on cyber security. It aims to strengthen the security of network and information systems in the European Union. NIS2 is a further development of the original NIS Directive and contains provisions for reporting security incidents, improving cooperation between member states and strengthening the cyber security of critical infrastructures. It sets out requirements for operators of essential services and digital service providers to increase their resilience to cyber attacks. Its scope of application covers companies with 50 or more employees and must be implemented by around 30,000 companies in Germany by October 2024, not just in the critical infrastructure sector.

The EU Security Directive NIS2 (Network and Information Systems Directive 2) aims to strengthen cybersecurity in the European Union. Its main content includes the extension of the scope of application to additional sectors, the introduction of requirements for operators of critical services, extended reporting obligations for security incidents, improved cooperation between member states, the creation of an EU-wide cybersecurity competence platform and measures to increase resilience to cyber threats.

Die Datenschutz-Grundverordnung (DSGVO) spielt eine zentrale Rolle im IT-Sicherheitsrecht, indem sie die Anforderungen an den Schutz personenbezogener Daten verschärft. Sie verpflichtet Organisationen, angemessene technische und organisatorische Maßnahmen zur Gewährleistung der Datensicherheit zu ergreifen. Dies umfasst die Verschlüsselung von Daten, die Einführung von Zugriffskontrollen, die Durchführung von Datenschutz-Folgenabschätzungen und die Meldung von Datenschutzverletzungen. Die DSGVO verlangt außerdem, dass Unternehmen Datenschutz in ihre IT-Systeme und -Prozesse integrieren, wodurch sie zu einem wichtigen Instrument zur Förderung der IT-Sicherheit und zum Schutz der Privatsphäre von Einzelpersonen in der EU wird.

Yes, in Germany, board members and management can be held liable for IT security gaps in the company. This is within the scope of their statutory duties to manage the company properly. In particular, the GmbH Act and the Stock Corporation Act require managing directors and board members to perform their duties with the diligence of a prudent manager. They can be held personally liable in the event of negligence or breaches of duty that lead to IT security gaps and jeopardize the company's assets or the rights of third parties. The exact liability depends on the circumstances of the case and often requires legal review.

IT compliance refers to adherence to laws, regulations, guidelines and industry standards in the area of information technology (IT). This includes ensuring that IT systems, processes and practices comply with legal requirements and standards, particularly with regard to data protection, data security, governance and risk management. IT compliance aims to minimize risks, avoid legal consequences and strengthen the trust of customers and stakeholders in a company's IT systems and services. This can include tasks such as audits, documentation, training and the implementation of security measures.