Data protection law

Data protection law

GDPR fine - Data protection lawyer

Data breach? Data protection violation? Act promptly.


Whether due to technical glitches, human error, or organizational weaknesses – data breaches can affect any company. The consequences are often severe:


  • High fines imposed by data protection authorities
  • Claims for damages from affected parties
  • Legal and IT costs to resolve the incidents
  • Reputational damage that jeopardizes your customers' trust


GDPR violations: What companies need to know


As soon as a breach of data protection regulations is detected, sanctions are threatened – in particular by the data protection authority of the respective federal state. The amount of fines depends, among other things, on:


  • Nature and severity of the violation
  • Number of people affected
  • Participation and willingness to cooperate of the company
  • Implemented security measures


Our support – proactive rather than reactive


We help you to avoid, identify and professionally handle data protection breaches – as needed, either as external legal advisors or in the role of data protection officer.


Our range of services:


  • Review of your data protection compliance
  • Immediate measures in the event of a data breach
  • Communication with authorities
  • Training your employees
  • Creation of guidelines and TOMs
  • Defense against penalty notices


Ensure legally compliant data protection – before it becomes expensive.


Schedule a consultation appointment now.

We ensure that you are not only legally compliant, but also trustworthy.

Schedule an appointment now!

The small print- The privacy policy

Data privacy statement – both an obligation and a factor of trust


What can be found on almost every commercially operated website?

Correct – the privacy policy.


Or, in legal terms: the controller's information obligations under Articles 13 and 14 of the GDPR.


But a privacy policy is more than just a cookie banner. It must fully and clearly describe all relevant data processing operations – both on your website and in your internal processes.


Standard solutions are often insufficient.


Many companies rely on pre-made privacy policies – but these are often inadequate or flawed. The consequences can include not only warnings but also fines from data protection authorities.


Because:

All processing of personal data must be correctly documented and communicated.


And this applies not only to the website, but also to:


  • Contact forms
  • Newsletter
  • Analysis tools (e.g. Google Analytics, Matomo)
  • Social media plug-ins
  • Application processes
  • CRM and customer data processing


Our solution: Tailor-made privacy policies


We create customized privacy policies for you that are legally compliant, easy to understand, and tailored to your specific data processing activities – for:


  • Your website & online shops
  • Your business processes
  • Your digital tools and platforms

Record of processing activities pursuant to Article 30 GDPR

The GDPR requires clear evidence of this.which personal datain a companyhow, why and by whom are they processed.


Therefore, the following applies:


A record of processing activities is legally required once a company reaches a certain number of employees or in the case of high-risk processing activities.


This obligation doesn't just apply to corporations – it also applies to many others.medium-sized companies, start-ups, law firms and medical practicesare affected.


What are the consequences of violations?


The processing register is not an optional document, but a mandatory one.a central element of your accountability(Article 5 paragraph 2 GDPR).


Is it available at the request of the data protection supervisory authority?not before, severe sanctions are threatened:


  • Fines of up to €10 million
  • Or up to 2% of global annual sales– depending on which amount is higher


Our solution: GDPR-compliant documentation, created in a legally sound manner


We can help you with:


  • the creation or revision of your processing register
  • the structured recording of your data processing processes
  • legal assessment according to GDPR
  • ongoing maintenance and updates (e.g., for new tools, departments, processes)


You will receive apractical, understandable and audit-proof documentation, which protects your organization – and is prepared for emergencies.


Get advice now – before it's too late.


Contact us – we will help you implement GDPR requirements securely and efficiently.

Digital pre- and post-care

Digital data in your estate – preparing for emergencies


In an increasingly digital world, our lives don't end with our last breath – at least not online.

Accounts on Facebook, Instagram, LinkedIn, Google or email services often remain active, and personal messages, photos and data remain accessible.


What many people don't know:


The GDPR only protects living persons – not the data of deceased persons.


And according to the Federal Court of Justice (judgment of July 12, 2018), digital accounts are generally inheritable – comparable to diaries or letters.


Those who don't take care of things leave everything to chance.


Without clear regulations, in case of doubt, heirs or platform operators decide what happens to your digital content:


  • Should a profile be deleted or memorialized?
  • Who is allowed to access emails or cloud content?
  • What happens to photos, contracts, subscriptions, or online banking?


The solution: A digital will


With a digital will, you can legally regulate who has access to your online accounts, what should be deleted, archived or retained – and who will enforce your wishes.


Our services:


  • Individual legal advice on digital estate planning
  • Creating a legally compliant digital will
  • Support with technical implementation
  • Optional: Execution of wills in the digital realm


Take precautions – for your privacy, even beyond death.


Contact us – we will advise you discreetly and with the necessary sensitivity.


Your rights as a data subject

The GDPR – A milestone for data protection in Europe


Since its entry into force in May 2018, the General Data Protection Regulation (GDPR) has been at the center of many discussions:

For some, it's a bureaucratic monster; for others, it's long overdue progress.


What is often overlooked in this context:

The GDPR enshrined the fundamental right to informational self-determination, which had already been recognized in Germany since the 1983 census ruling, for the first time across Europe.

The rule is clear: No personal data may be collected, processed or stored without your explicit consent.

Children and young people in particular enjoy extended protection under the GDPR – because they are considered to be especially vulnerable in the digital space.


If your data protection rights are violated


Whether through unauthorized data use, lack of consent, or insufficient transparency – GDPR violations are not trivial matters. They can not only result in fines for companies, but also give rise to claims for data subjects.


We will support you in enforcing your rights:


  • Information request pursuant to Article 15 GDPR
  • Assertion of claims for deletion
  • Compensation for data protection breaches
  • Complaint support with supervisory authorities


Your privacy deserves protection – in every situation.


Explaining data protection in a child-friendly way – with Pixi books


Even children can learn how to handle their data responsibly.

The Federal Commissioner for Data Protection and Freedom of Information (BfDI) provides child-friendly Pixi books that explain in a simple way:


  • Why privacy is important
  • How to reduce your digital footprint
  • Things you should keep to yourself online


Available free of charge on the BfDI website:

www.bfdi.bund.de→ “Pixi books on data protection”


Contact us if you want to protect your data or that of your children.


Whether legal, preventative or advisory – we are at your side with experience and sound judgment.

Your data protection rights at work

Data protection in the workplace – your rights as an employee


Clear data protection rules also apply in the workplace.

Employers may only process personal data that is directly necessary – for example, for establishing, carrying out or terminating your employment relationship.


What is allowed – and what is not?


Allowed:


  • Contract details (name, address, tax ID, bank details)
  • Information on qualifications, working hours, sick leave, etc.


Not permitted without further ado:


  • Monitoring of emails or internet usage
  • Health data without a specific reason
  • Data from social networks or private communication


The following applies to any data collection beyond this:

Only with your voluntary, informed and revocable consent.

Your right: Control over your data


  • Your consent must be given voluntarily – without coercion.
  • You have the right to request information about stored data.
  • You can withdraw your consent at any time.
  • You can object to unlawful data processing or have it clarified in court.


Our support for you


If you have the impression that your employer is violating data protection rules, or you are unsure what is allowed:

We advise you confidentially, competently and on an equal footing.


Contact us – we will help you enforce your rights.