Data Protection Law
Some have it, and others would like to get their hands on it – personal data. Nowadays, personal data has become the key basis for effective marketing, making it into a major business asset. But corporate interests in gathering and processing this data are up against restrictive data protection laws – and rightly so. The individual’s right to determine what happens with his or her own data is an important basic right, and one which requires comprehensive protection, given the rapid pace of change and expanding options on the technological front.
We are on hand to advise on all issues relating to the processing and protection of personal data. Matched to your requirements, we develop strategies and solutions in line with statutory requirements for data protection compliance. We maintain a focus on your commercial objectives and interests throughout. If necessary, we can bring about early agreement with the responsible authorities.
We attach particular importance to keeping up with the times. As enthusiastic users of today’s technologies ourselves, data protection statements (privacy policies) are by no means just a set of abstract formulations for us. We are interested in which tools gather and evaluate which data, why it happens and who is doing it – and we are able to set that out accordingly in legal terms. Mobile apps are not some present-day work of the devil for us, but software applications for particular operating systems, the use of which (generally) requires exchanging data via the Internet. Accordingly, we have an understanding of what information needs to be given to the user, and why.
However, data protection law involves more than just satisfying statutory obligations towards those covered by it; to a large degree, it is also contract law. Data processing and data use agreements of all kinds determine the “backend”, i.e. legal relations between the companies that either have legal responsibility for collecting, processing and using the data, or that actually carry out those tasks. The contracts that have to be concluded for this work need to reflect – accurately and completely – what in some cases are highly detailed statutory provisions (key phrase: contract data processing), and they always need to be drawn up with a constant eye to rules and regulations under data protection law. We have the overview and the experience to steer you through the hidden depths of legislation.
A further stumbling-block, and one which is becoming ever more important in practice, is the sending of personal data abroad – either because the parent company has its head office elsewhere, or because the technical aspects of data retention and processing are better or more cost-efficient in other countries. Here there are many scenarios where the “usual suspects” – consent forms filled in by data subjects, and EU standard agreements – cannot simply be used as they stand. We help you to find the right approach to achieve your corporate goals.