The outsourcing of computing processes to non-company (external) service providers is an operation that requires a review under data protection law in accordance with the requirement of a commissioned processing agreement under Article 28 of the GDPR or a joint controller agreement under Article 26 of the GDPR. The scope of responsibility of an external […]

International corporations transfer a wide variety of personal data, e.g. applicant data from subsidiaries in Germany to the USA, from support center to support center (follow the sun) or to service providers based in third countries who process personal data on behalf. The use cases are diverse and the data transfer can also occur via […]

Swiss data protection law is largely based on the GDPR. However, some deviating terminology and requirements must be implemented in Swiss data protection law. Information requirements The Swiss Data Protection Act (DPA) standardizes the information obligations of the controller vis-à-vis the data subject (Art. 19 DPA). In the GDPR, the catalog of information to be […]

In the area of data protection law, the Catholic Church is governed by the Church Data Protection Act (KDG). The KDG is largely based on the GDPR, but there are some privileges in the KDG that the GDPR standardizes more strictly, e.g. the amount of the maximum fines. We assume the function of external data […]

In the area of the sponsors of the Protestant Church, the Church Act on Data Protection of the Protestant Church in Germany (DSG-EKD) applies to data protection in their companies and facilities. We assume the function of external data protection officer for companies and institutions, e.g., administrations, hospitals, academies, funding agencies, and child and youth […]

A lot of data is collected, processed and used in educational institutions and schools. The persons affected in the field of application of data protection in educational institutions and schools are pupils, parents, teachers, administrative officers, and the school administration. A lot of privacy compliant requirements need to be noted both with the organization of […]

Our law firm supports internal data protection officers by clarifying legal issues relating to data protection and by drafting, among other things, all necessary data protection-related documents, contracts, guidelines, company agreements, user regulations, legal or technical expert opinions, process descriptions, procedural instructions, work and organizational instructions, documents on IT security, etc. Furthermore, we provide training […]

Our law firm offers you the carrying out of data protection audit. Attorney Thomas Costard is an examined data protection auditor […]

For a comprehensive and data protection-compliant data protection management system, technical and organizational measures (“TOM”) must be implemented in the company in accordance with Art. 24 DSGVO, Art. 32 DSGVO and Section 64 BDSG, among others, and documented in the event of an inspection by the data protection supervisory authority. Every company, authority, institution or […]

The increase in multimedia influences and the need for constant communication in our society are driving the growing popularity of social networks. Facebook, WhatsApp, Instagram, TikTok, Twitter, YouTube, LinkedIn, XING, etc. are used across the board in both private and professional life. The constant expansion of the possibilities of social interaction allows any kind of […]

Health data protection is applied in hospitals, medical facilities and doctors’ offices. In addition to medical confidentiality, numerous data protection regulations must be observed. The federal states have enacted hospital laws whose legal standards must also be implemented. Establishing hospital administration that complies with data protection regulations and protecting patient data on wards is an […]

The tension between advertising and data protection and competition law presents companies, organizations and institutions that want to draw attention to themselves through advertising with not inconsiderable challenges under competition law and data protection law. Before implementing an advertising campaign and collecting, purchasing or transmitting customer data, the legal requirements must be carefully examined and […]

Social institutions, e.g. old people’s and nursing homes, KITAS, child and youth welfare institutions, advice centers, etc. collect, process and use a large amount of personal data. Much of this data is particularly sensitive and must therefore be treated confidentially under data protection law. In the area of social data protection, there is an extensive […]

Cloud computing refers to the dynamic provision, use and billing of IT services via a network in line with demand. These services are offered and used exclusively via defined technical interfaces and protocols. The range of services offered as part of cloud computing covers the entire spectrum of information technology and includes infrastructure (e.g., computing […]

Bring your own device (BYOD) means the use of private mobile devices, e.g. laptops, tablets and smartphones, for company purposes. Business documents of the company, organization or institution are stored on the employees’ private end devices. These can be e-mails, MS Office documents, technical documents or other documents. The secure and data-protection-compliant use of private […]

Observation by means of optical-electronic equipment, in particular video surveillance in companies, organizations and facilities, is becoming increasingly important. A wide variety of motives motivate those responsible to observe certain areas of their company, organization or institution by means of video surveillance equipment. Due to a possible violation of the right to informational self-determination and […]

There are numerous services that allow the user’s location to be determined. The so-called geolocation can be done via the IP address assigned by the Internet provider or via the mobile network. Determining the position of an Internet or mobile phone user can be very attractive or even necessary for a company, organization or institution […]

Radio frequency identification (RFID) refers to a microchip technology that enables objects to be detected without contact. These chips are scanned and supplied with energy by means of a radio transmission technology. The data obtained, e.g. on products, can be automatically transmitted to a downstream IT system. This technology is seen as a complement to […]