GDPR | data protection.

multidisciplinary consulting.

Data protection includes a variety of specialty fields, and requires the close cooperation of specialist attorneys of different disciplines. This is where the multidisciplinary orientation of the law firm offers our clients decisive advantages. Our specialist attorneys for IT law, copyright law, competition law, labor and social law, our auditors and IT auditors work in a team. They advise and support our clients in all aspects of rule-consistent conduct in data protection, among other things: with comprehensive data protection audits, with employee data protection, with complying with the German principles for the proper management and storage of books, records and documents in electronic form, as well as data access (GOBD), and with the legally secure collection, storage, and use of customer data, in particular, in so-called customer databases.

range of consulting services.

customer data protection.
data protection.
employee data protection.
data protection officers.
gobd.
confidentiality.
data protection audit.

customer data protection.

Handling customer data in conformity with the law is an essential element of compliance systems in companies. This involves the issue of the legally secure collection, storage, and use of customer data, in particular in so-called customer databases, such as for example, in newsletter dispatch and customer loyalty systems.

subject areas.

  • Obligations to provide information vis-à-vis customers
  • Legal foundation for individual customer data
  • Advertising measure such as newsletters, customer loyalty systems, etc.
  • Interfaces with competition law
  • Rights of affected customers

services.

  • Consultation for, and preparation of data protection statements and data protection information for customers, business partners, etc.
  • Counsel with respect to permissible configuration options for processing customer data, as well as drafting and preparing consent declarations (online and offline)
  • Guidance and support for the purpose of introducing advertising concepts, for example, newsletter dispatch or other customer loyalty systems
Dr. Andreas Katzer
  • Phone +49 821 57058-0
    +49 172 8695160
  • Fax +49 821 57058-153
  • Email andreas.katzer@sonntag-partner.de
TO THE PROFILE

data protection.

The specialist attorneys in our multidisciplinary working teams advise and support our clients in all relevant data protection subject areas — from general principles to a data protection-compliant home page, to strategies for providing information and carrying out deletion processes, all the way up to a comprehensive advance data protection assessment.

subject areas.

  • Data protection instructions for companies, foundations, associations
  • Consent declarations
  • Data protection-compliant homepage (data protection statement, legal notice, newsletter)
  • Schedules of processing activities, procedural documentation, data protection procedures

services.

  • Comprehensive consulting on all questions surrounding data protection
  • Support with the customized preparation of documentation and its implementation in the company
  • Creating holistic solutions and solution packages, including for IT questions
  • Linking data protection and compliance management systems
  • Preparing comprehensive manuals for certain target groups (such as associations for their member companies)
  • Support and representation for out-of-court and judicial disputes with regulatory authorities, competitors and data subjects
  • Documentation of the technical and organizational measures
  • Data protection guidelines and data protection manuals
  • Order processing agreements
  • Strategies for providing information and carrying out deletion
  • Risk assessments
  • Advance data protection assessment
Dr. Andreas Katzer
  • Phone +49 821 57058-0
    +49 172 8695160
  • Fax +49 821 57058-153
  • Email andreas.katzer@sonntag-partner.de
TO THE PROFILE

employee data protection.

Employee data protection is a central factor in every company’ compliance with data protection law. On the one hand, it includes employee personal data, and on the other hand, the training of employees in the data protection-relevant handling of personal data of customers and business partners.

services.

  • Legal principles for processing the personal data of employees in the employment relationship
  • Data subject rights of employees
  • Support in preparing comprehensive data protection information for employees
  • Consulting with respect to the permissibility of, and configuration options for data processing in the employment relationship, as well as the conception and preparation of legal foundations in the form of consent declarations or works agreements
  • Counsel with respect to data protection law implications in the formation, performance, and termination of the employment relationship
  • Support in obligating employees to observe data protection rules
  • Conducting employee training
  • Reviewing the interaction between data protection and protecting trade secrets
Dr. Andreas Katzer
  • Phone +49 821 57058-0
    +49 172 8695160
  • Fax +49 821 57058-153
  • Email andreas.katzer@sonntag-partner.de
TO THE PROFILE

data protection officers.

As an advisor in the area of data protection, we are in contact with data protection officers in a variety of ways, and can also offer assistance in the search for a suitable data protection officer via our network.  
Prof. Dr. Ulrike Trägner
  • Phone +49 731 379 58-0
    +49 172 7760186
  • Fax +49 731 379 58-20
  • Email ulrike.traegner@sonntag-partner.de
TO THE PROFILE

gobd.

The principles for the proper management and storage of books, records and documents in electronic form, as well as data access (GOBD) for all companies, associations, and foundations. We support our clients in consistently and reliably implementing the requirements of the GOBD.

services.

  • Evaluation of compliance with legal parameters
  • Restructuring existing processes while observing legal parameters
  • Implementation of monitoring mechanisms
  • Procedural documentation
  • Tax compliance management system (CMS)
  • Rights and user concepts
  • Sensitizing employees
  • Evaluating existing processes for GOBD conformity, where necessary, adaptation
  • Creating concepts related to rights and users, as well as implementing control mechanisms for monitoring their observance
  • A knowledgeable partner in implementing TAX CMS systems
Jörg Seidel
  • Phone +49 821 57058-0
  • Fax +49 821 57058-153
  • Email joerg.seidel@sonntag-partner.de
TO THE PROFILE

confidentiality.

In our multidisciplinary-oriented team, we advise our clients in all relevant subject areas surrounding the protection of, and effective utilization of trade secrets. These can be of superlative value — not only for technology companies. Confidential business information and operational know-how (such as manufacturing methods, customer and supplier lists, business strategies, company data, market analyses, prototypes, formulas, but also research results) are sometimes the decisive factor for a company's success — as long as a third party does not profit from this (without permission).

services.

  • Implementing suitable confidentiality concepts
  • Categorizing relevant business information and operational know-how
  • Linking confidentiality concepts and compliance management systems
  • Contract drafting (evaluation and adaptation of contractual protective measures)
  • Support for technical and organizational protective measures
  • Support in sensitizing employees and contract partners
  • Representation in out-of-court and judicial disputes arising from employment relationships
  • Representation in out-of-court and judicial disputes vis-à-vis contract/cooperation partners and competitors
  • Protection of intellectual property (IP)
  • Contract management
  • Evaluation and adaptation of cooperation agreements, subcontractor agreements, supplier contracts
  • Research and development agreements
  • Employment contracts and contracts with freelancers
  • Nondisclosure agreements (NDA)
  • Letter of intent (LOI) and share purchase agreements and other company acquisition agreements
  • Reasonable contractual penalty provisions
  • Exploitation of confidential business information and operational know-how through licensing agreements
  • Individual contractual restrictive clauses to prevent reverse engineering
  • Whistleblowing
Julian N. Modi
  • Phone +49 821 57058-0
  • Fax +49 821 57058-153
  • Email julian.modi@sonntag-partner.de
TO THE PROFILE

data protection audit.

Complex data protection requirements according to the EU General Data Protection Regulation make the situational requirements for companies unclear. We review all of the procedures surrounding data protection for our clients and the appropriateness of the respective data protection environment.

subject areas.

  • Conducting a process analysis
  • Developing recommended actions
  • Data protection Quick-Check
  • Evaluation of the principles, procedures and measures in accordance with the EU General Data Protection Regulation and the Federal Data Protection Act (IDW PH 9.860.1) [Institute of Public Auditors in Germany, Incorporated Association, audit instruction].
 
Frank Layher
  • Phone +49 821 57058-0
    49 173 6341112
  • Fax +49 821 57058-153
  • Email frank.layher@sonntag-partner.de
TO THE PROFILE
TOP