Skip to content

Cyber Security & Data Protection

The management bodies of a company are subject to a wide range of obligations arising from various areas of law, but also in connection with compliance with statutory data protection requirements and organizational, contractual and technical security measures.

In particular, those responsible should always maintain an overview of the liability situation of the management bodies with regard to data protection and/or compliance violations – a topic that is also increasingly becoming the focus of (administrative) court decisions.

Evaluation of the current state (due diligence)

We provide support and advice in connection with risk assessment and risk evaluation of existing (data protection) compliance or compliance that is still being established. Before establishing a compliance structure, the current status of the company should be evaluated and goals should be set. Based on the risk assessment, the compliance organization is to be designed with the objective:

The content of a compliance organization depends on the individual case and depends, for example to:

The voluntary implementation of such measures serves to minimize risks and benefits both the company itself and its stakeholders, management and employees.

In recent years we have, among other things

Data privacy compliance - avoiding liability claims

Violations of data protection law are sometimes associated with high penalties.

Preventive avoidance as well as defense against claims arising from directors’ and/or officers’ liability in this regard is one of our core competencies.

As a rule, liability presupposes that the responsible management body has acted culpably, not dutifully, in a specific situation.

In order to fulfill their statutory monitoring obligations in the best possible way, management bodies are required to implement internal control systems (ICS), which also include compliance and data protection management systems. These make a significant contribution to avoiding any potential liabilities.

Our consulting services include guidance and support in the design and implementation of a compliance organization.

In recent years we have, among other things

Data protection management system

We assist in the implementation of a data protection management system and provide support in the drafting and implementation of the necessary contracts.

The general compliance requirements and the resulting obligations to provide evidence should therefore be fulfilled by a data protection management system, thereby avoiding operational organizational culpability on the part of the responsible party.

Our services in this area include support and advice on setting up a data protection management system as part of compliance.

In recent years we have, among other things