Advisory services of SKW Schwarz Rechtsanwälte in Data Protection Law

Implementation of the General Data Protection Regulation (GDPR) in the company

  • Individualized gap analysis of data protection compliance in the company in accordance with the GDPR standard

  • Drafting tailor-made implementation proposals in the company, taking into account the risk-based approach of the GDPR and national accompanying legislation

  • Implementing a comprehensive data protection organization in the company and within the group

  • Drafting an internal corporate responsibility concept for the implementation of data protection obligations

Data protection organization in the company

  • Drafting and implementing simple or extended records of processing activity to meet the accountability requirements of the GDPR

  • Drafting and implementing a uniform risk model for company-wide understanding of data protection

  • Drafting a data breach notification plan

  • Crisis management for actual and alleged data protection violations

  • Identifying suitable technical and organizational measures to ensure compliance with the requirements of Article 32 GDPR

  • Individual implementation of the new requirements of the data protection impact assessment in accordance with Article 35 GDPR

  • Drafting design proposals to implement the new requirements of privacy by design and privacy by default

  • Advising on and supporting data protection audits

  • Advising internal data protection officers

  • Providing interim data protection officers or national representatives in accordance with Article 27 GDPR

  • Advising on setting up a group-wide data protection organization

Contract management

  • Drafting tailor-made model contracts for order processing from client and contractor perspectives

  • Drafting tailor-made framework agreements for implementing data protection requirements for the international movement of data, in particular for complex matrix structures

  • Reviewing and adapting third-party contracts and supporting contract negotiations

  • Drafting additional model documents for declarations of consent, NDAs and mandatory information

  • Guideline for the delimitation of order processing, joint controllership, and complex mixed structures

Dealing with the rights of data subjects

  • Drafting and implementing individual solutions for data protection-compliant implementation of the rights of data subjects in accordance with Article 12 et seqq. GDPR

  • Drafting individual erasure concepts in consideration of archiving and backup systems

  • Designing and implementing internal data protection guidelines, in particular on the handling of personal data by employees

  • Employee training adapted to the needs of the company’s specialist departments, such as HR, IT, Purchasing, Sales, Marketing, and Management.

  • Designing and implementing monitoring measures

  • Model letters for responding to inquiries (erasure/information. etc.)

  • Providing a guideline on how to deal with inquiries from data subjects (e.g., identification, etc.)

International data protection

  • Reviewing and data protection-compliant design of data transfers in international data protection

  • Data protection-compliant design of intra-group international data transfers with drafting of corresponding framework agreements

Intra-group data protection

  • Designing and implementing contracts for intra-group data transfer, in particular in matrix organizations

  • Advising on group-wide centralizing or diversifying of IT services

Employment data protection

  • Adapting old company agreements to the requirements of the GDPR

  • Designing and implementing rules for the use of operational IT infrastructure and private IT in the operational context

  • Identifying the need for declarations of consent in the employee context and drafting corresponding models

  • Drafting and implementing rules for video surveillance, employee tracking

  • Drafting and implementing whistleblowing systems

Designing digital business models in compliance with data protection requirements

  • Reviewing and advising on legally compliant redesign and new establishment of digital business models

  • Reviewing and advising on the legally compliant design of digital data-driven products in the areas of Big Data and Internet of Things

  • Drafting corresponding IT model contracts

Data protection litigation

  • Out-of-court conciliation negotiations

  • Representation before state courts up to the CJEU

  • Defending against material and immaterial claims for damages

  • Defending against claim registration actions of consumers against debt collection companies and credit agencies

Supervisory authorities

  • Conflict management with data protection regulators to avoid and reduce regulatory actions

  • Support at every stage of administrative proceedings towards data protection supervisory authorities

  • Legal representation towards data protection supervisory authorities