Data Protection Law

Our data protection counseling enables the legally secure and innovative use of data.

With the digitization of their business processes, companies are more often facing challenges of data protection and IT security. The increasing sensitivity of business partners and customers regarding data protection law makes data protection issues a topic of corporate reputation and liability avoidance. In addition, the European Data Protection Basic Regulation creates new organizational obligations and greatly increased risks of fines. Our lawyers will advise you in a well-founded and at the same time pragmatic manner to avoid these risks without significantly impairing your business processes.

Data protection experts

Our team has extensive experience in providing legal data protection support to companies and institutions. As we constantly monitor the development of legislation, case law and the audit practice of the supervisory authorities, we can always guarantee advice to our clients that meets the current requirements of data protection law.

Comprehensive advice

Our data protection ranges from the answering of special questions to the design of complex data use models up to the comprehensive takeover of the operational data protection management. Due to the expertise of M&P in:

  • Commercial and corporate law,
  • Health law,
  • Mergers and Acquisitions
  • as well as in labour law

we can integrate data protection-compliant solutions into the consulting of your entire business activity.

For marketing measures, we design consent solutions for the use or transfer of personal customer data. In labour law, we draft tailor-made service and works agreements that regulate and enable the handling of employee data. In the run-up to legal disputes, our advice reduces the risks of prohibition of the use of evidence. For our clients in the healthcare sector, we create data protection compliant basics for regional healthcare networks or for the secondary use of clinical data. When cooperating with other service providers and carriers and when introducing digital solutions, we ensure the protection of the professional secrecy of doctors, dentists, pharmacists and other professionals of health care.

For company acquisitions, sales and restructuring, we assess the usability of existing data records in compliance with data protection regulations from due diligence to closing and also design legally compliant transfer solutions for asset deals.

Support of the companies in questions concerning data protection

On request, M & P permanently supports companies with individually compiled service packages in all data protection issues. We take care of both, the complete operational data protection management with formal appointment as external data protection officer and the function of a permanently available back-office for the internal data protection organisation. To ensure that business processes comply with data protection regulations, we have developed a three-phase model.

Three-phase model for implementing data protection measures

First, we carry out a weak-point analysis of your business model and its current data protection status. If necessary, we cooperate with renowned IT security experts. As a result, you will receive a realistic assessment of your liability risks and the necessary adjustment measures. A thorough assessment of the legal, organisational and technical set-up mostly results in synergy effects for the general business organization and security.

Second, an individual data protection management system will be set up or existing structures will be adapted. We support you in establishing lean organization charts and legally compliant process directories as well as in setting up contract management for order data processing (ADV) and any further adjustment measures. This includes above all the far-reaching obligations for proof and documentation, which must be applied since 2018 according to the European Data Protection Basic Regulation. Furthermore, we prepare training documents and, if desired, sensitize your employees in special workshops.

In the third and final phase our data protection experts as your permanent partners ensure together with you the long-term data protection conformity of your business activities. We accompany you in digitization projects as well as in daily business. In case of inquiries from customers or supervisory authorities and affected parties, we prepare the external communication promptly on request.

Contact person

Dr. Dominique Jaeger

Partner | Specialist Lawyer for Medical Law

Key aspects

  • Design and adaptation of data protection concepts
  • Preparation of expert opinions on complex data processing procedures
  • Position of the External Data Protection Officer
  • Advice/ back-office of the Internal Data Protection Officer
  • Advice on the conversion to the basic data protection regulation
  • Design of the crisis management in data protection law
  • Examination of notification requirements for data protection incidents
  • Staff training
  • Representation before supervisory authorities
  • Preparation and implementation of compliance measures
  • Takeover of the contract management according to data protection law
  • Accompaniment of internal educational measures within the company
  • Design of Due Diligence in compliance with data protection
  • Drafting and negotiation of company agreements