Data Protection

Broad-based expertise in all areas

Over recent years, data protection has increasingly become the focus of public attention. Ongoing digitalization is fuelled by data, and optimizing the use of new technical opportunities in collecting and analysing information is crucial to competitiveness. At the same time, fundamental reforms to data protection law have placed firm limits on the permissibility of processing personal data, set high requirements as to how companies organize their data protection, and threaten tough penalties in the event of legal breaches. Thus, data protection compliance constitutes one of the key risk avoidance strategies for companies.

As a full service law firm, we have for many years taken an integrated approach in advising German and foreign companies on data protection and its interfaces with all relevant legal areas, including IT, corporate, antitrust and employment law.

Leaders League 2022

“Highly recommended law firm for Data protection. (client)”

Data protection and compliance structures

EU data protection law places special demands on companies regarding data protection management and organization. We develop tailor-made compliance programmes to minimize the risk of fines. And we advise on how to implement the General Data Protection Regulation, supporting companies in making the necessary modifications to their data protection organization and infrastructure.

On behalf of our clients, we review organisational structures and documentation processes and develop data protection guidelines, declarations of consent and company guidelines that exactly fit our clients’ needs. We also offer our clients training sessions (face-to-face or online) in implementing in-company data protection compliance rules in order to strengthen awareness within the company.

Securing internal investigations and whistleblowing systems under data protection law

We assist companies in internal investigations to clarify compliance violations and in reacting to such violations. This includes handling employees’ personal data in a legally sound and practical manner, organizing and ensuring legal compliance in evaluations of email communication, and checking the permissibility of data transfer to group companies and public authorities in states outside the EU.

We also shape internal whistleblowing systems to comply with data protection laws, both in Germany and internationally, and negotiate the necessary rules  with employee representatives.

Data protection advice on IT projects and cloud computing

Our clients profit from our many years of experience in dealing with all kinds of major IT projects. In data protection, we advise on IT outsourcing, on migrating IT functions to the cloud, and on transitional service agreements in the framework of transactions, for example.

For IT product and service providers as well as for their customers, we structure the requisite data protection agreements and terms of use, e.g. for commissioned data processing agreements and remote servicing of IT systems.

Data protection in employment law

Digitalization is changing the world of work faster than the legal framework of employment law is changing. In companies with works councils, we negotiate how digitalized processes will be introduced and how technical opportunities in staff monitoring can be handled in an up-to-date manner. Additionally, we advise companies on using their systems such as email and internet as well as on matters like bring your own device or home offices and the relevant aspects of employment and data protection law.

Data protection in the healthcare sector (sensitive data)

For the healthcare sector, digital progress means major opportunities as well as special data protection challenges given the highly sensitive nature of health data and genetic information.

We advise healthcare sector players such as statutory health insurance funds, drug and medical device manufacturers, pharmacies, trade associations, ambulatory healthcare centres and clinic groups on all relevant legal issues. These include IT outsourcing projects, research initiatives (including use of big data analyses and biobanks), transactions, and structuring online presence.

Cross-border data exchange / data transfers within the group

We advise our clients in Germany and abroad on all issues raised by cross-border exchange of personal data, such as in connection with transactions or where global customer or staff databases are planned, in connection with telematics, on data transfer within corporate groups etc.

Global reach

Internationally, our clients profit from integrated advice from our international network on various data protection rules outside of Germany. In cases extending across jurisdictions, we work together with top international law firms on a steady basis of trust, offering a one-stop shop for optimal advice on each case.


Gleiss Lutz advises Marubeni on its investment in RCB Nanotechnologies Mandate
Data 360° – Data Act now in force Article
Gleiss Lutz advises Global Payments on a joint venture with Commerzbank Mandate
Gleiss Lutz advises Sekisui Jushi on acquisition of WEMAS TopCo Mandate
Gleiss Lutz berät HENSOLDT beim Erwerb des Verteidigungssystem- und Sicherheitstechnologieanbieters ESG Mandate
Gleiss Lutz ernennt vier neue Partner und vier neue Counsel Article

All news

More experts