Cyber Security & Data Protection
The management bodies of a company are subject to a wide range of obligations arising from various areas of law, but also in connection with compliance with statutory data protection requirements and organizational, contractual and technical security measures.
In particular, those responsible should always maintain an overview of the liability situation of the management bodies with regard to data protection and/or compliance violations – a topic that is also increasingly becoming the focus of (administrative) court decisions.
Evaluation of the current state (due diligence)
We provide support and advice in connection with risk assessment and risk evaluation of existing (data protection) compliance or compliance that is still being established. Before establishing a compliance structure, the current status of the company should be evaluated and goals should be set. Based on the risk assessment, the compliance organization is to be designed with the objective:
- eliminate risks that have arisen as far as possible; or
- minimize
The content of a compliance organization depends on the individual case and depends, for example to:
- the size of the company
- the regulations to be complied with by the respective company, or
- previous grievances and irregularities.
The voluntary implementation of such measures serves to minimize risks and benefits both the company itself and its stakeholders, management and employees.
In recent years we have, among other things
- audited the data protection compliance of a listed company
- Providing companies with comprehensive advice on (data protection) compliance
- Advise companies on board or management due diligence in connection with data privacy compliance
- advise on the formulation of compliance guidelines
- Opinions issued on liability-avoiding compliance organizations
Data privacy compliance - avoiding liability claims
Violations of data protection law are sometimes associated with high penalties.
Preventive avoidance as well as defense against claims arising from directors’ and/or officers’ liability in this regard is one of our core competencies.
As a rule, liability presupposes that the responsible management body has acted culpably, not dutifully, in a specific situation.
In order to fulfill their statutory monitoring obligations in the best possible way, management bodies are required to implement internal control systems (ICS), which also include compliance and data protection management systems. These make a significant contribution to avoiding any potential liabilities.
Our consulting services include guidance and support in the design and implementation of a compliance organization.
In recent years we have, among other things
- audited the data protection compliance of a listed company
- Providing companies with comprehensive advice on (data protection) compliance
- Advise companies on board or management due diligence in connection with data privacy compliance
- advise on the formulation of compliance guidelines
- Opinions on liability-avoiding compliance organizations and data protection management systems issued
- Advise governing bodies on cyber security insurance policies
Data protection management system
We assist in the implementation of a data protection management system and provide support in the drafting and implementation of the necessary contracts.
The general compliance requirements and the resulting obligations to provide evidence should therefore be fulfilled by a data protection management system, thereby avoiding operational organizational culpability on the part of the responsible party.
Our services in this area include support and advice on setting up a data protection management system as part of compliance.
In recent years we have, among other things
- advise on the formulation of compliance guidelines
- audited the data protection compliance of a listed company
- Providing companies and their management bodies with comprehensive advice on (data protection) compliance
- advise on the formulation of compliance guidelines
- Opinions on liability-avoiding compliance organizations and data protection management systems issued