Cookies on our website

We use cookies on our website. To learn more about cookies, how we use them on our site and how to change your cookie settings please view our cookie policy. By continuing to use this site without changing your settings you consent to our use of cookies in accordance with our cookie policy.

Read more Close
Skip Ribbon Commands
Skip to main content
Sign In



Data Protection

Effective data protection management and cyber security are central in a world of increasing digitisation and networking.

Efficient and cost-effective real time data collection, processing and transfer are an integral part of today’s information economy. The opportunities seem unlimited and offer various new prospects for companies but they are associated with certain risks.

The legal framework in this area is also changing fast and data protection provisions are tightening both nationally and internationally. This can be seen in particular in the recent ECJ rulings on data retention, the "right to be forgotten", the definition of "establishment" with respect to the applicability of domestic data law provisions and the concept of "safe harbour". This also applies to compliance based on boycott lists in, for example, the EU and the US.

Handling personal data associated with employees, business partners and clients properly – especially in an international context with different requirements in different jurisdictions – is more important than ever and requires a tailor-made approach and effective data protection concepts.

Our expertise

Allen & Overy’s data protection group experts have specialised in data protection law for many years, are able to cope with suddenly-changing legal frameworks and can provide practical solutions at any time. National data protection matters such as the appointment of a company data protection officer and the legally justified implementation of commissioned data processing agreements are part of our expertise. We advise on intra-group data transfers based on binding corporate rules (BCR) and on complex data protection projects like outsourcing of data via cloud computing. Our experts have extensive experience and specific knowledge in all matters of data protection and privacy law as well as connected legal areas such as telecommunication and multimedia law. This guarantees that our experts can provide the highest quality advice.
Due to increasing globalisation, corporate structures require an assessment of data protection legislation and principles on a domestic level, a European level and an international level. As the German data protection group forms an integrated part of our Global Data Protection Group (GDPR), clients can rely on an international network of leading data protection law experts, especially when it comes to complex international data protection projects.
The routine, close cooperation of our data protection group with other practice areas such as Employment, Corporate/M&A or IP as well as Banking/Finance is another essential asset for clients. Allen & Overy is able to provide a holistic approach on legal advisory matters.
The varied and long-term expertise of our experts, smooth and seamless collaboration with other practice groups and our global network are the key points most valued by our national and international clients. We have advised banks, insurance companies, car manufacturers, pharmaceutical companies and
clients in the telecommunication, logistics and online-gaming industries on data protection matters.

Our focus

Our experts advise on all aspects of national, European and international data protection and privacy law. This includes, inter alia:

  • Advice on legitimate handling of data, data protection systems and data protection policies
  • Data processing and transfer of data within corporate groups (via BCR)
  • Communication with data protection authorities
  • Designing and implementing whistleblowing systems compliant with data protection law
  • Drafting of data protection-compliant rules for telephone, internet and email use at work
  • Privacy notices and privacy policies
  • Appointment of data protection officers
  • Cross-border transfer of data based on data transfer agreements (EU Model Contract Clauses)
  • Analysis and evaluation of data related to legal breaches in the context of internal investigations
  • Co-ordination of proceedings under data protection law, including on an international level, such as US discovery proceedings
  • Data security and cyber security
  • Big Data and Cloud Computing
  • Commissioned data processing
  • Developing concepts and meeting data protection requirements related to “Fintech”


Your contact


Tobias Neufeld

Global Head of Employment & Benefits
Germany TobiasNeufeld





Find a lawyer

  • Expertise

  • Search Clear

  • Add comment (optional)