Group Data Protection
The bigger the corporate group, the greater the scope of data protection measures
Corporate groups face far more complex data protection requirements than stand-alone companies:
- Secure data transfer between group companies and with third parties;
- Data protection in cross-border data transfers to third countries (eg based on BCRs) in compliance with local data protection laws, which may vary substantially across jurisdictions;
- Uniform approach to handling and processing data (eg e-mails, employee data, telephone use, whistleblowing systems);
- Creating data pools;
- Data protection systems for the use of uniform software solutions;
- Works agreements with group/general works council under data protection aspects.
One of the major and most frequent challenges in group data protection is the absence of the possibility to implement a single, group-wide data protection solution. In most cases, the problems faced by the individual companies must be solved on an individual basis.
Scope of services
- Establishing data protection systems within the group
- Data transfer and data processing within groups
- Advising on the compliant handling of data, data management systems and IT tools
- Cross-border data transfer (eg under EU standard contract clauses)
- Appointment of data protection officers
- Privacy notices and privacy policies
- Big data and data outsourcing via cloud computing
- Data protection compliance
Explore our services
News and insights
Publications: 03 April 2024
China passes provisions to relax the cross-border data transfer regime
China has passed provisions which relax the current cross-border data transfer mechanisms. This comes as welcome news to the international business community, especially those with the need to export…
Publications: 01 April 2024
Anna Rudawski, cybersecurity response partner at Allen & Overy, discussed how the recent SEC rulings and increased liability pressures are impacting Chief Information Security Officers (CISOs), with…
Blog Post: 10 January 2024
CJEU rules that a credit score constitutes automated decision making under the GDPR
On 7 December 2023, the Court of Justice of the European Union (CJEU) issued a landmark judgment on Article 22 of the General Data Protection Regulation (GDPR), focused on decision making based solely…