Cookies on our website

We use cookies on our website. To learn more about cookies, how we use them on our site and how to change your cookie settings please view our cookie policy. By continuing to use this site without changing your settings you consent to our use of cookies in accordance with our cookie policy.

Read more Close
Skip Ribbon Commands
Skip to main content
Sign In

Practices

Language:
DE EN
 

Data and Data Protection

Is your data sufficiently protected? Are you exploiting the full potential of your data inventory?

Data is referred to as the “new oil of the 21st century” and can have the same disruptive and asset-building effect as the “black gold” of the last century. Today, efficient and cost-effective real-time data collection, processing and transfer inevitably constitute an integral part of a company's assets. The apparently unlimited possibilities open up manifold prospects, including for future business models, but they also bring certain risks. Effective data protection management and cyber security are of central importance in a world of increasing digitisation and networking (keywords: “Smart Home” and “Internet of Things”). In the light of the importance of data for companies, it is surprising that value of a company's data or data inventory is not yet explicitly reported in its annual financial statements or balance sheet.​

Your challenges

How can data be used strategically in line with the respective business model and in compliance with the statutory limits?

Where “raw data” can be collected, processed and transferred by companies to the relevant parties in order to influence decisions in real time, the value of such raw data is maximised. This can only be successful, however, if the relevant applicable statutory limits are complied with, since data collected unlawfully must be deleted and may no longer be used. In order to be able to even initiate these processes, however, companies must record and evaluate their data inventory, and in particular so-called “dark data”, in a sort of stocktaking process. Such inventory analyses frequently open up new possibilities for alternative business models, eg in the “FinTech” or “InsurTech” fields.

Do you offer sufficient protection for third-party data?

Handling the personal data of employees, business partners and clients, for instance, properly and in a legally compliant manner – especially in a cross-border context with different data protection levels in different jurisdictions – has therefore become more important than ever and requires a tailor-made approach and effective data protection strategies.

The legal framework in the field of data protection in particular is subject to constant change, usually to become more rigid, both at a national and international level, eg currently under the General Data Protection Regulation (GDPR).

Our expertise

The lawyers in Allen & Overy's Data Protection Group have specialised in data protection law for many years and support companies at every step in the course of initialising, inventory-taking, evaluating, action planning for and implementing projects involving data protection issues. In this context, our expertise is not limited to data protection law as such, but also includes legal support in connected areas such as telecommunications and telemedia law as well as information security. Our goal is to support companies right from the start within the scope they need and specify. Our approach focuses on individual alignment in response to internal requirements and processes and on the integration of existing relationships with other service providers.

Data protection law is not only determined by national requirements, however. As the German Data Protection Group forms an integral part of the firm's Global Data Protection Group, clients can rely on our international network of leading experts in the field of data protection law, especially when it comes to complex data protection projects.

We cooperate closely with experienced experts from other practice areas such as Employment & Benefits, Corporate/M&A and Intellectual Property as well as Banking/Finance .

Scope of services

Allen & Overy's data protection lawyers advise on all aspects of national and European data protection law. The team has long-standing experience in the following key areas of advice in particular:

  • Implementing and adjusting systems and processes to comply with amended statutory or regulatory requirements (eg General Data Protection Regulation, revised Federal Data Protection Act (Bundesdatenschutzgesetz; BDSG-neu) or IT Security Act (IT-Sicherheitsgesetz))
  • Advising on the compliant handling of data, data management systems and IT tools
  • Data transfer and processing within corporate groups and cross-border data transfer (eg under EU standard contract clauses or binding corporate rules (BCRs))
  • Data security and cyber security
  • Data protection compliance
  • External investigations, including in an international context (eg US/UK discovery proceedings )
  • Internal investigations: analysis and evaluation of data in the case of legal breaches in the context of internal investigations
  • Data litigation (communication with supervisory authorities and litigation, both in court and regulatory)
  • Privacy notices and privacy policies
  • Big data/data mining
  • Outsourcing via cloud computing and commissioned data processing
  • Data protection requirements and concepts related to “FinTech” and “InsurTech”
  • Data reputation (securing appropriate market perception through cooperation with Germany's leading communications consultancy)
  • Designing and implementing whistleblowing systems compliant with data protection law

In addition to traditional legal advice, we also offer our expertise in the context of presentations and seminars. 

What others say about us

  • “The firm has a strong team.” (Chambers Europe 2016, Data Protection)
  • “A superb standard of service that always meets requirements.” (Legal 500 2015, Data Protection)
  • Jens Matthes is “a leader in his field”. (Chambers Global 2015)

A few references

  • A major European energy supplier in connection with a due diligence in respect of data protection law conducted for the numerous general terms and conditions documents for various group companies regarding compliance with the BDSG and the GDPR in connection with the largest European outsourcing project in the field of utilities. Advising on the transfer of various data categories to third countries, including other European countries, taking into account specific new requirements, e.g. the German Act on Operating Meters and Data Communication (Messstellenbetriebsgesetz; MsbG), and evaluating all IT-relevant works agreements (interface with employment law).
  • A multinational pharmaceuticals group in connection with various projects related to data protection law:
    • introducing a customer relationship management system;
    • introducing an internal knowledge management system;
    • introducing a data loss prevention system and a system for screening e-mail and internet traffic;
    • introducing an internal document sharepoint system.
  • An Asian bank in connection with a global investigation project by coordinating and planning the internal investigations for Germany and cross-border consultations. Assessing various options for transferring data to the USA, preparing numerous contracts (agreement for contract data processing pursuant to section 11 BDSG; data transfer agreement with service provider, standard contract clauses with contract data processor, intra-group agreement with nine parties as data processors and data controllers). Preparing a works agreement on e mail screening and negotiations with the works council (interface with employment law).
  • TUI AG on data protection issues in connection with the sale of the Travelopia division, which involved coordinating the data protection law teams from six countries in total (including the USA, UK, France and Australia) with a view to performing the due diligence and negotiating/drafting the SPA with a digital business model.
  • One of the largest Asian internet companies in the world in respect of development cooperation with German industry partners in the field of mapping and navigation software for autonomous vehicles; the project is of strategic significance for all parties involved.
  • A world-leading US social media platform in the context of the proposed acquisition of a German video editing startup. The project focuses on complex issues regarding rights ownership for software (and other IP) following spin-off from a university. In addition, the technology implemented by way of the relevant software is protected by multiple patents as a computer-implemented invention.

Your contact

 

 

Find a lawyer


  • Expertise


  • Search Clear


  • Add comment (optional)