Skip to content
Sub practice
Sub practice

Group Data Protection

The bigger the corporate group, the greater the scope of data protection measures

Corporate groups face far more complex data protection requirements than stand-alone companies:

  • Secure data transfer between group companies and with third parties;
  • Data protection in cross-border data transfers to third countries (eg based on BCRs) in compliance with local data protection laws, which may vary substantially across jurisdictions;
  • Uniform approach to handling and processing data (eg e-mails, employee data, telephone use, whistleblowing systems);
  • Creating data pools;
  • Data protection systems for the use of uniform software solutions;
  • Works agreements with group/general works council under data protection aspects.

One of the major and most frequent challenges in group data protection is the absence of the possibility to implement a single, group-wide data protection solution. In most cases, the problems faced by the individual companies must be solved on an individual basis.

Scope of services
  • Establishing data protection systems within the group
  • Data transfer and data processing within groups
  • Advising on the compliant handling of data, data management systems and IT tools
  • Cross-border data transfer (eg under EU standard contract clauses)
  • Appointment of data protection officers 
  • Privacy notices and privacy policies
  • Big data and data outsourcing via cloud computing
  • Data protection compliance

News & insights

Publications: 30 JUNE 2020

Webinar: Cybersecurity – How to respond to an incident

Allen & Overy partners with leading security experts, Kroll, to discuss how to respond to a cybersecurity incident. In light of the heightened threat level due to remote working and disruption caused…

Read more
Abstract graphic

Publications: 19 JUNE 2020

Covid–19 coronavirus: emerging data protection and cybersecurity guidance (Updated 18 June 2020)

The Covid-19 coronavirus is creating a need for organisations to process personal data, for a variety of specific purposes (including managing and protecting their workforce, customers and the…

Read more
Computer hardware

Publications: 29 MAY 2020

Active user consent is required, while previously practiced opt-out mechanisms are unlawful

On 28 May 2020, the German Federal Court of Justice (Bundesgerichtshof; BGH) issued its decision in the Planet49 case that had previously been referred to and decided on by the Court of Justice of the…

Read more

Publications: 20 MAY 2020

Warsaw podcast - GDPR in M&A transactions

Justyna Ostrowska, senior associate in Allen & Overy Warsaw, advises clients on new technologies, intellectual property and data protection law. In her podcast, she discusses the various stages of a…

Read more