Skip to content
Sub practice
Sub practice

Group Data Protection

The bigger the corporate group, the greater the scope of data protection measures

Corporate groups face far more complex data protection requirements than stand-alone companies:

  • Secure data transfer between group companies and with third parties;
  • Data protection in cross-border data transfers to third countries (eg based on BCRs) in compliance with local data protection laws, which may vary substantially across jurisdictions;
  • Uniform approach to handling and processing data (eg e-mails, employee data, telephone use, whistleblowing systems);
  • Creating data pools;
  • Data protection systems for the use of uniform software solutions;
  • Works agreements with group/general works council under data protection aspects.

One of the major and most frequent challenges in group data protection is the absence of the possibility to implement a single, group-wide data protection solution. In most cases, the problems faced by the individual companies must be solved on an individual basis.

Scope of services
  • Establishing data protection systems within the group
  • Data transfer and data processing within groups
  • Advising on the compliant handling of data, data management systems and IT tools
  • Cross-border data transfer (eg under EU standard contract clauses)
  • Appointment of data protection officers 
  • Privacy notices and privacy policies
  • Big data and data outsourcing via cloud computing
  • Data protection compliance

News & insights

Aluminium

News: 04 May 2022

Allen & Overy advises HALEX Holding on the sale of its toolmaking division

Allen & Overy has advised HALEX Holding GmbH, a portfolio company of private equity investor Bencis Capital Partners, on the sale of its toolmaking division (HALEX Extrusion Dies) in Germany and in…

Read more
people travelling

News: 24 February 2022

Allen & Overy advises TripActions on the acquisition of Comtravo

Allen & Overy has advised TripActions, a company for travel, corporate card and expense management based in Palo Alto, California, on the acquisition of all shares in Berlin-based Comtravo GmbH…

Read more
Person using laptop, security icon on sceen.

Blog Post: 13 December 2021

CJEU issues opinion in favour of allowing consumer organisations to bring representative actions against GDPR infringement

On 2 December 2021, the Court of Justice of the European Union (CJEU) published the Advocate General’s (AG) opinion in case C-319/20 (Facebook Ireland) (the AG Opinion) relating to the issue of…

Read more
Mobile phone with security app on screen

Blog Post: 26 July 2021

CJEU Advocate General interprets direct marketing by email and targeted advertising under ePrivacy Directive

On 24 June 2021, the Advocate General (AG) of the Court of Justice of the European Union (CJEU) issued his opinion on the preliminary ruling request submitted by Germany's Federal Court of Justice…

Read more