Group Data Protection

Corporate groups face far more complex data protection requirements than stand-alone companies:

• Secure data transfer between group companies and with third parties;
• Data protection in cross-border data transfers to third countries (eg based on BCRs) in compliance with local data protection laws, which may vary substantially across jurisdictions;
• Uniform approach to handling and processing data (eg e-mails, employee data, telephone use, whistleblowing systems);
• Creating data pools;
• Data protection systems for the use of uniform software solutions;
• Works agreements with group/general works council under data protection aspects.

One of the major and most frequent challenges in group data protection is the absence of the possibility to implement a single, group-wide data protection solution. In most cases, the problems faced by the individual companies must be solved on an individual basis.

Scope of services

• Establishing data protection systems within the group
• Data transfer and data processing within groups
• Advising on the compliant handling of data, data management systems and IT tools
• Cross-border data transfer (eg under EU standard contract clauses)
• Appointment of data protection officers 
• Privacy notices and privacy policies
• Big data and data outsourcing via cloud computing
• Data protection compliance