Legal advice on data protection

We are lawyers who provide advice on data protection law to ensure that our clients’ data processing activities comply with the law.

Professional advice on data protection by Scheja & Partner

Increasingly complex data protection requirements call for comprehensive advice on data protection from specially trained experts. No advice or poor advice can have serious consequences in the form of fines and damage to the reputation of the organization. This applies in particular to high-risk processing activities, such as processing of sensitive personal data, which require comprehensive data protection advice due to their relevance to the rights and freedoms of the data subjects.

The law firm Scheja & Partner advises exclusively in the area of data protection law. For this reason, our lawyers are highly specialized and have many years of experience in this complex legal field. The following aspects characterize our advice on data protection:

  • We know the legal particularities: The General Data Protection Regulation (GDPR) stipulates a number of overriding obligations which must always be fulfilled to ensure lawful data processing. In addition, however, there are also special requirements that must be taken into account for specific areas, such as employee data protection, health data protection or corporate data protection. We maintain an overview for you and point out special requirements.

  • We react in time to new requirements: Data protection law is subject to continuous change. In addition to the recent comprehensive data protection reformation, statements by supervisory authorities and decisions by the courts will continue to shape data protection law. Our lawyers observe legislative projects as well as the activities of supervisory authorities and courts and point out relevant changes.

  • We develop practical solutions: In a digitalized world, the processing of personal data is omnipresent. For effective business operations it is therefore essential to implement data protection requirements in a practicable way. In our consulting services, we always take into account the individual needs of our clients and develop solutions that are not only compliant with data protection laws but also practicable.

  • We guarantee a reasonable pricing: We want to offer our clients the advice on data protection they need. Therefore, we first determine the concrete need for advice and the tasks to be assigned to us. If desired, this also includes the implementation of an initial risk assessment and the designation as external data protection officer. In our individual offer, we consider the identified needs as a common basis for our future cooperation.

Our advice on data protection helps to implement legal requirements

To identify shortcomings in the implementation of data protection requirements, we offer an initial audit of existing data processing and data protection-relevant processes at the beginning of our advice on data protection. Subsequently, we support you in fulfilling the data protection legal framework. For this purpose, we develop individual projects for the introduction of a data protection management and draft tools and documents for the implementation of the legally required standards and processes. In order to comply with the legal documentation requirements, such as the record of processing activities, our advice on data protection also includes access to our data protection management system "PrivacyPilot".

Advice on data protection by a team of specially trained lawyers

We usually advise our clients with a team of lawyers who are familiar with the respective client and its specific requirements to ensure a continuous, individual advice on data protection.

All lawyers at Scheja & Partner are equipped with

  • comprehensive expertise in data protection consulting: No matter whether it is a legal norm, a statement of a supervisory authority or a court decision: We know the requirements and understand how they are implemented in a practical way.
  • a certification as data protection officer: Our lawyers have proven their qualification by passing an examination within the framework of a recognized certification procedure.
  • special data protection education: We ensure that our specialist lawyers receive further training and education to ensure that they are able to provide expert advice on data protection.

Professional advice on data protection minimizes liability risks

Due to the strict requirements of the GDPR, the liability of consultants is becoming increasingly relevant for the containment and shifting of liability risks. Data processing operations that are subject to high risks due to their innovative nature or the extent to which sensitive data is processed are in the focus of the supervisory authorities and therefore require professional advice on data protection. In the event of incorrect or poor advice, Scheja & Partner is regularly liable for up to 10 million Euro in individual cases. A higher amount of liability can be agreed separately for particularly risky advice on data protection.

Advice on data protection as external data protection officer

The service portfolio of Scheja & Partner not only includes comprehensive and sound advice on data protection. We also fulfil the function of an external data protection officer on request. Please feel free to contact us if you would like to receive further information about our services or the tasks as external data protection officer.

Legal advice on data protection: The most frequent questions

In the following we have answered the most frequently asked questions in connection with legal advice on data protection:

Professional advice on data protection ensures compliance with the complex legal requirements of data protection law. First and foremost, it ensures the lawful processing of personal data. It also helps to comply with the other requirements of the GDPR. This includes, for example, the correct documentation of processing activities or the provision of comprehensible data protection information. Professional data protection advice is always provided on an individual basis, tailored to the client's needs and without losing sight of the client's day-to-day business.

In addition to the extent and complexity of automated data processing, the requirements for its lawful execution have also increased. Moreover, data subjects must be fully informed about the processing of their personal data and their rights must be taken fully into account. In the event of violations, the GDPR stipulates serious sanctions. Professional advice on data protection guarantees lawful data processing and compliance with the further requirements of data protection law in order to avoid fines and claims for damages by the data subjects.

On the one hand, the aim of professional advice on data protection is to support the organization in ensuring the lawfulness of its data processing. This is usually done by introducing an effective data protection management that establishes binding processes and standards for processing of personal data for all employees. In addition, advice is provided on individual enquiries, for example to ensure that data processing in day-to-day business is conducted in a legally compliant manner or to process requests from data subjects for access to personal data or erasure of personal data in compliance with the GDPR.

The designation as external data protection officer does not necessarily go hand in hand with advice on data protection. On the one hand, the designation of a data protection officer may not be required by law, for example because a non-public organization has less than 20 employees who constantly process personal data. On the other hand, the function of a data protection officer may already be performed by an employee of the organization. If desired, however, data protection advice can of course also include the designation of an external data protection officer, even if this is not required by law.

Without or with poor advice on data protection, there is for example a risk of unlawful processing of personal data. In addition, the extensive other requirements of the GDPR could be violated. In such cases, supervisory authorities may issue orders or bans. However, they can also impose fines of up to 20 million Euro or 4% of the annual turnover achieved worldwide. Long-term damage to the reputation of the organization is also conceivable. A professional data protection advice minimizes such risks considerably.