Skip to main content

Data Privacy

Processing and transferring personal data in compliance with EU and German law is an important aspect of any company’s compliance program. We support our clients in preparing and implementing data privacy policies and procedures that are practical and in compliance with the law. We advise in all areas of data privacy law.

Protecting personal data is an ever-present issue and challenge for any company, in particular as information becomes increasingly digitalized and network systems become increasingly inter-connected.

With our many years of expertise, we support companies, public-sector institutions, associations, and non-profits in implementing data privacy policies and procedures that comply with the General Data Protection Regulation (GDPR), Germany’s Federal Data Protection Act, and other state-specific regulations. We, of course, also advise on practice-specific data privacy issues, including labor and employment matters, competition law, and IT law.

We review data processing procedures as requested by our clients and prepare the necessary legal texts and policies. In addition, we support our clients in responding to inquiries from data subjects (e.g., employees asking for information being maintained on them) and represent our clients vis-à-vis regulatory authorities and in litigation. We also offer training courses to our clients on data privacy matters and provide sample forms that our clients may use in their organizations.

Through our subsidiary, SCHIEDERMAIR Beratungsgesellschaft für Datenschutz mbH (SCHIEDERMAIR Consulting Company for Data Privacy with Limited Liability), our data privacy attorneys may also be appointed as an external data privacy officer for your company or organization.


  • Advise and provide support with preparing data privacy policies and procedures
  • Provide and maintain mandatory data privacy documents (e.g. mandatory legal notices, personal data processing parameters, personal data deletion plans, personal data protection impact assessments, IT guidelines)
  • Advise on introducing and implementing consent management systems, CRM databases, cloud systems, time recording systems, and other systems
  • Design of marketing guides as well as internet and social media presence
  • Conduct data privacy audits and employee training courses
  • Review and draft agreements with third parties pursuant to the GDPR (e.g. with personal data processors, joint responsibility issues), also in the case of cross-border data transfers
  • On-call support in the event of data breaches and respond to subsequent inquiries from data subjects
  • Represent and advise during data privacy regulatory authority investigations and with respect to proceedings before regulatory authorities
  • Provide external data privacy officer services and, for data controllers that do not have a direct presence in the European Union, serve as representative via our subsidiary SCHIEDERMAIR Beratungsgesellschaft für Datenschutz mbH (SCHIEDERMAIR Consulting Company for Data Privacy with Limited Liability)

Representative Matters

  • Ongoing data privacy advice to various institutions of a mid-sized Hessian municipality and the State of Hesse
  • Long-term advice on data privacy matters for a German online bank and a well-known credit mediation portal, including supporting client with inquiries from data subjects and representing it in proceedings before data privacy regulatory authorities
  • Comprehensive advice to a manufacturer and a store (online and via a branch network) for products for diabetics, including advising on quality management
  • Ongoing advice on data privacy law for a hotel chain with sites in Germany, Austria, and Switzerland
  • Long-term advice to a pharmaceutical manufacturer
  • Data privacy law advice to crowd-funding platforms
  • Advice to various volunteer institutions and associations in the health and nursing sector