Menu
  • Locations
  • Services
  • Experts
  • Hot Topics
  • News & Knowledge
  • Career
  • About us
  • Search
  • Press
  • Events & Webinars
  • Contact
  • Language
  • Berlin
  • Cologne
  • Dusseldorf
  • Erlangen
  • Frankfurt
  • Hamburg
  • Hannover
  • Kolbermoor
  • Munich
  • Nuremberg
  • Regensburg
  • Rosenheim
  • Stuttgart
  • Tax
  • Legal
  • Advisory
  • Industries
  • Digital Solutions
  • DAC 6
  • ESG
  • FISG
  • Pillar Two
  • Tax Internal Control Framework
  • Brochures
  • News
  • Newsletter overview
  • Newsletter subscription
  • Overview
  • Culture
  • How we work
  • You&WTS
  • TALENTnetwork
  • Apply now
  • What Makes Us Stand Out
  • Our Clients
  • Our Employees
  • Awards
  • Corporate Responsibility
  • Our Management Team
  • Our History
  • Our locations
  • by Topic
  • Digital
  • Environment
  • Social commitment
  • Employee responsibility
  • Diversity
  • Press
  • Events & Webinars
  • Contact
English
German
  • English
  • German
WTS worldwide
  • WTS Global
  • Albania
  • Angola
  • Argentina
  • Armenia
  • Australia
  • Austria
  • Bangladesh
  • Belarus
  • Belgium
  • Benin
  • Bolivia
  • Bosnia & Herzegovina
  • Brazil
  • Bulgaria
  • Burkina Faso
  • Burundi
  • Cambodia
  • Cameroon
  • Canada
  • Chile
  • China
  • Colombia
  • Costa Rica
  • Croatia
  • Cyprus
  • Czech Republic
  • Denmark
  • Dominican Republic
  • Ecuador
  • Egypt
  • El Salvador
  • Estonia
  • Finland
  • France
  • Georgia
  • Germany
  • Ghana
  • Gibraltar
  • Greece
  • Guatemala
  • Guinea
  • Honduras
  • Hong Kong
  • Hungary
  • Iceland
  • India
  • Indonesia
  • Iran
  • Iraq
  • Ireland
  • Israel
  • Italy
  • Ivory Coast
  • Japan
  • Kazakhstan
  • Kenya
  • Korea
  • Kyrgyzstan
  • Laos
  • Latvia
  • Lithuania
  • Luxembourg
  • Macao
  • Macedonia
  • Madagascar
  • Malaysia
  • Mali
  • Malta
  • Mauritius
  • Mexico
  • Moldova
  • Mongolia
  • Montenegro
  • Morocco
  • Mozambique
  • Myanmar
  • Nepal
  • Netherlands
  • New Zealand
  • Niger
  • Nigeria
  • Norway
  • Pakistan
  • Panama
  • Paraguay
  • Peru
  • Philippines
  • Poland
  • Portugal
  • Puerto Rico
  • Romania
  • Russia
  • Rwanda
  • Saudi Arabia
  • Senegal
  • Serbia
  • Singapore
  • Slovakia
  • Slovenia
  • South Africa
  • Spain
  • Sri Lanka
  • Sweden
  • Switzerland
  • Taiwan
  • Tanzania
  • Thailand
  • Togo
  • Trinidad and Tobago
  • Tunisia
  • Turkey
  • Turkmenistan
  • Uganda
  • Ukraine
  • United Arab Emirates
  • United Kingdom
  • Uruguay
  • USA
  • Uzbekistan
  • Venezuela
  • Vietnam
  • Zambia
  • Services
    Services

    Learn more about our comprehensive services in the area of tax as well as relevant legal advice and financial advisory.

    Read more
    Tax Legal Advisory Industries Digital Solutions
  • Experts
    Experts

    Our employee structure combines the know-how of industry, consulting, financial management and IT in a very special way. Learn more about our experts.

    Read more
  • Hot Topics
    Hot Topics

    Overview of the current "hot topics" in the tax industry and how we can support with individual questions

    Read more
    DAC 6 ESG FISG Pillar Two Tax Internal Control Framework
  • News & Knowledge
    News & Knowledge

    Here you will find the latest news and topic specials on all aspects of taxation and financial advisory.

    Read more
    Brochures News Newsletter overview Newsletter subscription
  • Career
    Career

    Here you will find an overview of our development and qualification offers as well as employee offers and open positions. We look forward to getting to know you.

    Read more
    Overview Culture How we work You&WTS TALENTnetwork
    Apply now
  • About us
    About us

    Here you will find general information about the structure, special characteristics and history of WTS.

    Read more
    What Makes Us Stand Out Our Clients Our Employees Awards Corporate Responsibility
    Our Management Team Our History Our locations
  • Search
www.wts.de Home Services Data Privacy & IT Law

Data Privacy & IT Law

Challenges in dealing with the corona pandemic

The current developments in connection with the corona pandemic present companies worldwide with new challenges in terms of data protection. Companies must take measures to protect employees from infections and maintain business operations as well as possible to mitigate negative economic consequences. In this context, companies are faced with various challenges as to how to implement the necessary measures without being confronted with the considerable risk of fines under the EU General Data Protection Regulation (GDPR). In this context, various questions arise, such as the requirements in terms of

  • enquiries from staff/visitors about their stay in risk areas.
  • inquiries to employees/visitors about contacts with persons at risk.
  • the keeping of visitor lists.
  • taking measures to detect infections, such as taking fever readings or asking about symptoms.
  • evaluating mobile phone and/or GPS movement data in order to trace possible infection chains and warn people.
  • disclosure of information on infected persons to employees/visitors if contact may have been established.
  • the forwarding of information on infected persons and suspected cases to the authorities.
  • relocation of workstations to the home office.
  • coordination and agreements with works councils in this context.

In these matters data protection law in particular is of great importance and should be observed by companies in any case. For example, a breach of data protection regulations may result in the imposition of fines in accordance with the German Data Protection Act. This especially in the light of the fact, that the processing of personal data relating to confirmed or even suspected Covid-19 diseases regularly constitutes processing of health data. This kind of data is particularly protected by data protection law and the processing is subject to increased legal requirements which companies must observe.

Nevertheless, in the opinion of the supervisory authorities, processing may be permissible in individual cases on the basis of the employer's duty of care, for the purpose of preventive health care or on the basis of a public interest to protect against serious cross-border health risks. Whether and how a processing operation can be legitimized under data protection law depends on its sensitivity and the details, which is why an examination of planned measures must be based on the circumstances of each individual case. In this context, it must be taken into account that consent is not always the means of choice, as it must be freely given and sufficiently informed.

We support our clients in answering emerging questions in a practice-oriented manner and in subjecting planned solutions to a pragmatic assessment. In doing so, it is our goal and claim to achieve results that are as effective as possible and that are legally and economically justifiable. Our clients benefit from our many years of experience as a data protection lawyer or data protection officer for German and international companies and groups.

Data protection and IT legal challenges in times of increasing global mechanization

Increasing technology and internationalisation mean that data protection and IT law are becoming increasingly important. New technologies and trends present new challenges, such as

  • Cloud computing
  • Big data
  • Industry 4.0

In order to avoid liability risks, international companies must meet highly complex national and international data protection and IT compliance requirements and adapt and expand their data protection management systems accordingly. This especially holds true in light of the EU Data Protection Regulation (GDPR) and the new Federal Data Protection Act (BDSG), which comes into effect on 25 May 2018 in Europe and, respectively, in Germany, and which will set greater requirements for data protection management.

This will not only affect DAX and MDAX companies, but also small and medium-sized companies. Complex issues such as

  • Privacy by design and privacy by default
  • Data portability
  • Right to be forgotten
  • Data protection impact assessments, and
  • International data flows

must be implemented in line with the legal requirements in order to avoid the massive imposition of fines under the GDPR.

At WTS, we help our clients to develop practical and economically viable solutions. Where necessary, we consider not just the legal, but also the technical and organisational aspects, including the underlying business processes. In doing so, we take into account current international standards (e.g. ISO / IEC 27001) and new approaches, such as the standard data protection model of the conference of independent data protection authorities of the federal and state governments in Germany.

Our data protection and IT legal services portfolio includes design consultancy as well as strategic, individual and procedural advice, including representation vis-à-vis the supervisory authorities, affected parties and courts.

Our WTS experts can also provide an external data protection officer as defined in para. 4f BDSG (1990); Art. 37, para. 6 GDPR. By doing so, our clients will profit from our interdisciplinary and international consulting expertise. This allows for a cost-efficient and direct deployment as a data protection officer ("plug & play").

Our consulting services at a glance:

 

We revise, negotiate and prepare

  • Outsourcing contracts
  • Service Level Agreements (SLA)
  • Agreements for contractual data processing
  • Functional revision contracts
  • Standard EU contractual clauses
  • Contracts for the legitimation of internal data flow under data protection law

 

As well as drafting contracts, our experts also support in structuring internet sites and online sales portals (e- and m-commerce). We also support companies with centralisation and outsourcing measures (e.g. use of cloud services or shared service centres).

At WTS, we also create guidelines, concepts, operating procedures and declarations relating to data protection. These include declarations for

  • Data protection
  • Confidentiality, and
  • Consent
  •  

Furthermore, we support in implementing strategic projects. We assist with data protection compliant product development ("privacy by design"). In addition, we help to develop legally compliant and innovative marketing and sales concepts.

Advising on selecting a location for data processing is also one of our areas of expertise.


We support our clients in shaping their data protection organisation and data protection management in accordance with the GDPR and the BDSG 2018. This includes support with making data protection impact assessments or with the implementation of data protection audits as defined in Art. 32, para. 1 lit. d GDPR.

In addition, we carry out individual data protection and IT law assessments to allow room for manoeuvre or to uncover any existing risks. Our experts also advise on the conceptual design and implementation of internal processes that comply with data protection and IT law, for example when introducing business intelligence software or CRM or OBA applications.

In the event of an illegal data leak, we also provide our clients with comprehensive advice, check existing reporting requirements and, if necessary, represent them vis-à-vis the supervisory authorities. At WTS, we also support companies in reviewing or designing sensitive data processing that complies with data protection law, such as the collection of data as part of internal investigative measures or when introducing data loss prevention tools.

We also advise on implementing prior checks and preparing procedure directories. Furthermore we support in developing and implementing data protection compliant data clearing and blocking concepts as well as archiving processes.

In the event of inspections, requests for information, orders or the imposition of fines, we represent our clients vis-à-vis the supervisory authorities and courts.

We support companies in handling requests for information from affected parties and provide training to management, business units and data protection officers with respect to data protection issues, e.g. on the new challenges presented by the GDPR.


Main Contact
Prof. Dr. Thorsten Behling
Partner
Lawyer
Data Protection Officer
Cologne
+49 221 3489362-45
View Profile
Data Privacy & IT Law is a service of WTS Legal Rechtsanwaltsgesellschaft mbH.
Data Privacy Brochure
Data Privacy
View publication

Contact us today

Do you have any questions about our services or WTS? Please let us know. Please fill in our short contact form. We will get in touch with you as soon as possible.

Contact
About us
  • What Makes Us Stand Out
  • Our Clients
  • Awards
  • Corporate Responsibility
  • Quality Process Risk Management
Services
  • Tax
  • Legal
  • Advisory
  • Industries
  • Digital Solutions
Career
  • Overview
  • Culture
  • How we work
  • You&WTS
  • Apply now
News & Knowledge
  • COVID-19 Crisis team
  • Base Erosion and Profit Shifting (BEPS)
  • Tax Internal Control Framework
Transfer Pricing
  • Newsletter subscription
  • Newsletter overview
About Us
  • Our CEO
  • Our Board
  • Culture and Leadership
© 2022 WTS Company Information Disclaimer Data Protection Statement