Having regard to the extremely wide range of personal data and the fact that natural persons, legal persons or any other organization may be data controllers, we can declare that potentially all businesses will have to face data protection compliance obligations. The series of tasks relating to data protection have not yet been completed with the introduction of GDPR in 2018 and the development of the relevant internal systems, they have just begun. Data protection defines almost all elements of company operation: the marketing activities of the companies concerned, the operation of a website, the monitoring of employment matters and jobs all raise questions of data protection.
Our employees engaged in data protection have extensive expertise and experience in competition law, intellectual property and corporate, employment and economic law.
A data protection violation may also affect other legal areas; it may be civil law where the right to the protection of personal data is a specified right relating to personality or even criminal law. A violation of a specified right to personality committed by a certain data protection violation may lead at the same time to a data protection civil law and a criminal law sanction. In criminal law, the abuse of personal data is a criminal act and if the data protection authority identifies grounded suspicion of committing a criminal act in a procedure, it will initiate a criminal proceeding.
Data protection related non-compliance represents a serious risk defined and in certain cases arising parallelly in multiple branches of law. You can rely on our legal team in the effective management of this risk.
Our data protection services cover the following areas:
A. For data controllers
1. Data protection due diligence and recommendation
- identification of the areas of operation of the organization potentially concerned by data protection and mapping of the related processes
- identification of data management processes regarded relevant for the purposes of legal regulations
- identification of the specific obligations prescribed by law applicable to the processes of the client, identification of potential deficiencies relating to data protection legal compliance and the areas needing correction
- preparation of an action plan with specific recommendations in order to eliminate the risks identified as a result of the due diligence
2. Data protection documentation
- implementation of the recommendations defined in the action plan
- preparation or amendment of the necessary regulations
- assistance in data protection impact analyses
- organization of records
3. Representation in procedures
- legal representation of persons and organizations qualifying as data controllers in procedures in front of the data protection authority and in subsequent relating litigation
- representation in civil law procedures relating to the violation of rights relating to personality
- defendant’s representation in criminal law proceedings relating to cases of abuse of personal data
B) For natural persons qualifying as data subjects
In the case of any abuse of personal data:
- legal representation in the area of data protection law
- enforcement of civil law claims in the case of violations of personal data related rights relating to personality
- representation of the aggrieved party in criminal law proceedings relating to the abuse of personal data.