Laura Novakovski Ouerghemi

Rechtsanwältin, Fachanwältin für Informationstechnologierecht & Zertifizierte Datenschutzbeauftragte (TÜV)

T (+49) 040 / 7344 086-0
mail@sbs-legal.de

Bewertungen

Provenexpert.com

5,00 171 Bewertungen

https://www.provenexpert.com/sbs-legal-rechtsanwaelte

Anwalt.de

5,0 97 Bewertungen

https://www.anwalt.de/sbs-legal-rechtsanwaelte

Google.com

5,0 63 Bewertungen

https://www.google.com/search?&q=sbs-legal

Facebook.com

5,0 14 Bewertungen

https://www.facebook.com/SBS-LEGAL-Rechtsanw%C3%A4lte

Data Protection Law

General Data Protection Regulation & Privacy Policy – Your Data Protection Lawyer at SBS LEGAL

Data protection has become a daily legal challenge for businesses. At SBS LEGAL, we specialize in data protection law, with a focus on the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Our services go far beyond just drafting privacy policies for SMEs.

Data protection law is part of IT law but also intersects with employment law, competition law, copyright law, and other legal fields.

Comprehensive Legal Support in Data Protection

As specialists in data protection law, we advise you on all legal aspects and assist you with:

Drafting customized privacy policies for your website, app, or social media presence
Defending against GDPR warnings and preliminary injunctions
Representation in regulatory fine proceedings
Legal support for PR and marketing activities (emails, surveys, contests, photo usage)
GDPR compliance in e-commerce, online shops, and digital platforms
Reviewing contracts for data protection compliance
Assessing the need for a Data Protection Officer (DPO) or EU Representative
Conducting data protection audits (in cooperation with our SBS Data GmbH)
Securing international data transfers (customer data, leads, etc.)
Drafting Data Processing Agreements (DPA) and Joint Controller Agreements
Creating required consent texts for data processing
Advising on employee data protection obligations
Developing compliance policies and guidelines

Looking for a TÜV-certified data protection officer? You’re in the right place.

GDPR – Immediate Legal Assistance from a Data Protection Lawyer

The General Data Protection Regulation (GDPR) has been in force since May 25, 2018. Its purpose is to harmonize data protection standards across the EU and strengthen individuals’ rights to control their personal data.

At the heart of GDPR is Article 6, which sets out the lawful bases for data processing. Processing is legal only when:

a) Consent has been given by the data subject
b) It is necessary for contract performance or pre-contractual measures
c) It is required by legal obligation
d) It protects vital interests
e) It serves a task in the public interest
f) There is a legitimate interest of the controller

Consent Requirements

Consent is a cornerstone of lawful data processing under GDPR. It must be freely given, specific, informed, and unambiguous – and never obtained through pre-filled or pre-checked boxes.

Consent must be revocable at any time without negative consequences. The “coupling ban” prohibits tying services to unnecessary data processing.

In employment relationships, special care must be taken to ensure that consent is truly voluntary due to the power imbalance.

Privacy Policy Requirements

A privacy policy must clearly outline:

The scope of data collection
The identity of the data controller
The types of data processed
The right to withdraw consent at any time
Any use of services like Google Analytics, Facebook plugins, cookies, or payment providers

Consent should be documented in a verifiable way, as the data controller bears the burden of proof.

Heavy Fines for GDPR Violations

Failure to comply with GDPR – especially Articles 5 and 6 – or failure to meet transparency requirements in the privacy policy can result in fines of up to €20 million or 4% of global annual revenue.

To avoid this, strict adherence to GDPR principles when collecting, processing, or using personal data is essential.

Consent Under the Art Copyright Act (KUG)

In certain cases, consent must also comply with other laws. For example, the publication of a photograph showing a recognizable person may require consent not only under GDPR but also under the German Art Copyright Act (KUG).

Can You Be Warned Under GDPR?

For years, courts debated whether GDPR violations could trigger competition law warnings. In 2020, the German legislature intervened with major reforms to the Unfair Competition Act (UWG).

According to §13 UWG:

GDPR breaches may still be subject to warnings
No warning costs may be charged to companies with fewer than 250 employees
Companies with fewer than 100 employees cannot be forced to sign cease-and-desist declarations for first-time violations

These rules significantly limit the practical impact of GDPR-related warnings for small and medium-sized enterprises.

Privacy Compliance, Legal Expertise & Strategic Guidance

Our experienced data protection attorneys and TÜV-certified data protection officers offer sound legal advice and practical business solutions.

Get in touch for a free initial consultation.

We look forward to supporting you with expert legal and compliance services.