Privacy Law


The provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other relevant laws protect the right to informational self-determination. This should protect individuals by processing their personal data and requires always a legal basis for processing.

Especially in the case of electronic processing of personal data, companies have to comply with the applicable privacy regulations. Introduction of new software applications must usually be checked beforehand, possibly as part of a privacy impact assessment. In particular, the risks for data subjects must be determined and managed during their data processing.

In addition to such individual audits, companies have numerous other obligations, especially with regard to the documentation of privacy processes. The effort is considerable and cannot usually be managed with internal resources only. Operating data protection officers are commonly overstrained, as the creation of all documents is delegated to them. It often does not work without external expert support.

In order to avoid fines and claims for compensation, companies should take privacy requirements seriously and not deal with them as a side issue. Gaps in IT systems, in particular, can result in a loss or even misuse of personal data and impair a company’s image.

MORGENSTERN provides competent and comprehensive advice in the area of privacy law and deals especially with the following topics: