Data Protection

Legal Obligation


As a business with 10 or more people involved in data processing, you are legally obliged to have a data protection supervisor. Even if your business has a smaller number of employees and sensitive data processing procedures, a data protection supervisor can be of use.

Apart from the legal obligation, under the influence of the auditing standard of the Institute of Aditors, the data protection compliance has turned the ISW PS 980 into the focus of auditors. Practice, however, shows that the issue of manager liability regarding IT security is significantly increasing. Therefore, you must fully be prepared for an inspection visit of the responsible supervisory authorities.

You can have an employee as a data protection supervisor. Please note that this employee is not allowed to work on management level, he must have specialist knowledge and must enjoy extra protection against dismissal.

External Data Protection Supervisor – Effective Data Protection for your Company


On the other hand, an alternative is to have an external data protection supervisor.

We at PLANIT // LEGAL perform all tasks of the external data supervisor. In this function we make sure you receive appropriate data protection organization. If this does not yet exist, we will build one up together with you. If you have dealt with an external data protection supervisor in the past, we will work seamlessly together.

If you are interested, we will provide you with an individual offer!

European Data Protection Officer


Data protection requirements are not restricted to national borders. European and International companies should therefore in particular consider affiliates located in other EU- and international jurisdictions for their data protection compliance strategy and adjust their data protection compliance organization accordingly. Implementing a European Data Protection Officer is therefore prudent today and will be a direct legal obligation for many companies under the coming EU Data Privacy Regulation.

PLANIT // LEGAL Lawyes have great experience in advising on national and international data protection law as Data Protection Officers. In cooperation with our international partner firms, we have the know-how for tailoring your European or International data protection compliance organization.

Please be in touch for an offer for being your European Data Protection Officer.

European Data Protection Officer


Controllers and Processors processing personal data of EU/EEC citizens without establishment in the EEC must appoint EU Representatives. The EU Representative is point of contact for data protection authorities and data subject in any data protection matters. The duty to appoint EU Representatives under the EU Data Protection Regulation applies to any company processing personal data of EU/EEC citizens for offering goods or services or monitoring their behaviour. These requirements are easily fulfilled, e.g. by operating an online-shop addressing EU/EEC citizens.

Please be in touch for an individual offer for PLANIT // LEGAL services as EU Representative.

Status Quo Analysis


We will check your business for compliance with the data protection regulations in force by performing a thorough and comprehensive inventory. In doing so, we will show you ways to adapt in areas which may need adjustment. This includes an in-depth analysis of the relevant documentation regarding data protection, the IT processes employed by the business under scrutiny and the technical and organisational measures for data protection. Moreover, our inventory includes at least one on-site meeting and a concluding joint review of the results.

In the course of the inventory process we generally identify several measures which have to be implemented in order to ensure compliance of your data processing with the Federal Data Protection Act (BDSG). This may include drafting of the required documentation, conclusion of agreements, instruction and training of your staff, and possibly also adaptation of individual operating procedures. In case of an assignment as External Data Protection Officer, we will assist you energetically and efficiently in dealing with the related tasks at hand.

Training Seminars & Workshops


Legal requirements of data protection include proper staff training measures. We are happy to arrange this for you by training your employees on site – throughout Northern Germany and beyond – or in our Hamburg premises.

Naturally, we adjust our seminar contents to your line of business, to the characteristics of your company and also to the amount of prior knowledge of your employees. It goes without saying that e. g. the employees of an IT service provider have to deal with another set of data protection issues on a daily basis than the employees of a manufacturing company or a hospital.