Lohmanns Lankes & Partner » Focus Areas » IT & Data


Legal partner for data governance and compliance

Data is an indispensable and important asset in the digital environment and modern business life. The handling of data as an economic asset is increasingly becoming the focus of legislators (e.g. EU Digital Markets Act, EU Digital Service Act). The increasing complexity of data regulatory requirements presents companies with constantly growing challenges, but also new opportunities. On the one hand, there is an interest in the legally compliant procurement and use of data; on the other hand, the commercial use of one’s own data as a key corporate asset should be controlled and sustainable. The commercial use of data therefore depends on the implementation of a legally compliant data governance strategy. LLP Law|Patent supports its clients in the effective management and control of their data within the framework of a solid data governance strategy that meets both company-specific needs and legal requirements.

Optimized drafting of contracts and data protection notices

LLP Law|Patent supports its clients in drafting contracts within the data economy. On the one hand, data can be a core component of the services owed or a separate commodity, e.g. in the context of data usage agreements. It must therefore be given special consideration when drafting contracts. However, there are also often mandatory legal provisions for the conclusion of special contracts relating to the processing of data. In future, the EU “Data Act” will only permit the use of so-called raw machine data if a corresponding user agreement has been concluded between the user of the product that generates the data (e.g. vehicle owner, IoT device or machine owner) and the party that actually generates the data (e.g. automotive OEM, IoT product or service provider, machine manufacturer, etc.).

If, for example, personal data is processed on behalf of a controller by a processor (“data processor”), the conclusion of a contractual agreement (data processing agreement) with extensive rights and obligations of the parties to ensure responsible handling of personal data is mandatory. Even in the context of joint processing of personal data as joint controllers, European data protection law specifies regulatory content for determining the function and relationship of the parties and the distribution of tasks (“Joint Controllership Agreement”). LLP Law|Patent handles the legal aspects of contract management in data protection law for its clients, such as the review or drafting of data protection contracts, data protection guidelines, data protection notices or company agreements.

Uniform advice from lawyers and external data protection officers

Any processing of personal data, whether its collection, storage, transmission or other use, must comply with the provisions of the EU General Data Protection Regulation (GDPR) and its applicable national implementations (e.g. the German Federal Data Protection Act (BDSG)) as well as any industry-specific regulations. LLP Law|Patent advises its clients on all aspects of data protection law relating to the processing of personal data. Our expertise ranges from assessing the permissibility of individual data processing operations to carrying out privacy impact assessments (PIAs). We advise our clients on the notification of data protection breaches and the procedure for dealing with data protection supervisory authorities.

We are also experienced in fulfilling accountability requirements under data protection law. This includes the drafting of records of processing activities and the creation of comprehensive data protection concepts for the implementation of and compliance with data protection in the company, which always take into account the specific requirements of a company. Data protection does not have to be at odds with innovation and business: We incorporate our years of expertise in advising technology-driven companies and knowledge of the industry into the development of solutions individually tailored to our clients and their processes. We support company managers, internal legal and data protection departments and data protection officers. Alternatively, our subsidiary LLP Data Protect provides the services of an external data protection officer to save our clients the resources and costs required to employ an internal data protection officer.