Lawyer for data protection
Professional advice for legally compliant compliance
Tried-and-tested solutions that won't slow down your business
Combined expertise in IT law and criminal law for maximum security
Fast support for acute data protection issues
Tried-and-tested solutions that won't slow down your business
Combined expertise in IT law and criminal law for maximum security
Fast support for acute data protection issues
- Specialist lawyer for criminal law
- Specialist lawyer for IT law
- Top rated by clients
- Over 15 years of experience
- Specialist lawyer for criminal law
- Specialist lawyer for IT law
- Top rated by clients
- Over 15 years of experience
When it gets personal! - The complexity of data protection law
Do you understand the challenges of modern data protection?
Do you feel overwhelmed by the ever-increasing complexity of the GDPR? Are you worried about overlooking important aspects or restricting your business processes due to excessive data protection requirements?
We understand these concerns. As a specialized law firm for Data protection law we support companies every day in implementing legally compliant and practicable solutions. Our expertise combines a profound understanding of IT with sound legal knowledge - so that you can concentrate on your core business while we ensure your data protection compliance.
Your path to greater data protection security
Non-binding initial consultation
We analyze your current situation and identify the specific need for action.
Tailor-made solution proposal
You receive a clearly structured action plan with a time frame and cost overview.
Professional implementation
We implement the agreed measures and support you as a competent partner in the long term.
Our data protection expertise for your company
External data protection officer
Implementation of data protection management systems
GDPR compliance checks and optimization
Immediate data protection assistance in the event of incidents
International data transfers
Training courses and employee workshops
Creation and review of data protection declarations
Drafting contracts in data protection law
Representation in official proceedings
Preventive data protection advice
Assistance in your case
Customized data protection solutions in detail
External data protection officer
Our experienced data protection officers take on all legally prescribed tasks for your company. We analyze your business processes, implement the necessary measures and are in continuous dialogue with your specialist departments. Thanks to our combined IT and legal expertise, we not only ensure legal compliance, but also the practical feasibility of all measures. You benefit from a dedicated contact person who understands your industry and business processes.
Implementation of data protection management systems
We develop a tailor-made data protection management system for you that integrates seamlessly into your existing processes. We start by analyzing your current processes and identifying potential for optimization. We then work with you to develop practicable solutions that both comply with legal requirements and support your business processes. Implementation takes place step by step and is accompanied by training and clear documentation.
GDPR compliance checks and optimization
Our systematic compliance check gives you a comprehensive overview of the current status of your data protection compliance. We check all relevant documents, processes and technical measures for GDPR compliance. Based on the results, we develop a concrete action plan for optimization. In doing so, we always take the proportionality of the measures into account and focus on pragmatic solutions.
Immediate data protection assistance in the event of incidents
In the event of a data breach or official inquiries, we react immediately to prevent damage to your company. Our team of experts will take over the legally required notification to authorities, coordinate communication with those affected and develop immediate measures to limit the damage. Thanks to our experience in dealing with critical data protection incidents, we can act quickly and effectively.
International data transfers
We support you in the legally compliant design of international data transfers, taking into account current case law and regulation. From the selection of suitable transfer mechanisms to the implementation of necessary additional measures, we accompany you through the entire process. In doing so, we take into account both the legal requirements and your operational needs.
Why Sittig Law?
Sittig Law stands for the successful combination of sound legal expertise and a profound understanding of IT. Our law firm specializes in translating complex data protection requirements into practicable business solutions. Through the unique combination of IT law and criminal law expertise, we offer holistic protection for your company.
We always think preventively and develop tailor-made solutions that are geared towards your specific business processes. Our experienced team has already successfully supported numerous companies in the implementation of data protection management systems and assisted them in critical situations such as data breaches or fine proceedings.
With us, you have a reliable partner at your side who reacts quickly to acute issues and thinks strategically in the long term. Through regular updates and a fixed contact person, we guarantee continuous, trusting cooperation.
Frequently asked questions
A data protection officer is required if at least 20 people are constantly involved in the automated processing of personal data or if particularly sensitive data is processed. A data protection officer is also required for core activities that require extensive data processing.
The GDPR provides for fines of up to 20 million euros or 4% of annual global turnover - whichever is higher. The specific amount depends on various factors, such as the severity of the breach, the number of data subjects affected and the company's behavior after becoming aware of the breach.
A data protection-compliant website requires at least:
- A complete privacy policy
- A legally compliant cookie banner
- Secure contact forms with data protection notices
- Encrypted data transmission (SSL/TLS)
- Legally compliant integration of analysis tools and social media plugins
Since the Schrems II ruling, companies must take particular care when transferring data to third countries. A documented review of the level of data protection in the destination country, the conclusion of standard contractual clauses and the implementation of additional technical protective measures are required.
Data breaches require immediate action: After immediate containment, the supervisory authority must be informed within 72 hours. If the risk is high, those affected must also be notified. Thorough documentation and preventative measures complete the crisis management process.
The following points must be observed for legally compliant newsletter marketing:
- Clear consent of the recipient (double opt-in)
- Transparent information about data processing
- Functioning unsubscribe link in every newsletter
- Documentation of the consents
- Regular cleanup of the distribution list
The use of tracking tools requires:
- User consent before tracking
- Transparent information on type and scope
- Data protection-compliant use of the tools
- Regularly check the settings
- Documentation of the implemented measures
The GDPR guarantees data subjects comprehensive control rights over their data. This includes the right of access, rectification and erasure as well as the possibility of data portability. They can also restrict or object to the processing of their data. Companies must implement these rights within defined deadlines.
According to Art. 30 para. 1 GDPR, the record of processing activities must contain the following information: Names and contact details of the controllers, processing purposes, categories of data subjects and data and their recipients. Transfers to third countries must also be documented.
The use of cloud services requires a well thought-out data protection concept. Companies must clarify the legal basis, conclude order processing contracts and implement appropriate technical protective measures. It is particularly important to check the storage location and carry out regular security checks to ensure data protection compliance.