Core competencies

Know-how, efficiency and professionalism ensure legal quality

Data Protection-GDPR 2018

The General Data Protection Regulation (GDPR) entered into force on 25 May 2018. The GDPR applies to every company that processes personal data. The size of the company is irrelevant - the GDPR applies to sole traders as well as multinational corporations.

Despite the GDPR coming into force, many companies have so far not dealt with data protection or have done so only inadequately, so that there is still a considerable need for implementation. The implementation of GDPR within a company is a duty of care on the part of the entrepreneur or managing director, who may also be personally liable with his own assets in the event of a breach.

Affected parties have the right to assert their rights both in administrative proceedings before the data protection authority and in legal actions. Those who fail to implement the GDPR inevitably run the risk of being held liable under civil and administrative law. Violation of the GDPR by companies also constitutes a breach of competition law. Injunctions against infringers are possible and can be expensive.

Penalties were drastically increased by the GDPR. Violations of the formerly applicable Austrian DSG 2000 were limited to penalties of up to EUR 10,000 and EUR 25,000 respectively. According to the GDPR, violations of the law will be sanctioned with penalties of up to EUR 20,000,000 or up to 4% of the worldwide annual turnover achieved.

Our services include:

  • Implementation of the information duties of the GDPR: data protection information and privacy policies (website, cookie policy, newsletter, e-mails, social media)
  • Data protection information in general terms and conditions and contracts 
  • Electronic Communication and marketing
  • Consent
  • Implementation of documentation obligations (consent, deletion of data, etc.)
  • Records of processing activities
  • Technical and Organisational Measures (TOMs)
  • Verification of business models and data processing
  • Data protection for outsourcing, IT and cloud computing
  • Data processing
  • International data transfer
  • Employee data protection
  • Data Protection Impact Assessment
  • Data Breach Notification
  • Dealing with data subjects' rights - provision of information, deletion of data
  • Reporting and authorisation procedures before the data protection authority
  • Trainings, Workshops, Trainings