Common Data Protection Topics

Product Compliance
Artificial Intelligence
Group Data Protection
Marketing
Employee Data
Protection
Training
Tools / Services
Data Transfer
Health Data
Data Act and the GDPR
Website Compliance
Data Analysis
Whistleblowing
Data Processing Agreements
Data Deletion
Data Breaches
Policies and Guidelines
CCTV
Supervisory Authorities
Complaints
Documentation
Data Protection Impact Assessment
Privacy Policies
You are here:

Group Data Protection

Within corporate groups, an intensive exchange of personal data often takes place. Clearly defining responsibilities, ensuring a legal basis for intra-group data transfers, and establishing uniform standards are crucial for compliance.

Our Support for You

We help you establish a clear and data protection-compliant structure for data exchange within your corporate group.

This includes analysing and assessing data flows, advising on determining data protection roles (joint controllership, data processing), assisting in the review of internal data protection agreements (e.g., Joint Controller Agreements or Intra-Group Data Transfer Agreements), and harmonising data protection standards and processes across different companies.
Talk to us about data protection in your corporate group →

Compliance Requirements

The core obligations of the GDPR: an overview of the fundamental requirements for your company.

Data Protection Management

A clear structure and defined responsibilities are the foundation of any sustainably successful data protection management. We help you to embed data protection principles within your company, establish clear accountabilities, and foster a lasting data protection culture through policies and training.

How we support you:

  • Establishing clear data protection roles
  • Developing internal policies
  • onducting practical training sessions

Documentation and Accountability

The extensive documentation and accountability obligations are the basis for robust and sustainable data protection compliance. In particular, a meaningful Record of Processing Activities (“ROPA”) is fundamental for assessing risks and for providing information to supervisory authorities.


How we support you:

  • Creating and structuring of the ROPA
  • Reviewing existing documentation
  • Continuous maintenance and updating

Legal Bases

The lawfulness of data processing requires an applicable legal basis. We support you in the precise identification and robust documentation of this crucial compliance prerequisite.

How we support you:

  • Reviewing identified legal bases
  • Advising on specific questions, e.g., regarding legitimate interests
  • Support in handling consent matters

Data Transfers

Whether it's data processing agreements, intra-group data flows, or international transfers, we support you in meeting the complex legal requirements and advise you on identifying and minimising data protection risks.

How we support you:

  • Advice on data protection structuring
  • Reviewing documents and contracts (e.g., DPAs, SCCs, DTIAs)
  • Information on current legal developments (i.e., for third-country transfers)

Information and Transparency

Transparency is a cornerstone of the GDPR. You must inform data subjects clearly and comprehensibly about the processing of their data (e.g., through privacy notices).

How we support you:

  • Drafting and reviewing privacy notices
  • Ensuring information obligations are met
  • Advice on transparent communication

Data Subject Rights

The GDPR grants data subjects extensive rights regarding their personal data (e.g., access, deletion). Handling data subject requests efficiently, timely and in compliance with all legal requirements, including current judgements, is essential.

How we support you:

  • Implementing processes for fulfilling data subject rights
  • Drafting response letters
  • Support with complex requests

Data Security and Risk Management

The protection of personal data requires appropriate technical and organisational measures (“TOM”). A comprehensive risk assessment and, where necessary, a Data Protection Impact Assessment (“DPIA”) help to identify and implement suitable measures.

How we support you:

  • Assessing the adequacy of TOM
  • Support with risk assessments
  • Guidance on Data Protection Impact Assessments

Data Protection Incidents

Despite all precautions, incidents that qualify as data breaches can occur. Swift and comprehensive action, while adhering to notification deadlines for supervisory authorities and data subjects, is crucial to limit further adverse effects.

How we support you:

  • Developing a data breach management process
  • Support in assessing incidents
  • Guidance during the supervisory authority notification process

Deletion and Retention

Personal data may only be stored for as long as is necessary for the purpose or as required by statutory retention periods. A structured deletion concept is therefore essential.

How we support you:

  • Developing deletion concepts
  • Advice on data minimisation
  • Support with processes for implementing the deletion concept
Read more →

Not what you were after?

Reach out to us.

Contact
Your external data protection officer
Empowered by the experience of a
leading law firm in data protection.
Frequently asked questions

Common Data Protection Topics

Product Compliance Group Data Protection Employee Data Protection Marketing Measures Training Tools and Services Health Data Website Compliance Data Analysis Data Processing Agreements Training and Use of AI Data Sharing Data Act CCTV Data Deletion Data Protection Impact Assessment Policies and Guidelines Privacy Policies Whistleblowing Supervisory Authorities Complaints

Compliance Requirements

Data Protection Management Documentation Obligations Accountability Legal Bases Data Transfers Third-Country Transfers Information Obligations Transparency Obligations Data Subject Rights Data Security Risk Management Data Breaches Deletion and Retention

Legal and Contact

Contact Privacy Notice Imprint
OC Services GmbH, Innere Kanalstraße 15, 50823 Cologne, Germany
Registration Court: Local Court of Cologne, HRB 92393
Managing Director: Gereon Abendroth, Nicolas Gabrysch-Wolff, Dr Marc Störing
Language: