Data Privacy Consulting for International Clients

Our data privacy consulting guides you through the applicable legal rules in Germany and the EU and ensures your company’s compliance with the rules of the EU General Data Protection Regulation (GDPR) and other specific privacy laws.

In the past years, we have been working actively with companies and institutions introducing new business models to the EU market, e.g. in the health sector, or in the advertising industry.

For companies outside the EU, we also offer services as a European representative or European DPO according to GDPR. Contact us now! 

We offer different consulting packages, including an analysis of the existing level of data privacy in your company and identify potential lacks and risks. Our Clients receive a detailed report of the check-up results as well as concrete recommendations to improve the existing level of compliance, and a suggestion for an individual data protection concept. Our concept is built on the conviction that a high level of data privacy facilitates the realization of new business models and actively contributes to the success story.

Our data privacy consulting is based on the Client’s individual needs and may include the following topics:

  • the use of cloud services including questions of appropriate Technical and Organizational Measures
  • the processing of sensitive data (health data, social data)
  • IT security law, in particular in sectors of critical infrastructure (e.g. health, transport, IT & telecoms)
  • Identifying options for privacy certifications & giving a Legal Expert Opinion for the EuroPrise Privacy Seal
  • rights to transfer and sell data
  • “ownership” questions of data
  • anonymization and pseudonymization of personal data
  • data processing agreements (DPAs) and joint controller agreements
  • data from website users (tracking data/webanalytics)
  • data privacy requirements for online marketing
  • the use of employee data
  • solutions for data protection audits
  • the use of internet and email for private purposes
  • the use of private hardware for professional use (Bring Your Own Device)
  • prospective changes in the legal situation (e.g. envisaged EU E-Privacy Regulation)
  • communication with regulatory authorities and respective proceedings and controls, if necessary

If you have any questions please contact me:

Dr. Jana Jentzsch

Jana is a bar-certified lawyer for information technology law and EuroPrise Certified European Privacy Expert – Legal. She advises international clients in EU data privacy law.

Call us: +49 40 22 86 83 86 0  or e-mail us

Jana Jentzsch studied law at the Universities of Bonn, Milan (Italy) and Cologne. During her studies, she worked as a freelance journalist for a publishing house in Bonn. After passing the First State Examination, she earned a Master of Laws (LL.M.) degree in International Air and Space Law from the University of Leiden (Netherlands). As part of the LL.M. degree, she completed traineeships at the Permanent Court of Arbitration in The Hague and the European Space Agency in Paris. Jana wrote her doctoral thesis in English at the University of Cologne under the supervision of Prof. Dr. Stephan Hobe („Satellite Imagery for Verification and Enforcement of Public International Law“).

During the clerkship for the bar exam, Jana worked in the business and press departments of the German Embassy in Washington D.C. After the Second State Examination in 2005, she was admitted to the Frankfurt bar. Jana worked as an attorney at the international business law firm Lovells (now merged to Hogan Lovells LLP) in Frankfurt in the practice group technology, media, telecommunications (TMT). Subsequently, she moved to Hamburg and worked in the prominent Hamburg media law firm Prinz Neidhardt Engelschall. During this time, Jana represented companies and individuals in high-level media law disputes.

Jana is particularly interested in cases which involve software licensing, software maintenance, software projects and data processing.

2015
Requirements for Lawful Cloud Computing, Hamburg, April 2015
Legal Framework of Software License Audits, Stuttgart, March 2015
Applicability of SAP’s General Terms and Conditions, Cologne, March 2015
SAP: Legal Framework of License Audits and Indirect Usage, Berlin, February 2015
Used Software and License Audits, Berlin, February 2015

2014

Liability Risks in Data Protection and Data Security, Hamburg und Düsseldorf, November 2014
Software License Optimization from a Legal Perspective, Stockholm, October 2014
Legal Framework of License Audits, Munich, May 2014
Legal Framework for Used Software according the the ECJ-Judgment of 3 July 2012, Leverkusen, May 2014
Current Legal Issues Arising with Used Software, Berlin, Februar 2014

2013

Legal Framework for Used Software according the the ECJ-Judgment of 3 July 2012, Hamburg and Cologne, November 2013
“Data Protection – Important Topics for Executives”, Hamburg, September 2013
“Bring Your Own Device (BYOD) – Legal Aspects”, Hamburg, September 2013

IT-Security and Certification

In the past years, legal questions related to IT security have considerably gained significance, in particular since the IT Security Act became effective in 2015. But not only the IT Security Act regulates standards for IT security. There are various directives of the Federal Authorities which must be considered when deciding about security measures for IT systems and data. Certain obligations can be derived from the provisions of GDPR and national privacy laws as well.

In order to reach legal compliance with IT security and data privacy laws, appropriate technical and organizational measures need to be implemented. Technical measures are those that directly involve the IT system. Organizational measures, on the other hand, relate to the system’s environment and particularly to the people using it. Only an interplay of both types of measures can prevent data from being lost or completely destroyed and errors, fakes and unauthorized access from occurring. These measures are part of the life cycle of an IT system and must be implemented at every level of the system.

We check if your internal processes and standards meet these requirements. If necessary, we cooperate with technical experts in the field who have competencies e.g. to conduct ISO 27001 or BSI certifications.