This website uses cookies so that we can provide you with the best user experience possible. Our Cookie Notice is part of our Privacy Policy and explains in detail how and why we use cookies. To take full advantage of our website, we recommend that you click on “Accept All”. You can change these settings at any time via the button “Update Cookie Preferences” in our Cookie Notice.
Technical cookies are required for the site to function properly, to be legally compliant and secure. Session cookies only last for the duration of your visit and are deleted from your device when you close your internet browser. Persistent cookies, however, remain and continue functioning on repeat visits.
CMS does not use any cookie based Analytics or tracking on our websites; see details here.
Personalisation cookies collect information about your website browsing habits and offer you a personalised user experience based on past visits, your location or browser settings. They also allow you to log in to personalised areas and to access third party tools that may be embedded in our website. Some functionality will not work if you don’t accept these cookies.
Since the early 1970s, data protection law has evolved from being something rather “exotic” into a ubiquitous field of regulation. Digitisation and the steadily increasing importance of (personal) data as economic assets and production factors were key drivers behind the ongoing development of a strict regulatory framework.
The data protection team at CMS has been following these developments for more than two decades. Our approach combines strong legal specialisation with a cross-practice perspective and deep understanding of sector and application-specific requirements. It is pragmatic, risk aware and interdisciplinary.
| Our Services | |
|---|---|
| Strategy & concepts Sustainable risk management with regard to data protection goes beyond dealing with individual issues. We provide advice on all aspects of developing, implementing and updating strategies and plans, from introducing new business models to taking a comprehensive look at company-wide and group-wide approaches. | International Global data flows are an essential part of business operations for international companies. At the same time, regulation at international level is intensifying: there are few blank areas left on the global data protection map. We can assist with international data protection projects, working together with teams from within the CMS organisation and beyond. |
| Emergencies Data protection emergencies have long been part of our portfolio, alongside ongoing advice. Our services range from legal advice on security incidents/data breaches to support with internal investigations and similar compliance projects. In an emergency in particular, we see our role as complementing internal stakeholders. We are familiar with working in interdisciplinary teams under time and deadline pressure. | Enforcement, claims & litigation Data protection has long ceased to be a “toothless tiger”: breaches of the law can result in enforcement action by supervisory authorities (including fines), individueal claims by data subjects or other liability issues. We are familiar with the forensic view on data protection law and regularly represent clients before supervisory authorities and in courts, including in class-action lawsuits. |
| Housekeeping A relevant number of data protection requirements need detailed work, ranging from implementing documentation and information requirements (such as the register of processing activities, or privacy notices) to dealing with data subjects’ rights. We have been handling this kind of data protection housekeeping for many years and provide support around all these issues: pragmatic, risk aware and always very mindful of the risk to the company’s reputation. | Intersections Data protection law does not exist in a vacuum; it intersects with many other areas of law. In employee data protection, for example, employment law has a significant impact on how matters are assessed under data protection law; various sectors have intersections with sector-specific regulatory frameworks. These intersections have been a major part of our interdisciplinary approach to legal advice for many years. Given the increasingly widespread nature of “digital regulation”, this aspect is set to remain highly relevant. |
The Data Law Navigator (EN) provides a quick overview of the legal framework for data protection and cyber security in selected countries in Europe, the Middle East, Africa, Asia and Latin America.
To compile the GDPR Enforcement Tracker (EN), our team has been tracking data protection fines in the public domain in Europe since May 2018. Our database is continuously updated and includes filters (e.g. by country or main violation), search functionality and statistics.
The GDPR Enforcement Tracker Report (EN) is our annual deep dive on how data protection fines are being applied in practice across Europe. It includes an executive summary, facts and figures, as well as insights and background information broken down by sector and country.
We follow case law on GDPR damages in Germany and provide a continuously updated overview of judgments and developments (DE).
Write us a message and we will get in contact.
Thank you for contacting us. We will get back to you soon.
%20(3).jpg?v=3)
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.