Data Protection & Privacy

We specialise in all aspects of the General Data Protection Regulation (GDPR): from privacy notices to Data Protection Impact Assessments (DPIAs) and Legitimate Interest Assessments (LIAs). We support clients with international data transfers, negotiations on data processing agreements and the drafting of joint controller arrangements. Our clients particularly value our fast-track GDPR implementation programmes, which can be completed within 2 to 3 weeks.

In addition to hands-on implementation, we take a strategic view of data protection as a valuable driver of innovation. We assist with personal data breaches, notifications to the Data Protection Authority and privacy due diligence in M&A transactions. For a select group of clients, we provide DPO-as-a-Service (external Data Protection Officer) and deliver interactive in-company training courses that foster a sustainable, privacy-aware culture.

Algorithms & AI

Artificial intelligence and the AI Act are ushering in a new era for organisations. We help clients develop responsible AI systems and products that comply with the EU AI Act without slowing down innovation. Our advice is practical, transparent and aligned with both legal and technical realities. We are even building our own AI Paralegal to understand AI in practice.

We advise on AI impact assessments, transparency reporting, model risk classification and internal AI governance, and we draft contractual terms for AI services. We also provide in-house training on the responsible internal use of AI models such as ChatGPT, Copilot, Claude and Perplexity, ensuring that your innovation grows responsibly.

Cyber Security & Resilience

In a world of geopolitical tensions, cyber resilience is essential. We help clients comply with the NIS2 Directive and DORA, providing clear guidance, policy documentation and practical tools.

Our services include gap analyses, incident response plans, third-party governance and DORA addenda. We assist IT vendors that are indirectly in scope of DORA in structuring their contracts and processes so that financial-sector clients can continue to work with them with confidence. Cyber resilience is not only a technical requirement, but a human responsibility within every organisation.

Data & Online Platforms

Every day, we create vast amounts of data and content: from YouTube videos to online reviews, and through the use of AI tools and IoT products. This digital economy offers opportunities, but also complex regulation. We help organisations navigate the overlapping obligations under the Data Act, Data Governance Act, DSA, DMA and EHDS.

We draft data-sharing agreements, API terms and platform terms of use that combine compliance with commercial flexibility. For platforms in scope of the DSA, we offer fast-track implementation projects and design content moderation and transparency frameworks. In the healthcare sector, we support clients in developing EHDS-compliant data access models.

IT & Innovation

We have many years of experience, not only as external counsel but also as in-house lawyers at IT service providers and major financial institutions. As a result, we understand both the buy-side and the sell-side of complex IT contracts. This enables us to reach workable solutions more quickly, so that negotiations do not stall but lead to partnership and, ultimately, innovation.

Our clients are creating the future. That is why our mission is: “As a committed legal partner, we help innovative clients shape our shared future through creative legal solutions, so that EU data legislation accelerates innovation rather than obstructing it.”

We use AI tools ourselves to work more efficiently and are developing our own AI Paralegal to automate repetitive tasks. We support innovative organisations in the transitions they are undergoing, always with the client’s perspective at the forefront. Discover how we make regulation work for your innovation.

Digital Health & Healthcare Providers

Innovation in healthcare requires a careful balance between patient safety, data protection and technological progress. We assist healthtech companies, device manufacturers and healthcare providers with compliance under the MDR, EHDS, GDPR and AI Act.

We provide support with clinical evaluations, documentation, classification of software as a medical device and AI transparency. In addition, we advise on cross-border data sharing and the governance of the secondary use of health data. Our multidisciplinary approach accelerates safe innovation and makes regulation workable in practice.