Home / Expertise / TMC - Technology, Media & Communications / Data Protection Law & IT Security Law

Data Protection Law & IT Security Law


  • Advice on data protection-compliant structuring of all business models and internal/external processes which involve personal data of customers, employees or other third parties
  • Design, preparation and negotiation of data protection and compliance strategies at group, corporate, departmental or process level (including possible collective employment law aspects, where we bring in colleagues who specialise in the field)
  • Advice on the technical aspects of system data protection and on related legal issues in connection with the acquisition, creation, use and analysis of information
  • Dealing with data protection regulators and representation before these public bodies
  • Appropriate intervention in the event of a crisis involving actual or alleged data protection violations within the company


For us, data protection law is not just a “fashionable” new area of law. We have long practical experience of advising and representing German and international clients across a wide range of industries. Our approach combines strong legal specialisation with expertise in sector and application-specific requirements and concepts that has been gained through our work. We provide support and advice on structuring business models in compliance with data protection regulations, enabling such models to be implemented in an environment where privacy and personal rights are becoming increasingly sensitive issues.

Read more Read less


Kanzleimonitor 2016, 2017

CMS Hasche Sigle also put strong emphasis on this area by building up data protection expertise at every office.

JUVE German Commercial Law Firms 2015 (GCLF)
GDPR En­force­ment Track­er Re­port
The GDPR En­force­ment Track­er Re­port aims to provide you with valu­able in­sights...


Show only
CMS ad­vises RS­BG SE on ac­quis­i­tions for Ad­vanced Man­u­fac­tur­ing di­vi­sion
Co­logne – RS­BG SE, the in­vest­ment com­pany of the RAG-Stif­tung found­a­tion, is ex­pand­ing its Ad­vanced Man­u­fac­tur­ing di­vi­sion. The com­pany re­cently ac­quired 100% of the shares in Mul­ti­photon Op­tics GmbH...
05 March 2021
Data pro­tec­tion and cy­ber­se­cur­ity laws in Ger­many
Data pro­tec­tion 1. Loc­al data pro­tec­tion laws and scope Data pro­cessing op­er­a­tions are gov­erned by the Fed­er­al Data Pro­tec­tion Act (Bundes­datens­chutzge­setz – BDSG) of 30 June 2017, as last amended...
December 2020
CMS Tech­no­logy, Me­dia & Com­mu­nic­a­tions Glob­al Bro­chure
The chal­lenges arising from data are count­less and in­es­cap­able in our matur­ing tech­no­lo­gic­al land­scape. To fu­ture-proof your or­gan­isa­tion, and un­lock op­por­tun­ity from your data, you need alert and ex­per­i­enced...
CMS ad­vises Plastic Om­ni­um on es­tab­lish­ment of Joint Ven­ture with El­ringK­linger
Dus­sel­dorf/Vi­enna - In or­der to drive for­ward the de­vel­op­ment of hy­dro­gen mo­bil­ity, the two auto­mot­ive sup­pli­ers El­ringK­linger and Plastic Om­ni­um will cre­ate a joint ven­ture for the de­vel­op­ment and large-scale...
28 September 2020
GDPR En­force­ment Track­er Re­port
1st edi­tion 2020All EU Mem­ber States have been re­quired to ap­ply the Gen­er­al Data Pro­tec­tion Reg­u­la­tion ("GDPR", Reg­u­la­tion (EU) 2016/679) since 25 May 2018. After a cau­tious ini­tial peri­od, the EU data pro­tec­tion au­thor­it­ies ("DPA") have in­creased their fin­ing activ­ity sig­ni­fic­antly. This GDPR En­force­ment Track­er Re­port aims to provide you with valu­able in­sights in­to the fin­ing activ­it­ies of all EU DPAs un­der the GDPR, as well as the ICO's prac­tice in the United King­dom. Our ana­lys­is is based on the pub­licly avail­able data on fines that we col­lect and com­pile at www.en­force­ment­track­er.com. We in­tend to pub­lish an­nu­al edi­tions of this re­port, and we ex­pect that the rel­ev­ance of in­sights will stead­ily in­crease as more data on fines be­comes avail­able.Over­view, coun­try and sec­tor ap­proachIn search of guid­ance on how to op­tim­ise its own data pro­tec­tion strategy and pri­or­it­ise data pro­tec­tion meas­ures, a com­pany will nat­ur­ally want to look at its peers and the com­pet­ent au­thor­it­ies' prac­tice. This holds true both in terms of busi­ness sec­tors and jur­is­dic­tion. Kick­ing off with an over­all sum­mary on the ex­ist­ing fines ("Num­bers and Fig­ures"), we have cor­res­pond­ingly di­vided the fines in­to the fol­low­ing busi­ness sec­tors and con­sidered the re­spect­ive fines' ori­gins:Fin­ance, in­sur­ance and con­sultingAc­com­mod­a­tion and hos­pit­al­ity­Health careIn­dustry, com­merce and real es­tate­Media, tele­coms and broad­cast­ing­Pub­lic sec­tor­Trans­port­a­tion and en­ergy­In­di­vidu­als and private as­so­ci­ation­sEm­ploy­er­sY­our takeawaysThe in-depth ana­lys­is per­mits first con­clu­sions to be drawn as to which busi­ness sec­tors at­trac­ted par­tic­u­larly hefty fines. We have also ana­lysed the DPAs' reas­on­ings for the fines. These as­pects to­geth­er al­low us to provide you with key takeaways for each busi­ness sec­tor. Apart from the law­ful­ness of each data pro­cessing op­er­a­tion, bol­ster­ing data se­cur­ity should re­main in the spot­light for every or­gan­isa­tion. Lit­ig­a­tion in data pro­tec­tion is set to in­crease in the near fu­ture. Or­gan­isa­tions that main­tain up-to-date se­cur­ity meas­ures will be best pre­pared for the fu­ture and for po­ten­tial lit­ig­a­tion.
14 July 2020
The Chan­ging Face of Cy­ber Claims
At the in­vit­a­tion of glob­al ex­perts in in­sur­ance brok­ing and risk man­age­ment, Marsh, and IT con­sult­ants, Wave­stone, CMS has con­trib­uted to The Chan­ging Face of Cy­ber Claims study which looks at prac­tic­al...
April 2020
Check­list M&A and GDPR
The scope of the EU Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) ex­tends to M&A trans­ac­tions. Sanc­tions for in­fringe­ments of data pro­tec­tion rules in­clude, amongst oth­ers, a fine of up to EUR 20 mil­lion...
CMS ad­vises GPE and capiton on ac­quis­i­tion of NIC­OLAY Group
Stut­tgart – The GPE Group has ac­quired all the shares in the NIC­OLAY Group, a man­u­fac­turer of products used for non-in­vas­ive pa­tient mon­it­or­ing. The deal fur­ther strengthens GPE’s ex­pert­ise in med­ic­al...
CMS ad­vises In­stone Real Es­tate on ac­quis­i­tion of S&P Stadtbau de­vel­op­ment...
Düs­sel­dorf – Lis­ted res­id­en­tial prop­erty de­vel­op­ment firm In­stone Real Es­tate Group AG has ac­quired S&P Stadtbau GmbH, a res­id­en­tial real es­tate de­vel­op­ment plat­form, from Er­lan­gen-based Son­towski...
CMS ad­vises US in­sur­tech firm Lem­on­ade on en­ter­ing the Ger­man mar­ket
Co­logne – US on­line in­sur­ance com­pany Lem­on­ade is en­ter­ing the Ger­man mar­ket, ini­tially of­fer­ing house­hold con­tents and li­ab­il­ity in­sur­ance. Ger­many was chosen as the first European coun­try for ex­pan­sion...
CMS ad­vises on the sale of 231 Play GmbH to Jam City
Ber­lin – IWEF Ver­wal­tungs GmbH ("IWEF") sold its shares in 231 Play GmbH to JCBE GmbH, a Ger­man sub­si­di­ary of the US-based Jam City Inc. ("Jam City"). The share­hold­ers of IWEF, Dr. Mat­thi­as and Thomas...
CMS ad­vises Chinese con­glom­er­ate Yong­feng on ac­quis­i­tion of Ger­man pre­fab­ric­ated...
Shang­hai – The Chinese Yong­feng Group has ac­quired the Ger­man Bürkle Group, a pre­fab­ric­ated con­struc­tion en­ter­prise in­clud­ing Baus­toff­han­del Walth­er Bürkle GmbH & Co KG, Beton­werk Bürkle GmbH & Co...