Data Privacy

Data privacy issues in relation to sales / customer data

Advice on all issues regarding customer data privacy, including collection and use of customer data for advertising purposes; drafting of customer consent forms; buying and selling of customer addresses; customer relationship management systems.


Advice and support regarding all legal issues relating to cyber-attacks, including particularly: fulfillment of contractual and legal obligations to ensure IT system security, crisis management in case of hacker attack (with the involvement of IT experts as necessary), fulfillment of statutory and contractual reporting obligations vis-à-vis regulators, affected parties and public relations.

Esche Schümann Commichau is a member of the Cyber Security Alliance formed by the Federal Office for Information Security.

Data privacy and human resources

Advice on data privacy and employment law issues regarding employee data privacy, including employee monitoring, social media and Internet monitoring, video-surveillance, the use of GPS, personality and aptitude tests, medical checks, biometric procedures, monitoring of business and private use of telecommunication systems; digitization of employee records, e-mail retention; drafting of consent forms; advice on all issues regarding employee co-determination and the structuring of company agreements that include provisions relating to data privacy.

Data processing within corporate groups and data privacy in M&A transactions

Advice relating to the transfer and use of data within a corporate group, including commissioned data processing and cross border data transfer; data privacy during acquisitions and corporate restructurings; Advice on due diligence and data privacy; Consultation on data privacy issues in connection with corporate structurings, e.g. with the aim of obtaining the right to use personal data for advertising purposes.

Data privacy and compliance

Data privacy audits and development of compliance management structures, incorporation of privacy requirements into internal procedures and control processes, matching of electronic data for the purpose of detecting breaches of contract or crime.

Internet privacy

Devising of online-shops and e-recruitment systems, drafting of electronic consent forms and privacy statements etc.

International data privacy

Structuring of international data transfer agreements, advice on privacy issues when sending employees to work abroad, data privacy in international business relationships, international commissioned data processing, advice on data privacy issues when purchasing AEO (Authorized Economic Operator) certificates etc.

Commissioned data processing

Devising legally compliant commissioned data processing agreements including provisions for data integrity.

Data protection officers

Appointment and dismissal of data protection officers, drafting of contracts with internal and external data protection officers, drafting of permanent and fixed term appointments and employments.


Inhouse seminars and external training on all aspects of data privacy (seminars can be booked via the publishing house Verlag Dashöfer and via the German Association for Personnel Management), for e-learning courses see

We use cookies to optimize and continuously improve our website for you. By continuing to use the website, you agree to the use of cookies. Further information on cookies can be found in our data protection declaration. I agree