accessibilityalertarrow-downarrow-leftarrow-rightarrow-upchevron-downchevron-leftchevron-rightchevron-upclosedigital-transformationdiversitydownloaddrivedropboxeventsexitexpandfacebookguideinstagramjob-pontingslanguage-selectorlanguagelinkedinlocationmailmenuminuspencilphonephotoplayplussearchsharesoundshottransactionstwitteruploadwebinarwp-searchwt-arrowyoutube

Data & Cybersecurity

Expertise in all matters related to data, privacy and cybersecurity

Experienced data lawyers serving CEE

We support technology companies and businesses from all sectors that seek to thrive in the digital world and benefit from the untapped potential of data. We help you do that by placing your business needs at the centre of our advice and with an eye toward your continued success.

Our services cover data privacy and protection, data management and data governance, as well as compliance matters, (cross-border) data transfers and the preparation for, and handling of, cyber incidents: from the development and implementation of programmes and policies to audits, as well as support related to regulatory investigations and privacy litigation.

Areas of specialisation

Data protection compliance

We identify the gaps between your data processing operations and the measures included in policies that are in place, and suggest the best options to close them. This helps your company to comply with the EU GDPR and local data protection laws. We can assist you in designing a data protection management programme, support you in dealing with processing activity records , as well as conduct data protection impact assessments and transfer impact assessments and audits to you and your third-party data processors. You benefit from the combination of our legal and technical skills, which allow us to offer you comprehensive solutions to ensure robust compliance with data protection laws.

Through our subsidiary Responsible Business Solutions (RBS) we offer external Data Protection Officer (DPO) services for companies active throughout the entire CEE/SEE region.

Data management and data governance

The untapped potential of data is expected to fuel economic growth. Companies that are able to use data to drive innovation and derive value from data will have a strong competitive advantage in the digital economy.

The increased speed of innovation, coupled with quickly multiplying regulations, make the efficient and responsible management and protection of data more important than ever. We focus on your company’s strategy and business needs when advising on data management and data governance.

Information security and data breaches

The number of cyberattacks on businesses and the level of sophistication of cybercriminals is growing exponentially. Companies need to act fast to improve resilience and response to cybersecurity threats in order to avoid damages to their business and reputation.

New and strict regulations are being enacted that require companies to treat data security and its underlying infrastructure as a high priority. Since these regulations are never neither clear nor uniform, ensuring compliance can be a major challenge.

We can advise you on data security policies and incident response plans, assist you with your notification duties before authorities in the event of a cybersecurity incident, as well as represent you against potential claims for damages or administrative fines following data security breaches.

Regulatory investigations and proceedings

Now that the EU has set the course for increased GDPR enforcement, it is expected that the number of regulatory investigations as well as the number and the volume of fines will continue to grow.

Our team of data protection lawyers with’ hands-on experience and understanding of local practices is well-equipped to assist you in regulatory investigations and proceedings before Data Protection Authorities across the CEE/SEE region.

Data privacy litigation and enforcement

We represent companies before courts in various matters related to personal data, including claims for damages, access to data and deletion of data.

The Representative Actions Directive has harmonised collective redress across the EU, which in turn has brought substantial challenges and risks for businesses. The new regime makes it easier for large groups of individuals to bring class action lawsuits before courts, including in relation to personal data privacy and protection. With a scalable team of data experts and litigation lawyers, we are able to provide support in mass proceedings at short notice.

Leading the legal field

Our lawyers are involved in key transactions and matters across the region, bringing their industry expertise and specialised business knowledge to add value to our clients’ work.

GDPR damages & private enforcement: Defended a client against mass claims in relation to data protection violation, including proceedings before the CJEU on non-material damages (C-300/21, C-154/21)

GDPR fines: Successfully defended a retail company against a multi-million Euro GDPR fine in relation to a customer loyalty program before the Data Protection Authority

Access rights: Successfully advised a search engine provider in complaint proceedings regarding access rights before the Data Protection Authority

Data governance: Advised a publicly owned infrastructure provider on data governance issues (Data Act, Data Governance Act, Open Data Directive)

Compliance: Ran a data protection compliance audit at a number of healthcare institutions

Leading data privacy and protection team experienced in security breaches and local and multinational data protection matters

Regional GDPR compliance

Advising a major retailer and its group companies in CEE on GDPR and local data protection law compliance, including website policies, employee and customer data protection notices and information, DPO requirements, video surveillance and consent requirements.


Advising a debt collection agency against a multi-million Euro fine imposed by the Croatian Data Protection Authority.


Data transfer impact assessments (TIA) for non-EU CEE countries.

Personal data in connected vehicles

Advising an automotive company on personal data protection and telecommunication laws in relation to connected vehicles, mobility services and other regulatory issues such as e-communications, information security, advertising, and consumer protection.

Data in cloud environment

Advising a consumer analytics company on migration of services to the cloud environment involving proprietary business data, client data, financial records and personal data, including data from regulated entities.

Data breach

Continuous advice on data breach scenarios, filing of breach notifications and related investigation proceedings by data protection authorities, inter alia advising a company from the healthcare sector on a data breach of its customers’ data on a third-party platform.

What others say about us

“Excellent expertise in multinational data protection compliance work, and is equally adept at handling security breaches, privacy matters, and local data protection issues.”

– The Legal 500

“Wolf Theiss advises a diverse range of clients across sectors including retail, infrastructure, banking and healthcare. The ‘responsive and very practical’ team brings its ‘excellent expertise in multinational data protection compliance work’ to a mix of contentious and non-contentious matters.”

– The Legal 500

“Up-to-date knowledge about cross-country relations as well taking responsibility for their job, real partnership and consultancy.”

– The Legal 500

Get in touch

Whether you need an international team with extensive experience, Wolf Theiss can support your business goals through our profound legal practice.