Data & Cybersecurity
Expertise in all matters related to data, privacy and cybersecurity
Experienced data lawyers serving CEE
We support technology companies and businesses from all sectors that seek to thrive in the digital world and benefit from the untapped potential of data. We help you do that by placing your business needs at the centre of our advice and with an eye toward your continued success.
Our services cover data privacy and protection, data management and data governance, as well as compliance matters, (cross-border) data transfers and the preparation for, and handling of, cyber incidents: from the development and implementation of programmes and policies to audits, as well as support related to regulatory investigations and privacy litigation.
Key Contacts
Areas of specialisation
Data protection compliance
We identify the gaps between your data processing operations and the measures included in policies that are in place, and suggest the best options to close them. This helps your company to comply with the EU GDPR and local data protection laws. We can assist you in designing a data protection management programme, support you in dealing with processing activity records , as well as conduct data protection impact assessments and transfer impact assessments and audits to you and your third-party data processors. You benefit from the combination of our legal and technical skills, which allow us to offer you comprehensive solutions to ensure robust compliance with data protection laws.
Through our subsidiary Responsible Business Solutions (RBS) we offer external Data Protection Officer (DPO) services for companies active throughout the entire CEE/SEE region.
Data management and data governance
The untapped potential of data is expected to fuel economic growth. Companies that are able to use data to drive innovation and derive value from data will have a strong competitive advantage in the digital economy.
The increased speed of innovation, coupled with quickly multiplying regulations, make the efficient and responsible management and protection of data more important than ever. We focus on your company’s strategy and business needs when advising on data management and data governance.
Information security and data breaches
The number of cyberattacks on businesses and the level of sophistication of cybercriminals is growing exponentially. Companies need to act fast to improve resilience and response to cybersecurity threats in order to avoid damages to their business and reputation.
New and strict regulations are being enacted that require companies to treat data security and its underlying infrastructure as a high priority. Since these regulations are never neither clear nor uniform, ensuring compliance can be a major challenge.
We can advise you on data security policies and incident response plans, assist you with your notification duties before authorities in the event of a cybersecurity incident, as well as represent you against potential claims for damages or administrative fines following data security breaches.
Regulatory investigations and proceedings
Now that the EU has set the course for increased GDPR enforcement, it is expected that the number of regulatory investigations as well as the number and the volume of fines will continue to grow.
Our team of data protection lawyers with’ hands-on experience and understanding of local practices is well-equipped to assist you in regulatory investigations and proceedings before Data Protection Authorities across the CEE/SEE region.
Data privacy litigation and enforcement
We represent companies before courts in various matters related to personal data, including claims for damages, access to data and deletion of data.
The Representative Actions Directive has harmonised collective redress across the EU, which in turn has brought substantial challenges and risks for businesses. The new regime makes it easier for large groups of individuals to bring class action lawsuits before courts, including in relation to personal data privacy and protection. With a scalable team of data experts and litigation lawyers, we are able to provide support in mass proceedings at short notice.
Leading the legal field
Our lawyers are involved in key transactions and matters across the region, bringing their industry expertise and specialised business knowledge to add value to our clients’ work.
GDPR damages & private enforcement: Defended a client against mass claims in relation to data protection violation, including proceedings before the CJEU on non-material damages (C-300/21, C-154/21)
GDPR fines: Successfully defended a retail company against a multi-million Euro GDPR fine in relation to a customer loyalty program before the Data Protection Authority
Access rights: Successfully advised a search engine provider in complaint proceedings regarding access rights before the Data Protection Authority
Data governance: Advised a publicly owned infrastructure provider on data governance issues (Data Act, Data Governance Act, Open Data Directive)
Compliance: Ran a data protection compliance audit at a number of healthcare institutions
Leading data privacy and protection team experienced in security breaches and local and multinational data protection matters
Regional GDPR compliance
Advising a major retailer and its group companies in CEE on GDPR and local data protection law compliance, including website policies, employee and customer data protection notices and information, DPO requirements, video surveillance and consent requirements.
Advising a debt collection agency against a multi-million Euro fine imposed by the Croatian Data Protection Authority.
Data transfer impact assessments (TIA) for non-EU CEE countries.
Personal data in connected vehicles
Advising an automotive company on personal data protection and telecommunication laws in relation to connected vehicles, mobility services and other regulatory issues such as e-communications, information security, advertising, and consumer protection.
Data in cloud environment
Advising a consumer analytics company on migration of services to the cloud environment involving proprietary business data, client data, financial records and personal data, including data from regulated entities.
Data breach
Continuous advice on data breach scenarios, filing of breach notifications and related investigation proceedings by data protection authorities, inter alia advising a company from the healthcare sector on a data breach of its customers’ data on a third-party platform.
What others say about us
“Excellent expertise in multinational data protection compliance work, and is equally adept at handling security breaches, privacy matters, and local data protection issues.”
– The Legal 500
“Wolf Theiss advises a diverse range of clients across sectors including retail, infrastructure, banking and healthcare. The ‘responsive and very practical’ team brings its ‘excellent expertise in multinational data protection compliance work’ to a mix of contentious and non-contentious matters.”
– The Legal 500
“Up-to-date knowledge about cross-country relations as well taking responsibility for their job, real partnership and consultancy.”
– The Legal 500
Get in touch
Whether you need an international team with extensive experience, Wolf Theiss can support your business goals through our profound legal practice.
Related insights
Workshop: Weathering a cyber attack – liability, risks and protective measures for companies and managers
Cyber attacks are becoming more frequent, the methods of attack more sophisticated and new ICT compliance requirements mak...
Read moreWolf Theiss expertly navigates Raiffeisen through EUR 529.4 mn leasing securitisation
Vienna, 28 May 2024 – Wolf Theiss proudly announces its role in providing expert legal guidance to Raiffeisen Bank Inter...
Read moreFuture of construction: Digitalization, artificial intelligence and digital twins in focus
The construction industry is experiencing rapid transformation through the integration of digitalization, artificial intel...
Read moreCurrent enforcement environment in Central and Eastern Europe: What to anticipate in the reconstruction of Ukraine
Key takeaways: Overall, the webinar underscored the importance of proactively addressing compliance challenges, understand...
Read moreDigital Services Act explained: New obligations for online businesses and other digital services
The EU Digital Services Act (DSA) has introduced a new liability and compliance framework for digital services offered to ...
Read moreWolf Theiss advises Lottomatica Group S.p.A. on the acquisition of SKS365 Group of Entities
Belgrade, Vienna, Prague, 27 November 2023 – Wolf Theiss advised GBO SpA, subsidiary of Lottomatica Group S.p.A., an Ita...
Read moreBeyond VLOPs and Gatekeepers: Countdown to the full application of the EU Digital Services Act (DSA)
The Digital Services Act (DSA) is set to overhaul and expand the EU’s regulatory framework for online intermediary s...
Read moreConvera acquires parts of Western Union business with legal assistance from Wolf Theiss
Vienna, 21 July 2023 – Wolf Theiss advised Convera on the acquisition of parts of the Austrian business of Western Unio...
Read moreCroatian Personal Data Protection Agency imposes a EUR 2.2 million fine on a debt collection company
In early May 2023, the Croatian Personal Data Protection Agency (AZOP) imposed a fine on a debt collection company in the ...
Read moreGDPR international data transfers: Commission’s Draft Privacy Shield Replacement
Transition period for new Standard Contractual Clauses to expire on 27 December 2022 Earlier this week the European Commis...
Read moreRBS Responsible Business Solutions strengthen service portfolio for comprehensive business consulting with acquisition of RE-Structure
Vienna, 31 August 2022 – With the merger of RBS Responsible Business Solutions and its sister company RE-Structure, ...
Read moreMagenta creates largest Austrian private fibre optic network partnership with legal assistance from Wolf Theiss
Vienna, 25 August 2022 – Austrian leading telecommunications operator Magenta relied on the legal advice of Wolf The...
Read moreCovid-19 testing and EU Certificates – rules and options for employers in Croatia
Topics concerning Covid-19 testing and EU Covid-19 certificates raise a number of questions for employers in the private s...
Read moreCovid-19 vaccination and the workplace: Common questions among employers in Croatia
The Croatian government aims to increase the percentage of vaccinated persons (currently approx. 50%). Topics concerning v...
Read moreFollowing in the footsteps of Italy: Will the right to work in Romania be conditional upon holding a Covid-19 Green Pass?
A new draft law in Romania prevents access to the workplace absent a Covid-19 Green Certificate. The new measures are appl...
Read moreWolf Theiss advises Novalpina Capital LLP in the largest transaction in the betting & gaming sector in Romania
Bucharest, 5 July 2021 – Wolf Theiss was the legal advisor of Novalpina Capital LLP, a London based independent European...
Read moreInternational data transfers: EDPB’s final recommendations on ‘supplementary measures’
On 18 June 2021, the European Data Protection Board adopted its final version on ‘supplementary measures’ for ...
Read moreRomania: Minimum network and information systems security requirements to be complied with by the operators of essential services in the next 6 months
On 26 November 2020, Romania adopted new technical rules on minimum requirements to ensure the security of network and inf...
Read moreE-Commerce platforms in the focus of the CJEU / E-Commerce Plattformen im Fokus des EUGH
E-commerce platforms are not obligated in all cases to make a telephone number available to consumers before the conclusio...
Read moreCJEU invalidates EU-US privacy shield framework and introduces further restrictions on data transfers to non-EU countries
On 16 July 2020, the Court of Justice of the European Union (CJEU) issued a long-awaited decision in a dispute between Fac...
Read moreRomanian parliament adopted new law regarding the competences of the local data protection authority
On 24 June Law no. 129/2018 entered into force. It had been published in the Romanian Official Gazette no. 503 of Ju...
Read moreAmendment of the Austrian act against unfair competition (UWG) – The directive on the protection of know-how enters into force in early 2019
Directive (EU) 2016/943 “on the protection of undisclosed know-how and business information (trade secrets) against ...
Read moreRomania: New law 362/2018 on the security of network and information systems / NIS directive
EU Directive 2016/1148 on Security of Network and Information Systems (the “NIS Directive”) regulates the main...
Read moreRomania: Wolf Theiss contributes to the release of two new reports on GDPR for the CPC platform
Wolf Theiss together with other qualified legal professionals from more than 30 European countries, contributed to the rel...
Read moreThe first action plan for the application of the GDPR has been published by the Romanian data protection authority
WHAT IS TO BE DONE BY DATA CONTROLLERS? On September 21st, 2017, the National Supervisory Authority for Personal Data Proc...
Read moreStatus update on the e-privacy regulation –The next key regulatory initiative after GDPR
On 10 January 2017, a proposal for a new Regulation of the European Parliament and of the Council concerning the respect f...
Read moreCyber Attacks: Die ersten 72 Stunden zählen. Die jüngsten Cyberattacken – national und international
Laut aktuellen Schätzungen des FBI liegt der durch Cyber-Delikte verursachte Schaden jenseits der 3 Milliarden US-Dollar-...
Read moreWolf Theiss Round-Up: Unternehmen sollten sich rechtzeitig auf die EU-Datenschutz-Grundverordnung vorbereiten
Die Europäische Datenschutz-Grundverordnung (DSGVO) hat weitreichende Auswirkungen auf das Datenschutzrecht der EU-Mitgli...
Read moreWolf Theiss Warsaw conference sees value in enhancing whistleblowing best practices in Poland
Warsaw, 30 November 2017 – Polish companies should intensify efforts to strengthen their internal whistleblowing systems...
Read moreWolf Theiss strengthens its banking & finance and dispute resolution teams in Warsaw
Warsaw, 1 February 2017 – Wolf Theiss once again added new members to two of its practice groups: Stefan Feliniak joined...
Read moreEuropean privacy seal Europrise: Wolf Theiss CIO Helmut Waitzer and technology lawyer Roland Marko certify data protection fitness
Vienna, 21 November 2017 – Wolf Theiss is offering companies further support in preparing for the EU’s General Data Pr...
Read moreWolf Theiss belegt bei den PMN Management Awards in zwei Kategorien den jeweils 2. Platz
Wien/Frankfurt, 21. September 2016 – Wolf Theiss ist die einzige österreichische Anwaltskanzlei, die für den PMN (Prof...
Read more