Information Technology and Data Protection
The age of digitization: Information Technology has long evolved from „new economy“ to one of the most important pillars of corporate assets. Nowadays, Information Technology and related aspects such as Information Security and Data PROTECTION need to be addressed in any business and company. We mainly advise providers, but also users of Information Technology in connection with drafting and negotiating contracts. We also provide legal supervision for complex IT projects, if need be including the winding-up after substantial project disruption. IT law and in particular IT related contract drafting is subject to constant change, e.g. with regard to the transition from software purchase and maintenance contracts to cloud solutions and SaaS. We are determined to not only provide legal advice, but also a basic understanding for the technical and organizational background of IT solutions.
The processing of personal data is relevant for each and any business and company, in particular with regard to customer and employee data. Since the European General Data Protection Regulation has taken effect, nearly every company needed to adjust their respective business processes. When doing so, Data Protection should not be viewed on a stand-alone-basis, but always in connection with information and system security.
Our daily practice and expertise particularly includes the following:
Up to 70% of all IT projects fail. Providers usually want to limit their scope of services. Principals expect all-round carefree packages. Different involved service providers are not being sufficiently supervised. Notwithstanding the fact that these and numerous other potential issues should mainly be taken care of via a well-organized project management, a project-specific legal guidance is an important cornerstone for successful projects, too. Like many of our clients, both in their roles as providers and principals, we have also understood from a legal perspective that digitization is not identical to digital transformation. We provide guidance for our clients‘ projects with a critical view as to potential risks, and always keep an eye on the technical and commercial targets of our clients.
The German Commercial Code is rather stereotype when it comes to contracts – which does not match well with IT-specific situations. The usual task is to cast the commercial objectives into the correct legal form. As for the party drafting a contract, German laws on General Terms and Conditions provide additional challenges. It is also to be expected that European legislation will enact further normative requirements for contract drafting in a digitized world, in the near future. We support our clients by drafting contracts and Ts&Cs, as well as negotiating contracts provided by the respective other party, often in a situation where the client is not really on a level playing field with the contractor, e.g. in situations where the client is a mid-sized software provider being faced complex purchasing documents from big market players.
Innovative business ideas often cannot be sufficiently represented via standard contract templates. When two or more parties cooperate within innovative projects, the allocation of rights with regard to expected working results is of the utmost importance. If such projects are being publicly funded, besides the individual interests of the parties, the requirements of the funding body are to be met as well. When drafting cooperation agreements for such situations, we always consider the bigger picture and start by asking the relevant questions in order to determine whether the parties have already considered the legal aspects with the appropriate depth, and whether and where a need for further clarification occurs.
Contract clauses with regard to data usage come-up increasingly. Quite a number of companies only associate such clauses with data protection. However, this topic is generally broader than just data protection related: it often concerns data which accrue through machine operations or accumulate within SaaS software – and which are usually of a commercial interest for both, the customer as well as the software or service provider. Considering the fact that data ownership is not (yet) explicitly regulated in statutory law, setting-up contract clauses with regard to the allocation of rights in and to data as assets is advisable, together with respective rights of use for the involved market players.
The processing of personal data is relevant for each and any business and company, in particular with a view to customer and employee data. Since at least the coming into effect of the European General Data Protection Regulation with its substantial fines, it is advisable and often inevitable to obtain legal advice in the field of Data Protection. We particularly support our clients by drafting contracts for commissioned data processing and data privacy statements, as well as clarifying questions related to data incidents and measures to be taken in such instances.
German Attorney-at-Law, Partnerin
DR. JÖRG-MICHAEL SCHEIL
Shangai, Ho Chi Minh City
German Attorney-at-Law, Partner
PROF. DR. RALF IMHOF
German Attorney-at-Law, Senior Associate