Data Protection lawyers with 50+ years of experience

Free initial consultation
16 days ago

Steffen Groß

Partner (Attorney-at-law)

Leon Neumann

Scientific Research Assistant

Jakob Riediger

Scientific Research Assistant

How to implement DORA in your company: Use of third-party ICT providers under DORA (Part 2)

The Digital Operational Resilience Act (DORA) will apply from January 17, 2025. While a first Insight (Part 1) provided an overview of the addressees and requirements of DORA, this article sheds light on the contractual adaptation obligations when using third-party ICT providers.


16 days ago

Steffen Groß

Partner (Attorney-at-law)

Leon Neumann

Scientific Research Assistant

Jakob Riediger

Scientific Research Assistant

How to implement DORA in your company: Overview of the new DORA requirements (Part 1)

The Digital Operational Resilience Act (DORA) will apply from January 17, 2025. For regulated players in the financial sector, the question arises as to the extent to which implementation measures will be necessary. The focus here is on contracts with ICT service providers.


22 days ago

Steffen Groß

Partner (Attorney-at-law)

Jakob Riediger

Scientific Research Assistant

Provider or deployer? On the correct classification of a company's role under the AI-Act

With the entry into force of the AI Act, companies are faced with the question of which requirements must be observed when dealing with AI products in a legally compliant manner. This largely depends on whether a company is to be classified as a provider or deployer of an AI system. This article aims to answer what this depends on.


a month ago

Boris Arendt

Salary Partner (Attorney-at-law)

Leon Neumann

Scientific Research Assistant

The AI Act is here - The European approach to regulating artificial intelligence

On August 1, 2024, the "Artificial Intelligence Act" ("AI Act") came into force after a long legislative struggle. This article will take a closer look at the requirements that deployers and providers of AI systems must now comply with.


a month ago

Steffen Groß

Partner (Attorney-at-law)

Delegate Data Protection, Reduce Liability

Companies must establish an effective data protection organization to comply with GDPR requirements and avoid personal liability for executives. This requires a data protection management system, clear responsibilities, and regular review of measures.


2 months ago

Steffen Groß

Partner (Attorney-at-law)

Is Remote Maintenance Data Processing on Behalf?

Remote maintenance of IT systems allows IT service providers to access systems remotely and perform maintenance work without needing to be physically on-site. Regularly, the IT service company gains—at least potentially—access to the client's personal data. This article provides an overview of the data protection classification of remote maintenance.


4 months ago

Steffen Groß

Partner (Attorney-at-law)

Boris Arendt

Salary Partner (Attorney-at-law)

SaaS Providers in Healthcare Now Required to Obtain C5 Attestation

The “Act to Accelerate the Digitization of the Healthcare System” (Digitisation Act - “DigiG”) came into force on March 26, 2024, and the new Section 393 of the SGB V will be applicable from July 1, 2024, requiring many SaaS providers to obtain a C5 attestation.


6 months ago

Boris Arendt

Salary Partner (Attorney-at-law)

Leon Neumann

Scientific Research Assistant

The AI Act is coming - The European approach to regulating artificial intelligence

A summary of the legal requirements for deployers and providers of AI


8 months ago

Ana Combei

Scientific Research Assistant

Boris Arendt

Salary Partner (Attorney-at-law)

Data Act - The path to more data sovereignty - requirements and impact

At the forefront of Europe's data strategy, the Data Act and the Data Governance Act form a cohesive framework aimed at bolstering data sovereignty and competitiveness. Given it's recent entry into force in January 2024, this article dives into the key aspects of the Data Act to make its content and applicability easier to understand.


8 months ago

Boris Arendt

Salary Partner (Attorney-at-law)

Ana Combei

Scientific Research Assistant

Digital Service Act (DSA): Streamlining Platform Rules in Europe

The Digital Services Act (DSA) overhauls EU digital regulation, imposing stricter rules on large platforms to combat misinformation and illegal content. In this insights article, we break down the law’s key requirements and explore how it reshapes Germany’s online environment.


a year ago

Boris Arendt

Salary Partner (Attorney-at-law)

Jakob Riediger

Scientific Research Assistant

Ana Combei

Scientific Research Assistant

New requirements for cyber security in Germany - the NIS2-Implementation Act

Germany must transpose the NIS2 Directive into national law by October 17th, 2024. This article provides an update on the status of the NIS2 Implementation Act (NIS2-UmsuCG), based on the latest draft published by the Federal Ministry of the Interior and Community (Bundesministerium des Innern und für Heimat-BMI), on July 24th, 2024. The draft is currently pending approval and outlines the proposed framework for aligning German law with the NIS2 Directive.


a year ago

Steffen Groß

Partner (Attorney-at-law)

GPT API: A Guide to Data Protection Compliant Integration

In this article, we shed light on an essential aspect of AI technology: compliance with data protection laws when using the OpenAI API. This platform provides access to the most advanced AI model currently available, the GPT API.


a year ago

Steffen Groß

Partner (Attorney-at-law)

Boris Arendt

Salary Partner (Attorney-at-law)

Martyna Siuda

Senior Consultant (Attorney-at-law)

Whistleblower Protection Act: A Step-by-Step Implementation Guide

The new Whistleblower Act (HinSchG) has already been in force since 02 July 2023. From 17 December 2023, smaller companies are now also obliged to comply with the legal requirements. This article will explain how you can optimally prepare for this.


a year ago

Boris Arendt

Salary Partner (Attorney-at-law)

Leon Neumann

Scientific Research Assistant

Jakob Riediger

Scientific Research Assistant

New Swiss Data Protection Act: Changes under the new FADP

On 01.09.2023 the new data protection law of Switzerland (Federal Act on Data Protection - FADP) comes into force without an implementation period. Not only Swiss companies must thus comply with some changes in the data protection law requirements with immediate effect.


a year ago

Steffen Groß

Partner (Attorney-at-law)

Jakob Riediger

Scientific Research Assistant

Data transfers to the USA under the EU-US Data Privacy Framework

How should companies handle data transfers to the US under the EU Commission's new adequacy decision 2023?


a year ago

Steffen Groß

Partner (Attorney-at-law)

Jakob Riediger

Scientific Research Assistant

Privacy-compliant training of AI models

Training AI-Models in compliance with GDPR-requirements.


a year ago

Boris Arendt

Salary Partner (Attorney-at-law)

Leon Neumann

Scientific Research Assistant

Current developments in AI regulation

The AI Act as a European Approach to the Regulation of Artificial Intelligence.


a year ago

Steffen Groß

Partner (Attorney-at-law)

Mere infringement of the GDPR does not result in a claim for damages

More clarity on the scope of the claim for damages under the GDPR


a year ago

Steffen Groß

Partner (Attorney-at-law)

Preliminary agreement on European “Artificial Intelligence Act” reached

European Parliament reaches provisional deal on world's first "AI-Law"


a year ago

Steffen Groß

Partner (Attorney-at-law)

Is ChatGPT GDPR-compliant?

Case studies and GDPR conformity assessment of the use of ChatGPT


2 years ago

Boris Arendt

Salary Partner (Attorney-at-law)

Steffen Groß

Partner (Attorney-at-law)

Data Protection aspects when using the ChatGPT-API

Current developments and possible solutions for handling the ChatGPT-API


2 years ago

Steffen Groß

Partner (Attorney-at-law)

Data processing by US cloud providers in Europe is possible under data protection law

New developments in the assessment of data protection law based on the resolution of 31.01.2023 of the Independent Data Protection Authorities of Germany "DSK" (Datenschutzkonferenz).


2 years ago

Natascha Gaden

Consultant (Attorney-at-law)

GDPR and ChatGPT

Complying with GDPR requirements when using ChatGPT


2 years ago

Steven Bressner

Partner (Attorney-at-law)

Empowering Sales to deal with GDPR Questions

Part 1 of the Series: Removing Data Protection as a Blocker from your B2B-SaaS Sales Process


2 years ago

Steven Bressner

Partner (Attorney-at-law)

GDPR and integrations in your B2B-SaaS platform

How to deal with integrations in your product from a data protection standpoint.

Legal advice

Simpliant Legal - Wittig, Bressner, Groß Rechtsanwälte Partnerschaftsgesellschaft mbB

Consulting

Simpliant GmbH

Technology

Simpliant Technologies GmbH

Data protection

We will support you in implementing all data protection requirements with the GDPR.

Information security

We support you in setting up a holistic ISMS such as ISO 27001.

Artificial intelligence

We advise you on the integration of AI and develop legally compliant usage concepts.


© 2019 - 2024 Simpliant