Wolf Theiss


How do you reconcile the free flow of information and the need to be open to the world with the demand to secure your data and protect employee and customer privacy? How does the law help you deal with data breaches and hackers in an ever-changing legal landscape? The EU General Data Protection Regulation (GDPR) was the most important reform of European data privacy laws for 20 years.

We are here to help. We can advise you on handling all types of data management issues on a daily basis, from staff member data and patients' medical records, to restrictions on outsourcing and records retention requirements, through to dealing with data leaks or cyber-attacks.

An efficient way to ensure compliance with data protection regulations, including the GDPR, and to build customer trust through transparency is to have your IT-products or IT-based services certified through the European Privacy Seal (EuroPriSe). Our admitted legal and technical experts can conduct the necessary evaluation for your certificate.

Roland Marko
T. +43 1 51510 5880
F. +43 1 51510 665880
Schubertring 6
1010 Vienna
Maria Maxim
T. +40 21 308 81 00
F. +40 21 308 81 25
4 Vasile Alecsandri Street
010639 Bucharest
Kurt Retter
T. +43 1 51510 5240
F. +43 1 51510 665240
Schubertring 6
1010 Vienna
Martin Tauber
Martin Tauber
Dragos Alexandroaiei
Dragos Alexandroaiei
Senior Associate
Ligia Berbecar
Ligia Berbecar
Senior Associate
Barnabás Buzási
Barnabás Buzási
Senior Associate
Mircea Ciocirlea
Mircea Ciocirlea
Senior Associate
Hristina Dzhevlekova
Hristina Dzhevlekova
Senior Associate
Maren Jergolla-Wagner
Maren Jergolla-Wagner
Senior Associate
Kateřina Kulhánková
Kateřina Kulhánková
Senior Associate
Paulina Pomorski
Paulina Pomorski
Senior Associate
Anja Tauchen
Anja Tauchen
Senior Associate
Eszter Bohati
Eszter Bohati
Jonida Braja
Jonida Braja
Nina Lazar
Nina Lazar
Blerta Nesho
Blerta Nesho
Iris Riepan
Iris Riepan
Luciana Tache
Luciana Tache
Lana Sarajlić
Lana Sarajlić
Law Office Sarajlić - Independent Attorney at Law in Cooperation with Wolf Theiss
Areas of Specialisation

GDPR Implementation

If you are a data controller or a data processor, under the GDPR you need to implement appropriate technical and organizational measures to safeguard the personal data processed in your business operation (including for human resources, marketing and commercial purposes) as well as keeping evidence of your personal data processing operations. Starting with an As Is Analysis, followed by a Gap Assessment, we can help you to identify the gaps and suggest the best options to close them; helping your firm become GDPR compliant. We have the data privacy experts to assist you in designing a data privacy programme, and even to support you in dealing with the records of processing activities, DPO related tasks, and data protection impact assessment. You benefit from the combination of our legal and technical skills allowing us to offer you comprehensive solutions for all your GDPR requirements.


Having your IT-products and IT-based services certified through an independent third party helps your business maximise transparency and build up trust. The European Privacy Seal (EuroPriSe) is a highly respected certification which is valid in all EU countries and which can be used for consumer marketing or public procurement. In addition, the fact that its awarding criteria align with the requirements of the GDPR, is an immediate indication to your customers that your business is GDPR-compliant. We have admitted EuroPriSe Legal and Technical Experts in-house. By covering both the legal and the technical side of the certification procedure you avoid having to engage two different firms, saving you both time and money.

Data Management

As a response to technical developments and the ever-increasing number of data breaches, new and strict regulations are being enacted that require companies to treat privacy policies and data security as high priorities. Since these regulations are neither always clear nor uniform across different jurisdictions, ensuring compliance with data regulations and drafting the appropriate policies can be a major challenge. We can assist you in handling all types of data management issues including filing data applications with competent authorities, (cross-border) transfer of data, restrictions on outsourcing, handling data of staff members, customers, suppliers, patients etc., records retention requirements and implementation of whistleblowing hotlines.

Data loss

Do you know what to do if you suffer a data loss? Many data protection laws and sector regulations provide for a notification duty in case of a data leak or data misuse. We can advise you on whom, when and how to notify, as well as represent you against potential claims for damages or administrative fines following data security breaches. Better still, we can advise you on the implementation of the best data loss prevention software to protect your business.

IT Remediation and Review

Take advantage of our tailor-made legal "incident response" service focusing on the first steps to be taken after a security breach is detected (detection, containment, eradication, recovery, follow-up). Depending on your preference, we work together with international and local IT security specialists to recover your systems, whilst preserving evidence for possible criminal and civil actions.


The internet and e-communication have brought unparalleled opportunities; unfortunately, not just for business. Cybercrime is one of the fastest growing areas of criminal law with more and more criminals exploiting the anonymity and speed of the electronic world to commit an ever-growing number of crimes. With offenders ranging from individual hackers to highly complex international cybercriminal networks, you need a team which has the size, the connections, the knowledge and the partners to react immediately. The close cooperation between our Data Protection, White Collar Crime, IT and Crisis Management specialists makes us highly effective in helping you.

Press Releases

Newssquare  Wolf Theiss berät Venture Capital Investor TCV beim Einstieg in Tourradar

Wien, 7. August 2018 – Der internationale Tech-Investor TCV setzt beim Einstieg in das in Wien ansässige Start-up Tourradar auf die Expertise von Wolf...

Newssquare  Wolf Theiss further strengthens its TMT and Data Protection Team in Romania

Bucharest, 31 July – Regional law firm Wolf Theiss has added two Senior Lawyers to its TMT (Technology, Media, Telecom) and Data Protection team in...

Newssquare  Wolf Theiss Strengthens its Data Protection Practice with New Hires

Bucharest, 27 March 2018 – After the addition of Partner Maria Maxim who joined Wolf Theiss in September 2017 as the coordinator of the Data...

Newssquare  Wolf Theiss Supports Young Lawyers’ Career Development

Warsaw, 14 March 2018 – Members of the Wolf Theiss Warsaw team attended the Law Career Fair (Prawnicze Targi Praktyk i Pracy) on March 13, presenting...

Newssquare  Bitpanda Setzt Bei Pantos ICO Auf Wolf Theiss

Wien, 12. März 2018 – Bitpanda bringt sein neues Open-Source Forschungsprojekt Pantos mittels Initial Coin Offering (ICO) auf den Markt. Wolf Theiss...

Newssquare  Wolf Theiss Forum Sees Polish Proptech Growth Accelerating

Warsaw, 09 March 2018 – Polish companies providing digital technology for the real estate industry are set for rapid growth, as they benefit from...


Vienna, December 22 2017 – Wolf Theiss has advised mobile operator T-Mobile on the acquisition of UPC Austria. Liberty Global plc, the largest...


Warsaw, 30 November 2017 – Polish companies should intensify efforts to strengthen their internal whistleblowing systems, which increase value for all...

Newssquare  European Privacy Seal Europrise: Wolf Theiss CIO Helmut Waitzer And Technology Lawyer Roland Marko Certify Data Protection Fitness

Vienna, November 21, 2017 – Wolf Theiss is offering companies further support in preparing for the EU’s General Data Protection Regulation (GDPR). The...


Vienna/Sarajevo, 15. November 2017 - After hiring new partners in Poland and Romania, Wolf Theiss continues its expansion course in Bosnia. Lana...

Newssquare  Wolf Theiss Conference prepares companies for the GDPR

Bucharest, 13th of October 2017: The “GDPR Roadmap – Connecting the business lines” conference was organized by the international law firm Wolf Theiss...


Bucharest, 11 September 2017 – Wolf Theiss Bucharest has expanded its TMT and Data Protection & Compliance practice by adding new Partner Maria Maxim...


Vienna, 29 June 2017 – PropTech is the latest buzzword in real estate and is jolting the whole sector. The experts at Wolf Theiss analysed the core...


Vienna, 7 June 2017 – Wolf Theiss has advised IHR LABOR, a network of medical laboratories, in legal questions surrounding IP, data protection,...


Die Europäische Datenschutz-Grundverordnung (DSGVO) hat weitreichende Auswirkungen auf das Datenschutzrecht der EU-Mitgliedstaaten. Österreichische...

Newssquare  Wolf Theiss contributes to the development of Cloud Privacy Check (CPC) Portal

Bucharest, 22 November 2016 – Wolf Theiss contributed to the development of cloud privacy check (CPC) portal, the largest european information...

Newssquare  Cyber Attacks: die ersten 72 Stunden zählen. Die jüngsten Cyberattacken - national und international

Laut aktuellen Schätzungen des FBI liegt der durch Cyber-Delikte verursachte Schaden jenseits der 3 Milliarden US-Dollar-Grenze. Zu den klassischen...

Client Alerts / Newsletters

Newssquare  A Munka Törvénykönyve adatvédelmi tárgyú módosítása

Hosszabb szünet után ismét adatvédelmi tárgyú törvénytervezetet nyújtott be a Kormány a Parlament részére, amelyet az Országgyűlés közel két hónappal...

Newssquare  Poland adjusted over 150 Polish Sectoral Acts to GDPR

On 3 April 2019, the President of Poland signed the Act of 21 February 2019 on amending certain acts in connection with ensuring the application of...

Newssquare  Poland has imposed the first Fine for Infringement of GDPR

On 15 March 2019, the Polish supervisory authority issued the first decision imposing an administrative fine in the amount of PLN 943,000 (approx. EUR...

Newssquare  GDPR: The Czech Republic has finally adopted National Legislation

On 12 March 2019, the Czech Republic approved a legislation incorporating the provisions of the General Data Protection Regulation ’GDPR’ (Regulation...

Newssquare  Bulgaria: The president vetoes local law implementing the GDPR

After extensive public consultations and parliamentary procedures, on 24 January 2019 the law implementing Regulation (EU) 2016/679 on the protection...

Newssquare  Romania: Wolf Theiss contributes to the release of two new reports on GDPR for the CPC platform

Wolf Theiss together with other qualified legal professionals from more than 30 European countries, contributed to the release of two new reports on...

Newssquare  Austrian GDPR-Tracker: Data Protection Authority on erasure by way of anonymization

Destruction or anonymization of personal data – an appropriate way to comply with the right to erasure?

The Austrian Data Protection Authority (DPA)...

Newssquare  Romania: New Law 362/2018 on the Security of Network and Information Systems / NIS Directive

EU Directive 2016/1148 on Security of Network and Information Systems (the "NIS Directive") regulates the main EU legislative framework, which aims to...

Newssquare  Serbia: Companies to register UBOs by 31 January

On 31 December 2018, the Central Register of Ultimate Beneficial Owners ("Central Register") has been established with the Serbian Business Register...

Newssquare  Upcoming Changes to Employment Documentation

The Polish Parliament has adopted an act that became effective 1 January 2019 and shortens the retention period of human resource files and allows...

Newssquare  UWG Novelle 2018 - Die Richtlinie zum Schutz von Know-How tritt in Kraft

Die am 8.6.2016 verabschiedete Richtlinie (EU) 2016/943 "über den Schutz vertraulichen Know-hows und vertraulicher Geschäftsinformationen...

Newssquare  Amendment of the Austrian Act against Unfair Competition (UWG) - The Directive on the Protection of Know-How enters into Force in early 2019

Directive (EU) 2016/943 "on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use...

Newssquare  Romanian Data Protection Authority's Decision on Investigation Procedure

Decision no. 161/09/10/2018 of The National Supervisory Authority for Personal Data Processing ("ANSPDCP"), on the approval of the Investigations...

Newssquare  Austrian DPA Issues Blacklist

Regulation on Processing Operations for which a Data Protection Impact Assessment must be carried out


On November 9th 2018, the Austrian Data...

Newssquare  Datenschutzbehörde Veröffentlicht Blacklist

Verordnung über Verarbeitungsvorgänge, für die eine Datenschutz-Folgenabschätzung durchzuführen ist


Am 9. November 2018 hat die österreichische...

Newssquare  Update zum WiEReG

Die gesetzliche Frist für die erstmalige Meldung zum Wirtschaftliche Eigentümer Register ist am 1.6.2018 abgelaufen. Mit Informationsschreiben vom...

Newssquare  Guidelines for Monitoring Employees after GDPR

Due to the implementation of GDPR, new provisions have been added to the Polish Labor Code ("Act") which, among others, regulate the monitoring of...

Newssquare  New law to implement the GDPR measures in Romania was adopted by the Parliament

On 27 June 2018 the legislative proposal for implementing the GDPR measures in Romania was adopted by the Romanian Parliament. The draft has recently...

Newssquare  Romanian parliament adopted new law regarding the competences of the local data protection authority

On 24 June Law no. 129/2018 entered into force. It had been published in the Romanian Official Gazette no. 503 of June 19, 2018, and it amends and...

Newssquare  Serbia: Register Of Ultimate Beneficial Owners

On 25 May 2018 the Parliament of the Republic of Serbia adopted the anticipated Law on the Central Register of Ultimate Beneficial Owners (the "Law")....

Newssquare  Latest Amendment to the National Court Register Act

The latest amendment to the National Court Register Act ("Act") introduces many changes that will significantly affect its functioning and obligations...

Newssquare  Corrigendum Deed for GDPR

Kindly be informed that over the past days a Corrigendum Deed amending several provisions of EU Regulation No. 2016/679 on the protection of...

Newssquare  DSGVO – Straffreiheit in Österreich?

Der österreichische Gesetzgeber hat am 20.04.2018 relativ unbemerkt Änderungen des im Jahr 2017 beschlossenen Datenschutz-Anpassungsgesetzes (1)...

Newssquare  Romanian Law Implementing The GDPR Has Been Submitted To The Senate

On March 14, 2018 the Romanian law for implementing measures on EU Regulation no. 2016/679 on the protection of individual rights with regard to the...

Newssquare  Trading Bitcoins Subject To Taxation In Poland

On 6 March 2018, the Administrative Supreme Court (NSA) issued the first ruling concerning taxation of income made from trading bitcoins by...

Newssquare  Bulgaria Joins The EU 'AMLD IV Implementation' Club

Yesterday, the Bulgarian Parliament adopted the Anti-Money Laundering Act (in Bulgarian: Закон за мерките срещу изпирането на пари). The Act...

Newssquare  New Draft Law For Teleworking Activities In Romania

Draft law regarding teleworking activities is currently in the process of being approved by the Romanian government.

The Draft Law has been submitted...

Newssquare  Polish Employee Capital Plans

On February 8th, 2018, the Polish Ministry of Finance released the long-awaited first draft of the bill on employee capital plans (Ustawa o...

Newssquare  The Polish Personal Data Protection Act Is Closer To Completion

On Monday, January 15th, 2018, in the Column Hall of the Polish Parliament, the Ministry of Digitalization organized a meeting to summarize the public...


A lot has happened since our last Newsticker in June 2017. In our new edition we reflect the latest developments in selected jurisdictions of our...

Newssquare  GDPR Update: DPO Now Included in Romanian Classification of Occupations

In preparation for the EU General Data Protection Regulation ("GDPR"), which comes into force in May 2018, Romania has updated its Classification of...

Newssquare  New Data Protection Guidelines on GDPR

Important news in the data privacy field after the Article 29 Working Party Plenary held in October 2017: the drafts of two new guidelines were...

Newssquare  Status Update on the E-Privacy Regulation –The Next Key Regulatory Initiative after GDPR

On 10 January 2017, a proposal for a new Regulation of the European Parliament and of the Council concerning the respect for private life and the...

Newssquare  Drafts of the Personal Data Protection Act

Drafts of the new Polish Personal Data Protection Act ("PDPA Draft") and Provisions Implementing the Personal Data Protection Act (“Amending Act...

Newssquare  The First Action Plan for the Application of the GDPR has been Published by the Romanian Data Protection Authority


On September 21st, 2017, the National Supervisory Authority for Personal Data Processing ("RDPA") published...

Newssquare  Wolf Theiss International IP/IT Newsticker - June 2017

A lot has happened since our last Newsticker in December 2016. In our new edition we reflect the latest developments in the jurisdictions of our...

Wolf Theiss Guides

Newssquare  GDPR one year later

One year has passed since the most important reform of European data protection laws in the last 25 years was implemented.

Find a Lawyer