Data Protection & Cybersecurity

Expertise in all matters related to privacy and data protection law, including cybercrime, data loss, and data management

Experienced data protection lawyers serving CEE

How do you reconcile the free flow of information and the need to be open to the world with the demand to secure your data and protect employee and customer privacy? How does data protection law in Europe help you deal with data breaches and hackers in an ever-changing legal landscape?

We are here to help. We can advise you on handling all types of data protection law and data management issues on a daily basis, from staff member data and patients’ medical records, to restrictions on outsourcing and records retention requirements, through to dealing with data leaks or cyber-attacks.

An efficient way to ensure compliance with data protection regulations and to build customer trust through transparency is to have your IT-products or IT-based services certified through the European Privacy Seal (EuroPriSe). Our admitted legal and technical experts can conduct the necessary evaluation for your certificate.

“Excellent expertise in multinational data protection compliance work, and is equally adept at handling security breaches, privacy matters, and local data protection issues.”

– The Legal 500

“Wolf Theiss advises a diverse range of clients across sectors including retail, infrastructure, banking and healthcare. The ‘responsive and very practical’ team brings its ‘excellent expertise in multinational data protection compliance work’ to a mix of contentious and non-contentious matters.”

– The Legal 500

“Up-to-date knowledge about cross-country relations as well taking responsibility for their job, real partnership and consultancy.”

– The Legal 500

What makes our team the best data protection & cybersecurity law firm for you?

Our regional, integrated firm offers distinct advantages, spanning the full spectrum of legal services.

  • An established international law firm with 60+ years of experience in Austria and CEE/SEE
  • A fully integrated team of jurisdiction-specific qualified lawyers across our offices in 13 countries.
  • Collaboration and innovation across multidisciplinary teams and offices
  • Excellent client satisfaction – responsive, client-oriented, and consistent
  • Experience with complex and cross-border matters covering the full spectrum of legal services
  • Knowledge and expertise to add value to deals across industries

Leading the legal field

Our lawyers are involved in key transactions and matters across the region, bringing their industry expertise and specialised business knowledge to add value to our clients’ work.

Advised banking group on GDPR implementation for all CEE/SEE offices

Defended client against a series of data protection violation claims

Successfully advised search engine provider in proceedings before the Austrian Data Protection Authority

Our subsidiary RBS acts as Data Protection Officer for clients in various industries

Leading data protection law firm, experienced in security breaches, local & multinational data protection, & EuroPriSe certification

Successful regional GDPR implementation

Our team advised an Austrian headquartered banking group in setting up their internal data protection management systems for all of their offices in Austria and the CEE/SEE region.

All of our offices worked together to provide solutions for the GDPR implementation in the most practical and efficient manner, taking into account not only data protection but also general banking regulatory and cyber security laws. Our advice also included the application for approval of Binding Corporate Rules (BCRs).

Privacy litigation

We defended a client against the first-ever series of claims in the country, where a larger number of people (allegedly) affected by data protection violations were suing for non-material damages. The main question is now pending before the Court of Justice of the European Union.
With a scalable number of data protection experts, we can also support in mass proceedings at short notice.

Defence before DPAs

Our firm successfully defended a search engine provider in proceedings before the Austrian Data Protection Authority whose decision was lifted by the Federal Administrative Court.

We defend clients against complaints by data subjects / NGOs and against GDPR fines before DPAs across the entire CEE/SEE region.

Data Protection Officer

Our consulting subsidiary Responsible Business Solutions (RBS) acts as an external Data Protection Officer for multiple clients in the areas of public infrastructure services, banks, insurance and healthcare.

Areas of specialisation

GDPR implementation

If you are a data controller or a data processor, you need to implement appropriate technical and organisational measures to safeguard the personal data processed in your business, as well as keeping evidence of your personal data processing operations.

We identify the gaps and suggest the best options to close them, thereby helping your firm to meet EU GDPR requirements and ensure compliance with other local data protection laws. We can assist you in designing a data privacy programme and support you in dealing with the records of processing activities, DPO related tasks, and data protection impact assessment. You benefit from the combination of our legal and technical skills allowing us to offer you comprehensive solutions for all your GDPR data protection law requirements.


Having your IT-products and IT-based services certified through an independent third party helps your business maximise transparency and build up trust. The European Privacy Seal (EuroPriSe) is a highly respected certification which is valid in all EU countries and which can be used for consumer marketing or public procurement.

In addition, the fact that its awarding criteria align with the requirements of the GDPR, is an immediate indication to your customers that your business is GDPR-compliant. We have admitted EuroPriSe Legal and Technical Experts in-house. By covering both the legal and the technical side of the certification procedure you avoid having to engage two different firms, saving you both time and money.

Data management

As a response to technological developments and the ever-increasing number of data breaches, new and strict regulations are being enacted that require companies to treat privacy policies and data security as high priorities. Since these regulations are neither always clear nor uniform across different jurisdictions, ensuring compliance with data regulations and drafting the appropriate policies can be a major challenge.

We can assist you in handling all types of data management issues including filing data applications with competent authorities, (cross-border) transfer of data, restrictions on outsourcing, handling data of staff members, customers, suppliers, patients etc., records retention requirements and implementation of whistleblowing hotlines.

Data loss

Do you know what to do if you suffer a data loss? Many European data protection laws and sector regulations provide for a notification duty in case of a data leak or data misuse.

We can advise you on whom, when and how to notify, as well as represent you against potential claims for damages or administrative fines following data security breaches. Better still, we can advise you on the implementation of the best data loss prevention software to protect your business.

IT remediation & review

Take advantage of our tailor-made legal “incident response” service focusing on the first steps to be taken after a security breach is detected (detection, containment, eradication, recovery, follow-up). Depending on your preference, we work together with international and local IT security specialists to recover your systems, whilst preserving evidence for possible criminal and civil actions.


The internet and e-communication have brought unparalleled opportunities; unfortunately, not just for business. Cybercrime is one of the fastest-growing areas of criminal law with more and more criminals exploiting the anonymity and speed of the electronic world to commit an ever-growing number of crimes.

With offenders ranging from individual hackers to highly complex international cybercriminal networks, you need a team which has the size, the connections, the knowledge and the partners to react immediately. The close cooperation between our Data Protection, White Collar Crime, IT and Crisis Management specialists allows us to provide integrated solutions.

Get in touch

Whether you need an international team with extensive experience, Wolf Theiss can support your business goals through our profound legal practice.