IT & data protection

The importance of issues in the area of information technology as been steadily growing for years. Companies have to comply with stringent data protection and privacy requirements, and that not only since the EU enacted the General Data Protection Regulation (GDPR). The widespread digitization of large parts of the economy and of society has not only led to a growing demand for experts in the field of information technology, but also to an increased need for sound legal advice and support. BRANDI has developed and grown its IT & Data Protection practice over the past years and bundled its expertise in a separate Specialist Group, with specialists from our various offices working together, sharing experiences, and coordinating their activities. On an international level, we are able to advise clients on cross-border matters through our close cooperation with partner firms within the Pangea network.

In the area of IT law, we advise you on both traditional software licensing law and on other form of use, such as software as a service (SaaS). In the area of software contract law, BRANDI represents numerous well-known IT companies, and also acts on behalf of software buyers, with our range of advisory services also including contract drafting and contract negotiation. Moreover, we support our clients in disputes before the civil courts or in the context of alternative dispute resolution procedures (ADR).

A further focus of our firm is the support of companies in data protection and privacy issues. BRANDI can provide targeted support as needed or provide comprehensive data protection support on an ongoing basis. If needed, we can even act as external data protection officer. In doing so, we will – if required – also represent the client's interest vis-à-vis the supervisory authorities and defend the client in court proceedings.


    • Preparation, design and monitoring of IT projects
    • Creation of software, especially agile software development as well as traditional software development ("waterfall model") including preparation (letter of intent, memorandum of understanding)
    • Use of software and hardware on a temporary basis, in particular cloud computing (CC), application service providing (ASP), software as a service (SaaS), infrastructure as a service (IaaS), platform as a service (PaaS)
    • License agreements
    • Software maintenance, hardware maintenance and other support services
    • Outsourcing agreements
    • Software and hardware distribution: drafting and negotiation of general terms and conditions and framework agreements and distribution agreements
    • Tendering of IT services, EVB-IT (supplementary terms for the procurement of IT services)
    • Assertion and defense of claims in and out of court, e.g. in the event of software defects, licence infringements and liability issues (claims for damages)
    • Reversal of failed software projects
    • Defence against negative ratings and representations on the Internet, including enforcement by means of a preliminary injunction
    • E-Commerce (designing of online shops, both B2B and B2C)
    • App agreements, in particular drafting of terms of use
    • Law governing online platforms including social media (drafting of terms of use, defence against claims, etc.)
    • Law governing search engines (Google, Bing, Yandex, etc.)
    • Online marketing including SEO
    • Competition and liability law on the Internet
    • Procurement of IT services
      • Assumption of the function of data protection officer
      • Data protection inventories & status reports
      • Advice on the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz; BDSG) and other data protection laws
      • Data protection compliance
      • Preparation of custom data protection concepts
      • Data protection documentation and record of processing activities
      • Drafting and review of agreements on order processing
      • Pre-checking, testing, evaluation and privacy-related documentation of IT systems such as video surveillance
      • Data protection for websites and online shopts
      • Privacy statements and data protection in e-commerce
      • Advice on data protection risk management
      • Realization of data protection training and workshops
      • Advice on technical and organizational measures
      • Data protection in international dealings, international data transfer
      • Drafting of data protection and privacy provisions in works agreements
      • Communication with data protection supervisory authorities
      • Support with certification and audits
      • Advice on the avoidance of data breaches, hacking, phishing