IT Security and Data Protection

Understanding regulation. Managing risk. Securing trust.

You are here: Expertise . IT Security and Data Protection

In an increasingly digitalised financial world, IT security and data protection are no longer marginal technical issues, but an integral part of the regulatory requirements for banks, financial service providers and fintech companies. We support you in this highly dynamic environment with in-depth expertise at the interface between technology, regulatory law and implementation.

Our expertise

We advise banks, financial service providers, fintech companies, insurance companies and IT service providers with a focus on the financial sector on regulatory requirements (e.g. under the German Banking Act (KWG), the German Payment Services Act (ZAG), DORA and the GDPR) and on the expectations of BaFin and data protection authorities.

Data privacy law
Whether opening accounts, processing payments or operating a platform, the handling of personal data in the financial sector is highly regulated. We provide comprehensive advice on implementing the requirements of the GDPR, develop data protection-compliant processes and support you in crisis situations, during data protection audits and in communications with supervisory authorities.
Service overview

DORA (Digital Operational Resilience Act)
DORA is relevant for institutions, service providers and FinTechs. We translate the regulatory requirements into actionable measures: from incident reporting and ICT risk management to contractual implementation in third-party management. Our advice is practical, audit-proof and tailored to the actual processes in your organisation.
Service overview

IT outsourcing
From cloud strategy to service provider management: we design and review outsourcing arrangements in line with regulatory requirements – in a practical, structured and regulatory-compliant manner.
Service overview

IT contracts
Technological cooperations require legally precise contracts. We draft and negotiate IT contracts with a focus on regulatory requirements, information security, data protection and practical relevance.
Service overview

Our strength: Industry-focused boutique consulting

We provide support in setting up, evaluating and further developing IT and data protection structures that comply with legal requirements and the auditing practices of BaFin and other supervisory authorities.

As a law firm specialising in financial regulation, we know the industry-specific requirements inside out – and speak the language of our clients in the financial sector. Our advice combines legal excellence with technical understanding and a clear view of regulatory practice. You benefit from individual solutions that systematically integrate data protection and IT security requirements – pragmatically, purposefully and future-proof.

Whether you need to set up an information security management system (ISMS), ensure the legal compliance of cloud outsourcing, receive support during IT audits by supervisory authorities or navigate a data protection crisis, we are at your side as a reliable partner with tailor-made solutions.

Your path to enhanced IT security and data protection

Get in touch with us – we will help you strategically embed regulatory IT security and data protection in your company in a manner that complies with supervisory requirements.