Geißler Legal - Specialized Lawyer for Compliance & International Commercial Law

Lawyer for data protection law & AI for employers with office in the media metropolis of Cologne

Compliance optimized Legal Advisory for entrepreneur business activities - out of the box, cross-border, cost-efficient..

Contact

Data protection law & AI for employers: AI, compliance and GDPR in focus

No more company in which AI, Compliance & Data protection does not have to be a top priority. But how do you see through the thicket of complex data protection and AI regulations Can you still see the forest for the trees?

With my KISS data protection principle for entrepreneurs for legal certainty and compliance: Two major blocks are important for entrepreneurs:

  1. Sustainably protect your business-related data (business data compliance) such as know-how, pricing policies and strategies through robust agreements such as sanction-based confidentiality agreements (CDAs) or non-disclosure agreements (NDAs). Conventional NDA or non-disclosure agreements are often incomplete and need to be brought up to date. The risk of loss and unprofessional handling of essential business data such as business ideas and know-how must be prevented in the age of the use of chatbots such as Chat GPT from Open AI, Deep Seek or Perplexity. This can only be done with strong contracts and a declaration of commitment from the business partner that they - including their employees - are trained in the safe use of AI. And that is exactly the requirement that the law places on companies under the AI Regulation, Art 4 AI Regulation.

  2. Protect personal data (GDPR Data) of both your employees and your business partners through robust data protection agreements or agreements on the whether and how of contract data processing (AVV) or data processing agreements (DPA) and specific AI regulations

In today’s business world, AI & Data protection is a key issue for employers for several reasons: Firstly, supervisory authorities are not squeamish about sanctions for AI & GDPR violations and companies should be able to act quickly on the reaction side through valid “if-then documents”. Management, HR and the crisis team should be trained and tested in this before the emergency occurs. A quick and consistent reaction in the event of a AI or A data breach – for example, due to a phishing email opened by an employee – can be crucial in limiting and minimizing damage. 

Furthermore, new AI tools - especially chatbots and generative AI - require employers to pay close attention to data compliance. Policies should be drawn up as part of the employment contract that define as clearly as possible which sensitive information can and cannot be fed into an AI tool. Do the role reversal: Would you want your business partners to randomly enter your strategic considerations, offer prices or employee names into the endless expanses of AI tools without authorization?

If we think about it in detail, it is the employer or the management (= D&O's) who, in case of doubt, have to take responsibility for non-compliant behavior of subordinate employees under the aspect of organizational negligence. The legal requirements become all the more complex, each international the company, its corporate group and the associated data flows are. In summary, there are always three aspects at the core of international data protection advice:

  1. Corporate data protection (= protection of company and business-essential data)

  2. Non-corporate data protection (= protection of personal data of employees and stakeholders according to GDPR)

  3. The legally compliant flow of data within a group of companies with foreign connections

Personal data protection according to GDPR

The GDPR ensures that personal data of employees and applicants is treated with the utmost care. Employers must take comprehensive measures to protect the rights of the data subjects. This includes, among other things:

  • Design & review of ADV/DPA according to Art. 28 GDPR: Contracts for order processing must comply with the requirements of the GDPR. The legally compliant design of these contracts is essential to ensure data protection.
  • information rights pursuant to Art. 15 GDPR: Employees have the right to request information about the data stored about them. Employers must implement clear procedures for these requests for information.
  • extinguishing concepts: Data must be deleted after the retention periods have expired. An effective deletion concept is crucial to comply with the requirements of the GDPR.
  • claims for damages pursuant to Art. 82 GDPR: Data subjects can claim compensation for data breaches. Employers should be aware of the potential financial risks and take appropriate measures to prevent breaches.
Contact

Business-related data protection: NDA and Trade Secrets Act

In addition to personal data, business-related information is also protected by data protection laws:

  • NDA (Non-Disclosure Agreement): These contracts protect confidential business information from unauthorized disclosure. The correct design and application of NDAs, including AI, are crucial for protecting trade secrets.

  • Trade Secrets Act: This law protects trade secrets from unlawful use, including through AI, or disclosure. Employers must ensure that all relevant security measures are in place to protect their business information.

Compliance with Third Country Transfers

Another important issue is the secure design of data transfers to third countries:

  • Safe Design of Third Country Transfers: If personal data, for example of employees based within the Member States, is to be transferred outside the EU in a legally compliant manner, special security measures must be taken, documented and monitored in order to comply with the requirements of the GDPR and international agreements on data transfer.

It is essential for employers to deal intensively with the legal requirements in the area of data protection. Careful design of so-called intercompany agreements on data protection and order processing, an effective deletion concept and a robust system for protecting trade secrets are just some of the measures that contribute to the necessary compliance. By implementing the GDPR requirements and adhering to the Trade Secrets Act, employers can not only minimize legal risks, but also strengthen the trust of their employees and business partners.

Together we can design a package that is customized for your company and provides you with the best possible protection in terms of data protection. This is not only a legal requirement, but also an essential part of responsible corporate management.

Contact
Make an inquiry now
We will be happy to advise you comprehensively and personally on your concerns.
Contact

Prices & Conditions

We offer all services on the basis of a competitive hourly rate or (if the number of hours is clearly defined) with an attractive flat rate.

Contact

International Lawyer & certified Compliance Officer

PHOTO 3-Mobile
Roman Bosco Geißler

services

Contract check mobile
Contract and General Terms and Conditions Check-up
Data Protection (4)-Mobile
AI, GDPR & Corporate Data Protection
Consulting-Mobile
Risk Assessments

Happy to help you

0221 - 42482831

Contact

Your law firm Geißler Trinity.

address

Gertrudenstr. 30-36 (Willy-Millowitsch-Platz)
D-50667 Cologne
Phone: 
0221-42482831
Phone: 
0171-2211612

business hours

Mon-Sat: 10:00 am – 1:00 pm
Mon-Fri: 2:00 pm – 8:00 pm 
and by telephone appointment

Contact

Legal Areas

services

Attorney-at-Law (Germany, EU)

© 2025 OMmatic

Main Menu

AI - Competence training according to Art. 4 AI Regulation

including certificate and e-book

Secure your place now –
practical, interactive & to the point!

en_USEnglish
de_DEGerman it_ITItalian en_USEnglish