You see a crossing. I see innovative strategies at the intersection of employment law and data privacy.

Data is the “oil of the 21st century”. As of today, it has the same disruptive and value creating impact as oil used to have. Data means value. The efficient and legally watertight collection and processing of data is an essential part of value creation in business today. In 2018, the General Data Protection Regulation (GDPR) came into force and challenges companies with new requirements for their data privacy compliance and corporate data responsibility. I support you in all data relevant matters and challenges and represent you in court or in administrative proceedings by data protection authorities (DPA).


My expertise / advisory services offering:

  • Employee data protection (with interface to labour law/works council law)
  • Controller-processor governance/joint controllers
  • Design of a data privacy organisation
  • Request for information/data transfers by (foreign) authorities/courts/courts of arbitration
  • Works agreements regarding data privacy
  • Cybersecurity/data breach and data incident management and communication
  • Data protection officer/DPO (internally, externally, group structures)
  • Data privacy in cloud systems
  • Data Protection Impact Assessments (DPIA)
  • Data usage in Human Resources
  • Data Privacy Management/Governance/Mission Statement
  • GDPR system check/data privacy compliance
  • Data privacy in M&A transactions, due diligence, transformations, transfer of undertakings and outsourcing
  • Data privacy conciliation committees (especially introduction of HR software/IT applications)
  • Internet und social media
  • Internal investigations/HR Compliance
  • International/cross-border data traffic and data transfers
  • Group data privacy (national/international)
  • Privacy by Design/Privacy by Default/Legal Design
  • Recruiting and data privacy (AI systems, video interviews)
  • Risk assessment
  • Contract design in the context of data privacy

Recent projects:

  • Use of WhatsApp, Facebook fan pages, website-tracking and mail services
  • Release of management from personal liability resulting from data privacy breaches
  • Complex PTAs and Data Protection Impact Assessment (DSFA/DPIA) with automated risk analysis
  • Introduction or Workday and other HR software for data privacy officers and negotiation of agreements between works council and management
  • Internal investigation: safeguarding of permissibility in terms of data privacy
  • Data delivery requests from overseas authorities, e.g. OFAC and SEC (USA)
  • Design of structures for a group wide data privacy system

In data privacy matters, clients praise Tobias Neufeld for being "efficient, clear and concise" and for having a "broad expert knowledge".

Legal 500 Germany 2019 – Data Protection