Our daily lives are accompanied by a wealth of digital services, e.g. social media, video conferencing, online banking, credit checks, telemedicine applications and traffic monitoring. Many of these services are based on data that may contain confidential business secrets, copyrighted texts and sensitive personal information, some of which must be processed in accordance with strict legal requirements.

Against this backdrop, legal acts such as the General Data Protection Regulation (GDPR), the Cyber Resilience Regulation and the AI Regulation are increasingly becoming the focus of organizations. They need to avoid data (protection) scandals, reputational damage and fines, among other things.

Data protection

In the area of data protection, Fraunhofer SIT supports you with a holistic and interdisciplinary approach to data protection. The aim of our approach is to show you the basis for data protection-compliant and economical action, taking into account legal requirements, technical and organizational circumstances and economic aspects.

We enable you

• on the one hand, to use the possibilities of new technologies (support for the development and use of new technologies)
• on the other hand, to ensure appropriate implementation of data protection requirements to protect natural persons from interference with their fundamental rights (support for the identification and implementation of appropriate protective measures).

We support you regarding

• data protection-compliant technology development and design
• appropriate, internal organizational data protection management
• the data protection-compliant implementation of data anonymization and/or deletion.

In addition, at the client's request, we also offer an analysis of data protection from a business IT and psychological perspective, particularly in the area of user-centered and data protection-friendly technology design and development.

IT security law

Cyber resilience

We support you with legal issues relating to the implementation of the regulation on cyber resilience, in particular with regard to gap analyses, holistic risk management and the implementation of training for various employee groups.

Use of AI

We support you with legal issues relating to the use of artificial intelligence (AI), in particular copyright and data protection issues relating to the use of AI and the implementation of the AI Regulation. In addition to a purely legal analysis, we also offer, at your request, a legal-ethical analysis of the use of artificial intelligence, in particular in the area of data ethics and the questions of explainability, traceability and transparency of the use and decisions of artificial intelligence.

Offensive cyber security research

In addition, we offer organizations that conduct offensive cybersecurity research or develop software aimed at offensive cybersecurity research support in the legally compliant implementation and use of such research and tools. In particular, we provide support on issues relating to offensive cybersecurity research in the areas of data protection law, copyright law, criminal law and international law. 

Our offer  

• Surveys as well as user workshops in the area of user-centered and data protection-friendly technology design and development ("User-Centered Privacy and Security")
  
  
• (In-house) trainings on data protection law and IT security law, including the following topics
  • Data protection in online marketing
  • Data protection in personnel management
  • Data protection in works council work
  • Data protection in software development
  • Data protection in system administration
  • Data protection implementation in start-ups and micro-enterprises
  • Introduction to data protection law (also as employee training)
  • Introduction to IT law
  • Introduction to the AI Regulation
  • Introduction to the regulation on cyber resilience
  • Legal challenges of IT security research
    
    
• Workshops
  • to identify the need for action in data protection implementation and data protection management
  • to support the implementation of data protection and the introduction of data protection management
  • to design technology in compliance with data protection regulations ("Privacy by Design")
  • to identify the need for action in the implementation of the AI Act and/or the Cyber Resilience Act
  • to implement holistic risk management for the implementation of legal requirements on data protection and cyber security
    
    
• Preparation of studies on topics relating to data protection law and IT security law
  
  
• Review of existing data protection documents (e.g. data protection concepts, erasure concepts, register of processing activities)