LUCID team in a compliance advisory session

One-stop compliance solutions.

It doesn't matter whether you are dealing with compliance, data protection / AI or risk management for the first time or whether you already have an existing system that you would like to improve. We didn't make the rules, but we have spent years studying them and we make them transparent and manageable. We don't just advise – we support you in putting solutions into practice, tailored to your individual company.

Compliance

Anti-Money Laundering
We assist commodity traders and companies outside the finance and insurance sectors in fulfilling their obligations under the German Anti-Money Laundering Act (GwG), in establishing an appropriate risk management framework, and in our capacity as external anti-money laundering officers.
Anti-Corruption
We support companies in establishing, improving and certifying a management system for the prevention of bribery in accordance with ISO 37001. We identify and assess your specific risks, review and update your contracts and policies, and provide training for your staff, particularly in procurement and sales.
Compliance Management Systems (CMS)
We support companies and organisations in establishing, auditing and continuously improving an appropriate and effective CMS based on recognised standards (IDW PS 980; ISO 37301). In doing so, we pay particular attention to ensuring effective integration with any other management systems that may already be in place, in order to avoid unnecessary extra work, gaps and conflicting results.
External Compliance Officer
We provide your company with flexible and efficient advice and support as an external compliance officer. Thanks to our many years' experience as former in-house compliance officers, we are familiar with the typical challenges and ensure that we are visible and easily accessible within your organisation.
Whistleblower Protection / Internal Reporting Office
We advise and support your company in setting up and operating an internal reporting office in accordance with the German Whistleblower Protection Act (HinSchG) and a complaints office in accordance with the German Supply Chain Due Diligence Act (LkSG), also in multinational corporate structures. We will draw up a whistleblower policy or a set of procedural rules in accordance with the LkSG, train your reporting officers, or take on the full range of statutory duties of the reporting/complaints office on your behalf.
Internal Investigations
We conduct internal investigations for you efficiently and securely in accordance with ISO 37008 or support your team in conducting and documenting investigative measures. We draw up or update your internal investigation policy and train your staff responsible for internal investigations.
Competition Law / Antitrust
We advise companies on distribution antitrust law, review and revise contracts, draft or update your internal antitrust policy, support you in implementing key antitrust compliance processes based on an individual risk analysis, and train your staff in procurement, sales and R&D on relevant antitrust topics.
Sustainability / ESG
We advise and support you in fulfilling your due diligence obligations under the LkSG and the various European ESG regulations, in dealing with codes of conduct and your clients' requirements, in meeting your sustainability reporting obligations (in particular under CSRD), and act as an external LkSG complaints office.

Data

Data Law
The Data Act, the Digital Services Act (DSA), the Digital Markets Act (DMA), etc. – we advise companies on all aspects of data law, from the legally compliant use and processing of data, through the drafting and negotiation of contracts, to compliance with national and international regulations.
Data Protection
We help businesses of all sizes to set up and maintain an effective data protection management system. This includes data protection audits, the development and implementation of customised data protection strategies, and practical training for your staff.
Digitalisation
We support companies through digital transformation processes, assess the legal framework, draft IT and technology contracts, and assist with the implementation of legally compliant digital business models.
External Data Protection Officer
As an external data protection officer, we ensure that your company complies with all data protection requirements. We handle communication with supervisory authorities, train your staff and assist with data protection impact assessments.
Information Security
DORA, NIS-2, the Cyber Resilience Act (CRA), etc. – we can help you establish an effective information security management system in line with current standards (ISO 27001, TISAX, etc.). This includes risk analyses, security concepts, information security policies, incident response strategies and training for your teams.
Artificial Intelligence (AI)
As certified AI officers, we advise and support companies in the legally compliant development and operation of AI technology in accordance with the requirements of the AI Act. We help you manage regulatory risks and make the most of the opportunities offered by AI.

Risk

Compliance Due Diligence in M&A
We supplement your legal due diligence with key compliance aspects, examine in particular the target company's CMS, conduct interviews with staff in critical areas of the business, and produce a compliance due diligence report featuring a risk matrix and practical recommendations for action.
Crisis Prevention and Crisis Management
We help you to prevent crises through effective risk management and to prepare for crisis situations in your company in the best possible way. In the event of a crisis, we advise and support you in managing the crisis and minimising damage, in particular through professional crisis communication.
Project Lawyers / Interim Legal Managers
As former in-house legal counsel with many years of practical experience across various industries, we provide flexible and efficient project-specific support to your company as project lawyers / interim legal managers – without a long familiarisation period or long-term commitment.
Legal Advice and Contract Design
We advise and support you in the drafting, review and negotiation of national and cross-border commercial contracts (e.g. purchasing, sales, distribution, licence, R&D/collaboration agreements) as well as in the preparation and updating of model contracts and GT&Cs.
Policies, Guidelines and Processes
We design, review or revise compliance and data protection policies and processes tailored to your organisation and assist you in properly documenting already existing processes.
Risk Analyses and Risk Management
We carry out a compliance risk analysis (CRA) for your organisation in accordance with the requirements of ISO 37301, or a less comprehensive compliance 'health check'. We provide you with practical recommendations on how to prioritise and manage risks and support you in the practical implementation of measures.
Trainings
We develop individual training programmes and materials covering all compliance topics and, if required, provide training for your staff either on-site or online.
Audits & Certifications
We advise and support companies of all sectors and sizes in the preparation and implementation of audits and certifications in the area of compliance (CMS) according to IDW PS 980 or ISO 37301, in the area of information security (ISMS) according to ISO 27001 and TISAX, in the area of data protection (DSMS) according to ISO 27701 and in the area of AI according to ISO 42001.

Contact

LUCID is always open for a conversation.