There are very interesting times ahead. Since there has been a change in the system for protecting trade secrets, companies ...
Read More

Protection of Trade Secrets in the
Biotechnology & Pharmaceutical Industry

The Protection of Software Source Code 
as a Trade Secret!

The Whistleblower
Friend and Enemy of the CEO

You are currently defenseless? No panic!
We will change that within a few weeks!

We assume that you have been sufficiently provided with information about the new Trade Secrets Directive (GeschGehG) in recent months. Many agencies try to interpret the law in a purely legal way, but they do not provide a coherent concept for end-to-end corporate implementation. What are they missing?

If you had the opportunity to ask your business-critical questions, you could even state uncertainty in the person you are talking to. If he or she can not answer your questions, they will retreat by referring to the lack of court experience. Meant are the missing judgments from the litigation. However, the problem is that the law of its own accord allows the judge to approve a party's motion and thus exclude the public from the hearing. The law also provides for the possibility of granting only certain persons access to judicial documents and oral proceedings, including the Protocol. Now, the question arises, how will these specialists even come to new knowledge and experience, if the law allows such possibilities? What about the many contentious issues that are resolved out of court due to the overwhelming burden of proof? Do not expose yourself to this risk and become one of the publicized cases, which fill knowledge gaps of the half-knowledgeable. From good cooperation with law firms more and more court judgments are known to us, which we consider in our activity. With that knowledge, our consultation with the objective for our customers is to achieve the necessary court-proof condition!

On the basis of previous experience, we believe that the continuous implementation of the Trade Secrets Directive requires a high degree of interface knowledge of legal, business management and technological aspects. So make sure you get that from a single source!

In the relation enterprise to enterprise is to make a law for the protection of the economy easier to understand! What has changed since April 26, 2019, based on EU Directive 2016/943? A system change has occurred! Everything that used to seem only seemingly is ineffective now! Here is the difference between earlier and now:

We start with the new Trade Secrets Protection System:

The new system provides that you, as a company, can now proactively protect your know-how if you one day want to assert yourself in court. You must indeed have identified and protected certain information that is of economic value to your business as such. That you do not just make standard contracts, you also need to prove in court. Rather, you have to convincingly present in court that an actual concept for the protection of trade secrets exists in your company and is regularly checked for its end-to-end functionality. The standard clause on the confidentiality of information in employee contracts, Rules of conduct or Confidentiality agreements alone is definitely not a protection concept! An agreement can not be that exact. Even though you have recently cited the new Trade Secrets Directive in it, it actually has only a purely informative character and can be considered in the event of a maximum process as an indication only. But the evidence is no evidence to substantiate actual facts! Since the entry into force of Trade Secrets Directive, however, the motto in litigation is: prove, prove, prove, and prove only!

The old system was intolerable and useless:

The old system seemed easier for business. Nevertheless, or perhaps because of that, it has often led to strange judgments and companies have been more likely to complain of violations of business and trade secrets. Companies could reactively call information a trade secret. So no matter what was violated by your know-how, it could later be called a part of a business or trade secret. Unless a company had to sue for strategic needs, time and budget, this insecurity was an open-door rival to employ in court. Even the all-embracing confidentiality agreements were often the subject of court cases. Due to their absurd design, almost everything could be purely interpreted. The litigation was therefore very difficult. Only the court was able to determine which legal components can be judged and weigh (classify) how valuable and secret was the information stolen for the damaged company. Companies have refrained from bringing an action because of this legal uncertainty. There was a legitimate fear of harming one's own reputation in public trials and having to divulge other trade secrets during evidence.

The economic crime has thus opened the door. Employees did not have to fear any consequences if they took away important company data such as customer lists, contract data, formulas, plans, etc. when they left an employer. It happened in the cooperation between companies, it looked more like the game David versus Goliath or according to the model that you do not bite the hand that feeds you! The way to the court was easier than with the Trade Secrets Directive but not always out of the process as a winner!

The Trade Secrets Directive will clear the table! It gives the economy the opportunity to actually and effectively protect itself! But it demands more than just:

Prove that your claim is justified!
Prove that the value of the infringement matches the amount of your claim!
Prove what access to the disputed information the defendant party had!
Prove the actual facts relate to the relationship!
Prove that you have alerted the defendant to the risk of action before the infringement occurred!
Prove that the breached trade secret is actually applied to the defendant party!
Prove, other damages that can not be assessed monetarily!

We will explain to you how to fulfill this high burden of proof, as well! Let's get started and start with a basic question that is asked again and again:

An important employee has left your company today! He is a leader in large projects and an important know-how carrier. Not only will this loss create a big empty space in your crew, but it also creates a disquieting feeling that he could bring economic benefits to a competitor or to its own start-up with the trade secrets entrusted to him. Do you have to be scared now? We answered this question ourselves from an entrepreneurial point of view:

☹ YES - Your fear is justified because you have not protected your trade secrets in compliance with the law! No matter which of the many trade secrets known to you are used, you have nothing protected and would, therefore, stand in front of a judge without the burden of proof! If your company suffers damage as a result of this departure, you will not be able to assert it in court! In court, you give the impression of carelessness or signal the willingness to share the know-how of your company with the rest of the world!

😊 NO - Your fear is unjustified because your trade secrets are protected in accordance with the law! They prove exactly which trade secrets were known to the ex-employee, when and how he had access to them. You can use it to prove how and in what form your know-how influences the competing product. From this, you can quantify the damage incurred and enforce injunctive relief claims or damages! You represent court the responsible company, which protects its investments in building its know-how!

Now there is a legitimate impression that companies currently do not protect their trade secrets in compliance with the law and are in a vulnerable state in the current situation. Unfortunately, we have to confirm this impression. Viewed objectively it is much worse. The entry into force of the Trade Secrets Directive has increased the risk for your company overnight, many times over. Without the implementation measures required by law, you would be guaranteed to lose all process in court! It is of high probability even if the offender would admit his act. In this case, you lack the proof that the information had an economic value for your company!

According to the Trade Secrets Directive, a court of law will fine you as follows:

In practice, companies are almost always digitized. Therefore, it has become complicated to adequately protect business-critical information. Trade secrets can not only be printed or copied on paper or via e-mail but also on paper, photographed by the mobile phone or print screened or on memory stick wore from the company. How should companies now prove that an immediate offense exists about the violation of their trade secrets, regardless of which of the above-mentioned methods of theft have been used? So you will be judicial and even have the high probability of settling out of court beforehand 😊:

a) Your company claims that its own project on the protection of trade secrets has been implemented and what extent it had. If external consultants were hired, we even recommend spending and budgeting in a summary. Avoid giving too much detail here as these could be a trade secret.

b) Your company will provide a list of trade secrets that have been classified in the company within at least 3 categories according to their value. The trade secrets should be created according to a group code so that the highest security is given in the evidence. This will prevent you from arguing about the violation of a trade secret and inadvertently pricing others. Avoid generalizations on this point. Classification in only 2 categories is not enough. Classification of documents with the label Confidential / Secret only has indicative value unless the actual content has been linked to it (e.g., Inno-383).

c) Define the catalog of measures (s). As part of the implementation, you have created catalogs of measures. For companies with a complex corporate structure or multiple locations, it is recommended that they differ. Each catalog of measures should have special characteristics. Also, avoid too generalized principles to withstand a challenge.

d) The catalog of measures is part of the overall protection concept. Part of the concept is test report as well, that proves you have actually checked the implementation of measures or their effects! Present these test reports.

e) Provide proof of insider knowledge in your company. Also an inventory on the carriers of trade secrets. Who knew what and how much of the classified trade secrets? To convict a perpetrator, you should prove exactly when and how he last accessed the violated trade secret (s). We also advise judges and experts to clarify who else had access to similar or identical requests during the same period. For now, numbers are enough (samples withheld). With this, you can prove the earmarking of your protective measures! It is particularly important if somebody accuses you of a violation of Labor law or Data protection law!

f) As part of the measures, you have adapted contracts with employees or business partners. Present with a template of a list. This list should also be provided with group codes. Prevent the listing of names and/or activities behind them, which could lead to a trade secret. A group code based on trade secrets and the number of affected employees and business partners should suffice! But have samples ready.

g) Documentation of internal training, invitations, and confirmations of attendance prove that you have taken the measures required by law seriously. Prove to the court that you have complied with the law as for employment, client, and contractor. Experiences that flow from the implementation into the training can prove that the perpetrator acted consciously.

h) Further material will greatly facilitate the evidence.

Please keep in mind that your opponent will also receive legal advice and is highly likely to have expert support. Therefore, assume that your protective measures are questioned. Therefore a few tips about what you should not do ☹:

  1. Certification according to ISO-IEC 27001 is no protection according to the requirements of the Trade Secrets Directive. The same applies to the compliance with the IT baseline protection according to BSI standards. In both cases, these standards only provide a foundation for the compliance requirements to be built upon. If it were more, laws would directly refer to it!
  2. The marking of documents with the expressions |confidential or secret| is not sufficient protection of trade secrets according to the Trade Secrets Directive. Identification of this type, as previously only indicative. Trade secrets are not the sole reason (BverwG ruling 23.02.2017 - 7 C 31 / 15-, juris, marginal 65)! For an injury, factual conditions must be present as proof. The exact text content! The same principle applies to SW applications. The fact that a user has access proves no breach of a trade secret, as long as it can not be a system-technical-content-related relationship with the facts can be detected. A specific query, print or data export. There must be a distinction between direct and indirect inferences!
  3. Companies which obligate employees to mark documents themselves operate a defective protection concept. The classification of trade secrets is the sole responsibility of the companies! Unless this refers to documents with a similar declaration of confidentiality on marked documents, according to the Trade Secrets Directive there are no court-proof proofs!
  4. Just relying on the protection of endpoints on computers or in the networks does not solve a major problem of the Trade Secrets Directive. Such products usually prevent the sending of information. Whether this information is marked as public, confidential or secret, it can not be distinguished by the system. They are gladly deactivated by the user because it hinders in daily business life.

INTELLIGENCE LOSS PREVENTION AUDIT [ILPA] helps to implement the Trade Secrets Directive


With the ILPA program, which we have designed especially for this purpose, we support companies in implementing appropriate measures in order to be able to assert claims and allegations to protect their know-how, if necessary. At the core, we link the resulting economic loss to the business as well as the individual incident or chain (breach of trade secrets) that caused damage or defect. Here are some useful examples:

  • Losses in sales of the company or individual products and its impact on the substance of the company or its actual value.
  • Damage to the reputation of the company or individual products and its impact on the company's economic growth.
  • Losses on capital goods (manufactured and consumer goods).
  • Losses of investments in research and development (holistic or project-related to individual product development).
  • Losses in staff leaving together with the associated know-how.

ILPA can prove corporate status before and after an injury using digital forensics and accurately quantify the economic damage. With the submission of ILPA final reports (if desired, an archiving takes place at an independent body) affected companies can in the future claim for breach of their trade secrets by specifying loss figures.

The ILPA program focuses on the following topics:

  • The total inventory of a company regardless of its size and complexity, including fixed assets (property, plant and equipment and intangible assets).
  • Creating cartography of trade secrets distributed throughout the company. This includes an overall inventory and a holistic view of business-critical know-how.
  • A check on access and requests by business units, departments and the workforce to confidential information. Derivatives get into a new set of rules. Included is a classification of information, necessary entry requirements, and new access controls.
  • The control of all knowledge, information and data transfers between companies requiring a possible confidentiality agreement or a revision or extension of existing contractual agreements.
  • An investigation of all physical access to the classified information to introduce or extend electronic safeguards.
  • Awareness of the workforce and their required training.

The ILPA program includes the use of self-learning algorithms. These allow a scope of services that goes well beyond a traditional IT audit, especially the critical core concerning the protection of trade secrets. Depending on the level of expansion, the ILPA program can be rolled out to specific business areas within the company or to the entire group. The duration or intensity of our service depends on an agreement with the client.

Data protection
, Owner: (Registered business address: Germany), processes personal data only to the extent strictly necessary for the operation of this website. All details in the privacy policy.
Data protection
, Owner: (Registered business address: Germany), processes personal data only to the extent strictly necessary for the operation of this website. All details in the privacy policy.