Data protection in Germany

Baker McKenzie

For many clients, Baker McKenzie is ‘better than comparable firms in terms of quality, availability, flexibility, speed and pragmatism’; the ‘solution-oriented’ data protection team is also noted for its ‘very broad overall understanding’ and the ‘reduction of responses to what is essential in a manner that is also clear for non-lawyers’. The practice has notable expertise in the regulated industries, such as the finance, pharmaceutical, medical technology and telecoms sectors, and often handles cross-border and multinational matters. The team has expertise in areas such as fintech and big data and another key focus is the automotive sector and mobility. In addition to advising several clients on GDPR-related issues, the firm is also assisting an automotive manufacturer with a Europe-wide concept for data protection agreements for connected car services. Other highlights include acting for a large international telecoms company in a matter regarding the German Federal Network Agency’s order for the advance deletion of data; assisting an asset management company with data protection matters relating to the introduction of procedures for the global processing of personal data; and advising a global market research and consulting company in the pharmaceutical and healthcare sector on the implementation of a pan-European big data project regarding the handling of health data. Holger Lutz provides ‘solid’ advice and Michael Schmidl, who is frequently recommended by peers and clients alike, has ‘extremely deep expertise’ and is ‘pragmatic, always available, very well organised and connected, highly motived and an excellent negotiator’. Julia Kaufmann is also noted.

Bird & Bird LLP

Bird & Bird is considered ‘traditionally strong across Europe’ for data protection matters and has ‘a very good market position’; clients note the ‘short turnaround and quick and precise responses’ as well as the ‘practical orientation and solid industry expertise’ of the ‘very engaged’ team. The group is advising Adidas, Flir and Nordzucker on GDPR compliance projects, as well as handling GDPR compliance matters for InfoSys. The team also handles sophisticated, often international data protection projects beyond the GDPR, including in connection with AI, the automotive and financial services sectors and IT security. It regularly advises Dexcom on GDPR matters, as well as issues concerning the use of Dexcom diabetes and tissue sugar measurement solutions on the basis of wearables and cloud solutions. Other clients include Microsoft, for which it handles data protection and IoT, SAP matters regarding data protection issues concerning global cloud projects, DekaBank, which it advises on domestic and international data protection and Kempinski. Practice head Fabian Niemann is ‘an excellent lawyer, who is willing to take a position and defend his view vehemently’; Henriette Picot is ‘a very congenial, good lawyer’ and the ‘extremely clever’ associate Simon Assion is considered a rising star, who ‘we will hear a lot of in the future’. The opening of an office in San Francisco in September 2018 following Kai Westerwelle’s arrival from Taylor Wessing, has further expanded its international strength in data protection matters.

Hogan Lovells International LLP

Hogan Lovells International LLP’s data protection advice often has an international dimension; the practice saw a particular rise in US-projects, but also covers data protection-related disputes and topics such as cybersecurity and the connected car. With regard to the implementation of the GDPR, the firm acts for prominent clients in various sectors, ranging from the automotive industry and field of mobility to life sciences, construction, diversified industrials and the technology, media and telecoms sectors, but also increasingly in the finance industry and the consumer goods and food sectors; Daiichi Sankyo Europe and Standard Industries are just two examples. Markus Schreibauer assisted a multitude of clients with data protection issues concerning M&A transactions, including assisting Daimler with the establishment of a joint ventures with BMW for the pooling of the global mobility services of the two automotive corporations. The ‘engaged’ team consists of ‘competent and outstanding advisers’: Stefan Schuppert is ‘very experienced’ and Martin Pflüger and Christian Tinnefeld were promoted to partner at the start of 2019. The highly regarded Tim Wybitul joined Latham & Watkins LLP in October 2018.

Latham & Watkins LLP

In addition to advising on numerous GDPR-related matters, Latham & Watkins LLP continues to focus on representing clients in data protection disputes, consumer protection agencies and data protection authorities. The firm is representing Facebook in abuse proceedings at the German Federal Cartel Office regarding the interaction between data protection regulations and antitrust law and also regularly advises Schufa on data protection compliance and litigation. The team also has expertise in crisis management in the context of data protection scandals and cybercrime; Ipswitch is a client in this space. The team acted for BayWa and clients from Asia and the US on GDPR implementation; it also advises on lobbying activities. Other work includes providing data protection advice to Iqvia (formerly IMS HEALTH) on information services in the healthcare sector, and handling data protection matters for DZ Bank and the German Dialog Marketing Association DDV. Ulrich Wuermeling is ‘quite simply one of the most foremost data protection experts’; he divides his time between London and Frankfurt. The group also welcomed the ‘virtually omnipresent’ and well-known Tim Wybitul from Hogan Lovells International LLP in October 2018; he is noted ‘particularly for his excellent work in employee data protection’.

Osborne Clarke

With ‘a great history in this area’, Osborne Clarke continues to have ‘a very strong’ presence in the data protection space. The firm’s spectrum of advice ranges from Europe-wide GDPR implementation projects, including for Amadeus, Scout 24, Weight Watchers and hotel chain Wyndham, to other data protection compliance projects, and data protection advice on ongoing business and innovative, data-driven business models. The team routinely advises prominent clients such as Google and Henkel and is assisting Ferrero with GDPR matters as well as the implementation of a data cooperation with Otto Media Group, the negotiation of several data protection agreements with IT service providers such as Reply and SAP and the introduction of a learning platform. The practice also handles big data and data ownership; it is acting for Xing in a data protection compliant design and adjustment of the client’s e-recruiting products. The broad client portfolio also includes Bayer, Birkenstock, ProSiebenSat. 1, Tupperware and Zeppelin. Flemming Moos has ‘a good reputation’ and is ‘without doubt a leading figure’; he heads the international data privacy service line. Marc Störing and Ulrich Baumgartner are also part of the core data protection team

SSW Rechtsanwälte Steuerberater Wirtschaftsprüfer

‘Very good IT boutique’ SSW Schneider Schiffer Weihermüller ‘enjoys an excellent reputation’ for data protection advice, which ranges from GDPR projects to global data transfer concepts, cloud-related data protection and industry 4.0 platforms, especially regarding the transfer and deletion of data. The firm predominantly advises on international data protection matters, including assisting a US big data and cloud provider with anonymity concepts and contract data processing, and an international publicly listed pharmaceutical manufactuer with consent in line with the data protection regulations in the healthcare area as well as international traffic and data protection on the internet. The team also advises a leading international e-commerce provider on the establishment of a global production register according to the GDPR, on concepts for international data transfer within the corporation and on IT-security matters. In another highlight, it is representing an insurance company at court in the context of data protection-compliant rights to information. The firm also acts for municipal businesses and utilities and for German statutory health insurers, such as GKV. The ‘excellent’ and ‘very available’ Isabell Conrad is considered the ‘engine’ of the practice and provides ‘top advice’. Counsel Maria-Urania Dovas is also very active. Elke Bischof joined MAYBURG Rechtsanwaltsgesellschaft mbH as of counsel.

Taylor Wessing

Clients are ‘very satisfied with the type of advice’ provided by Taylor Wessing, which makes the practice ‘the main contact for data protection matters’ for many. The ‘business-friendly’ team remains ‘highly active’ in providing data protection advice and has ‘deep industry expertise in the technology and gaming sector’; it has also recently focused on assisting multinational corporations and mid-sized companies with the implementation of requirements according to the GDPR, including the simultaneous optimisation of personal data processing activities. Clients here include eBay and Wargaming. Other clients stem from the media and telecoms sectors, but the team also advises banks and insurers on data protection issues. ‘Very agile’ practice head Axel von dem Bussche led the advice to Mitsui on data protection matters, including a GDPR project for the European Mitsui companies, a compliance project for the implementation of whistleblowing hotlines and the global support of cybersecurity and communication applications. Data protection auditor (TÜV) Sybille Gierschmann, who has 20 years’ experience, is also singled out. According to peers, salary partner Paul Voigt is ‘somebody who truly has great knowledge and skills’.


CMS provides ‘very competent’ advice on data protection matters and, frequently in collaboration with its international offices, handles GDPR issues for various large and mid-sized domestic, international and globally-operating companies concerning their daily business. The firm not only advises on personal data but also the processing of other non-personal data. Christian Runte is assisting a leading technology and chip manufacturer with data protection requirements in the context of development projects for autonomous driving and data protection issues concerning a cooperation with a German automotive manufacturer and an Israeli manufacturer for driver assistance systems for automomous driving, as well as with the assessment of internal data protection management in a holding in a digital card manufacturer for cars. The group also handles data protection matters for Airbnb, including representing the client in proceedings against the State of Berlin regarding the disclosure of host data according to the Berlin regulation prohibiting the use of living space for any other purpose. Other clients include Deliveroo, Zalando and eBay. Malte Grützmacher is ‘very congenial’.

DLA Piper

DLA Piper’s ‘excellent, large and international team’ advises on data protection matters ranging from strategic GDPR projects and GDPR compliance to the development of data protection risk indexes, employee data protection and matters regarding client data, cloud services and websites. It also represents clients in proceedings at the data protection authorities. Clients include large, international corporations in various industries, including the automotive, pharmaceutical, food and technology sectors, but also banks and insurance companies. Jan Pohle and Jan Geert Meents constitute the core team and counsel Verena Grentzenberg focuses in particular on data protection advice in connection with new business models. The team was strengthened by the arrival of university professor Jürgen Taeger as of counsel in February 2019.

Eversheds Sutherland

Eversheds Sutherland has notable expertise handling cross-border projects – with a recent focus on GDPR implementation in large compliance projects – but also provides general advice on data protection management and international data transfer. The firm is assisting Aspen Pharma with GDPR implementation involving over 19 European locations and US thermal management company Modine with GDPR implementation in all of its European locations, including advice on its acquisition of the business group Luvata and the introduction of a data protection compliance system. In the context of transactions, the team also advised Nasdaq-listed US REIT CyrusOne on data protection and IT law aspects during its acquisition of Zenium’s data processing centre. Another focus is data protection advice concerning the design and development of digital products and business models as well as cybersecurity. Alexander Niethammer, who has particular industry expertise in the automotive sector, is assisting Autoliv with the data protection evaluation of offered products in the area of autonomous driving and with IT-security measures. The team is also advising Philip Morris on the implementation of the GDPR particularly with regard to employee data protection, which is another area of expertise; the group is handling a similar matter for new client Rohde & Schwarz. Lutz Schreiber continues to act for key client Microsoft. Nils Müller was promoted to counsel in May 2018.

Jones Day

Jones Day’s ‘very strong data protection team’ is considered ‘a good partner for multinational corporations due to the high number of offices and the quality of the practitioners’. With ‘excellent response times and extremely good industry expertise’, the group advises on cross-border compliance and data transfer projects, cybersecurity, data protection infringement in the context of internal investigations and in the area of eHealth as well as GDPR implementation. Clients also appreciate that the team ‘always offers good alternative solutions’. The team frequently provides data protection advice on transactions, including assisting Cardinal Health with the acquisition of Cordis from Johnson & Johnson and the acquisition of business units Patient Care, Deep Vein Thrombosis and Nutritional Insufficiency from Medtronic for $6.1bn; it also advises the same client on GDPR implementation. For Cylance, the team is handling data protection and contractual matters concerning the distribution of cloud-based AI IT security measures. Litigation is another strength and the team regularly represents Icann in negotiations with data protection authorities regarding data protection requirements and is handling injunction proceedings at the regional court of Bonn against Epag Domainservices concerning the issue of what personal data registrars such as Epag have to collect and save in the context of the award of internet domains according to the GDPR. Key figure Undine von Diemar is ‘really good’.

Luther Rechtsanwaltsgesellschaft mbH

Luther Rechtsanwaltsgesellschaft mbH’s ‘absolutely professional advice’ on data protection is ‘reliable and trustworthy’ and of ‘a very high standard’. The firm provides ‘very good professional and also interdisciplinary teams’ and advises listed corporations, mid-sized companies and public authorities on IT compliance and IT security. The team advises clients including thyssenKrupp, Miele, E.ON, IKB, Klosterfrau and longstanding client Evonik on GDPR issues and implementation. For gematik (Gesellschaft für Telematikanwendungen der Gesundheitskarte), the team prepared an expert opinion on data protection responsibilities in the telematics infrastructure space in accordance with the GDPR and the new Federal Data Proection Act (BDSG). The firm also advised E.ON Business Services on SAP standard cloud services and the assessment of the data protection admissibility of the use of various tools. Other clients include InfoSys and Landesbetrieb IT.Niedersachsen. Peers and clients alike recommend Michael Rath, who has ‘excellent expertise and is very service oriented’; he is also an ISO/IEC 27001 certified lead auditor and therefore an expert in information security management systems. Silvia Bauer acts as external data protection officer for a multitude of companies.


For many clients Noerr is the ‘first contact’ for data protection advice and the ‘very active’ practice is ‘highly professional’ and handles GDPR projects, data protection compliance on individual issues and data protection matters pertaining to digitalisation projects, IoT and the automotive and eMobility sectors. In the last area, the firm is advising a multinational company on a project for the mobile recording of traffic in the context of the development of autonomous driving systems, and a new manufacturer of electric cars on the implementation of the GDPR, the processing and use of data pertaining to the car and on data exchange with service partners during maintenance services. The team is also assisting a large B2B platform with GDPR adjustments and cloud projects and handles particular data protection issues concerning the distribution of medicines required to be sold through pharmacies for a leading international online marketplace. In other work, the group is advising an online car rental platform operating across Europe on the establishment and introduction of the platform. The practice also frequently advises clients in the banking sector, such as an international banking group in the area of transport finance regarding GDPR implementation. Daniel Rücker in Munich heads the data protection group, which was newly formed in 2018. In Frankfurt, Joachim Schrey and Tobias Kugler are two key partners.

White & Case LLP

A recent focus for White & Case LLP is GDPR-related work and the firm advises prominent domestic and international companies on implementation projects, as well as providing advice at the intersection with data security and cyber security. It frequently handles matters with cross-border elements and the team has strengthened its cooperation with the firm’s US offices. International data transfers and internal investigations are other areas of focus. The firm provided data protection advice to Controlexpert, an innovative technology service provider for the insurance and automotive industries and a European InsurTech company, in the context of its strategic partnership with General Atlantic. It also submitted an amicus curiae letter for a non-profit association in US v. Microsoft regarding the US authorities’ access to data saved in Ireland. Detlev Gabel ‘does a great job’ and local partner Sylvia Lorenz is also particularly active.


WilmerHale ‘does its job properly’ in providing data protection advice. The practice, which predominantly handles international matters, provides transaction-related data protection advice and has particular experience in advising on data protection infringements and representing clients at court in data protection disputes; it often advises at the intersection with antitrust and competition law and consumer protection. The team works closely with the firm’s US offices and, as a result, it acts for a significant number of clients stemming from Silicon Valley and the social media area. The firm is representing Facebook in several proceedings, including concerning the so-called Facebook fanpages and the so-called like button, both currently at the European Court of Justice. The group also regularly advises McDonald’s on data protection strategies and changes in relation to the GDPR. With an additional focus in the pharmaceutical area, the firm also provides comprehensive data protection advice to a leading German pharmaceutical company, including in connection with several cloud projects. Martin Braun provides ‘very profound’ data protection advice.

Ashurst LLP

Ashurst LLP is especially active advising on data protection projects in an international setting, including GDPR implementation and international data transfer, but also advises on compliance investigations concerning data protection infringements and IT-supported internal investigations and on data protection aspects of transactions. The portfolio consists of international clients and also an increasing number of domestic clients, including well known corporates, banks and private equity funds. The firm assisted longstanding client Commonwealth Bank of Australia with its GDPR implementation and global data protection strategy and is adviving Würth Group on the design and implementation of a company-wide data transfer and data handling agreement. Highlights included comprehensive GDPR advice to LafargeHolcim and assisting new client Swiss Krono with the implementation of the regulation. Another new client is Adecco, which the firm advised on the introduction of a guideline for a global whistleblower system. Hyundai Mobis, Benteler and CompuGroup Medical are among its other clients. Head of the European digital economy practice Andreas Mauroschat is recommended.


BEITEN BURKHARDT’s data protection team ‘stands out for its short response times and pragmatic and clear opinions’ and provides ‘excellent customer service’ with a ‘practical approach’. The firm’s advice ranges from GDPR and digital business models to data security, data protection infringements and disputes with data protection authorities. The team advises on data protection issues in connection with clients’ daily business as much as on individual questions and handles international and domestic data protection projects. In the context of its international advice, clients particularly note ‘the firm’s understanding of the mindset of Anglo-Saxon clients’. The team is assisting expert Warenvertrieb with various GDPR issues; provides comprehensive advice to Landwirtschaftliche Rentenbank on GDPR requirements and measurements; and acts for Chinese internet company Tencent on the market entry of its various platforms in Europe. Axel von Walter is recommended for his ‘technical expertise and client orientation’ and many clients call on Andreas Lober as ‘one of the first contacts in the IT area’; he ‘finds entirely practical solutions including for the most complex challenges’. The ‘reliable and resilient’ Susanne Klein was promoted to salary partner at the start of 2018 and is ‘a proven expert in data protection law’. Salary partner Claudio Chirco left for PwC Legal (PricewaterhouseCoopers Legal AG Rechtsanwaltsgesellschaft) in March 2018.

KNPZ Rechtsanwälte

KNPZ Rechtsanwälte focuses on data protection advice in the context of transactions, ongoing data protection matters, GDPR compliance projects and in particular the data protection-related assessment of business-critical issues. The firm is advising Otto on strategic questions about its business model concerning the GDRP and on the data protection aspects of M&A transactions. The team also provides regular data protection advice to Hanoverian public transport utility Üstra and is representing the client at the Federal Administrative Court in model proceedings pertaining to video surveillance in buses and trains. New mandates include a GDPR compliance project for a prominent automotive manufacturer and advice on GDPR issues and whistleblowing policies for a globally operating fashion and accessories corporation. The practice also expanded its work in the venture capital area, including acting for venture capital fund Project A on data protection matters, including in the context of M&A transactions and VC investments. Other clients include Ströer, Körber, Bauer Media Group and a prominent large bank. The well-regarded Kai-Uwe Plath is the key figure.

Morrison & Foerster LLP

Morrison & Foerster LLP ‘stands out in comparison with others’; the data protection team is ‘very informed, pragmatic and a pleasure to work with’. With strong roots in Silicon Valley and Tokyo, the firm acts for US and Asian technology companies on their operations in the German and European markets and the German team works closely with the firm’s international data protection practices, particularly in Brussels and the US. Core strengths include GDPR-related matters, data protection infringements and IT security, while the team also has expertise in personal and non-personal data. Highlights included advising United Internet on the establishment of a comprehensive registration and online single sign-on service in the context of the EU’s new data protection standards. Another client is DocuSign, for which it handles the licensing and provision of its esignature services to companies and resellers in Germany, such as Deutsche Telekom. Other clients include a globally operating pharmaceutical company, a global HealthTech company, an international consulting and technology service company, an international hotel chain and leading global IT services and cloud providers. Hanno Timner is experienced in data protection and employment law and senior of counsel Lokke Moerel has particular expertise in binding corporate rules.

Norton Rose Fulbright

Norton Rose Fulbright’s data protection advice has ‘a high level of expertise, good knowledge of the economic underpinnings and a business sense’. The team focuses on international matters and cross-border advice. It handles large international GDPR projects in close collaboration with the firm’s offices in the US, London and Asia, advises on issues related to products based on the processing of data, and on data infringements, and has been notably active recently in cybersecurity matters. Jamie Nowak and Christoph Ritzer, who ‘does a good job’, are the names to note.

Orrick, Herrington & Sutcliffe LLP

With ‘superior expertise in EU data protection’, Orrick, Herrington & Sutcliffe LLP provides ‘reliable, business-friendly and practical advice’. The ‘extremely knowledgeable’ team is ‘able to explain complex legal matters in an easily graspable manner, so both legal and economic decisions can be made’. The newly formed cyber, privacy and data innovation practice predominantly advises on international matters, often in connection with the GDPR, but also in the context of M&A transactions and data protection regulatory proceedings. The team also saw an increased workflow in advising clients on cyber attacks directed against service providers, regulatory authorities and affected parties. The ‘patient’ Christian Schröder is recommended for his ‘data protection expertise, quick comprehension and his business acumen’. He advised US software provider Flexera on data protection aspects in the context of its acquisition of the German-Swiss Brainware Group. Together with colleagues in the US and London, he is also providing comprehensive advice to globally operating technology company Nvidia – known for graphic cards, AI cloud services and autonomous driving – and is assisting cruise line Carnival with global data protection issues, internal company group agreements and (especially recently) GDPR questions. The firm also advises numerous US and German mid-sized start-ups on data protection matters.

Reed Smith

Reed Smith’s data protection and IT security practice provides comprehensive GDPR advice and handles data protection compliance projects, it has a notable following among companies strong in marketing and with intensive customer contact. It also advises on data protection matters relating to apps, platforms and AI. Other expertise lies in the development and introduction of binding corporate rules. The ‘active’ Andreas Splittgerber heads the practice.


SCHÜRMANN ROSENTHAL DREYER is considered ‘a very reliable partner’, which fields a team of ‘experts for data protection as well as IT security’, and provides ‘suggested solutions instead of descriptions of problems’ to a client base that ranges from start-ups to large corporates particularly in the area of digital transformation. The team is noted for its ‘uncomplicated working relationship and understanding of issues surrounding digitalisation’ and also focuses on GDPR implementation and topics such as big data, online marketing and cloud computing. With particular expertise in customer loyality programmes, the firm is advising Deutschland Card on the development of new GDPR compliant pseudonymisation strategies. It is advising Zalando on the data protection assessment of new business models, representation in proceedings with data protection authorities and GDPR adjustments. The client portfolio also includes C&A Mode, Intersport, Outfittery, Westdeutsche Lotterie, Alnatura and ProSiebenSat1Media. Practice head Kathrin Schürmann is ‘an absolute data protection expert, who always manages to find practical industry solutions under time pressure’ and Simone Rosenthal is ‘a very well-versed attorney with outstanding negotiation skills’, while Philipp Müller-Peltzer, who was promoted to associated partner, has ‘great IT and data protection expertise’ and is ‘the ideal contact for digitalisation projects’.

SKW Schwarz Rechtsanwälte

With ‘expertise in a multitude of legal areas that is comparable to international firms’, SKW Schwarz Rechtsanwälte’s team provides ‘entrepreneurial and pragmatic advice’, including on data protection matters, and is noted for its ‘very structured and precise feasibility studies’ and its ‘efficient working method’. Clients include Schufa, SAP and Tinder. Practice head Matthias Orthwein is a data protection adviser for Giesecke & Devrient; he has a core focus in the area of new data models, in the context of the digital transformation of business models and on international projects. Oliver Hornung is assisting numerous large corporations with the implementation of the GDPR, including Commerzbank, Bosch Thermotechnik, Bosch Sicherheitstechnik and SGL Carbon. The team also has expertise advising on data transfer within European corporate structures and those from Europe to third countries as well as on the use of patient data and data protection issues in connection with the automotive industry. Johann Heyde, who was promoted to partner in January 2018, has ‘broad experience in all aspects of media, data protection and regulatory law as well as in the areas of IP, technology, telecoms and contract design’. The team was further bolstered by the promotion of Nikolaus Bertermann to partner in January 2019 and its ‘talented associates’ also stand out.

Allen & Overy LLP

Since 2015, Allen & Overy LLP has strategically expanded its data protection practice led by the ‘efficient’ Tobias Neufeld, who has a background in employment law and who communicates ‘clearly and concisely’. Clients appreciate ‘the diversity of expertise’ and that the team ‘quickly comprehends relevant questions’. The three pillars of the practice lie in data protection advice around Brexit, the pharmaceutical sector and the insurance industry. It recently advised a global insurance company on data protection-related due diligence and product assessment for the acquisition of a fintech company, and developed a standard process for the excecution of data protection impact assessments according to GDPR requirements for multilple leading European insurers. In the area of GDPR implementation, GlaxoSmithKline is a key client, while the team is also advising several leading Asian financial service providers and banks on data protection issues in connection with the opening of German branches due to Brexit. The team also provides data protection advice in the context of transactions. Other clients include BNP Paribas, Facebook, TUI and Vattenfall.

Graf von Westphalen

Described by clients as the ‘ideal firm for the mid-sized sector’, Graf von Westphalen is also noted for its ‘very good knowledge of data protection issues’. Team members regularly act as external data protection officers and advise on data protection at the intersection with IT security, compliance and traditional IT law. A highlight for the ‘very competent’ team, which has ‘an excellent understanding of the economic circumstances’, is its advice to ThoughtWorks, the global leader in agile software development, on a global GDPR project. Also noteworthy is the firm’s advice to Kuka on data protection matters, including assisting with German, European and international GDPR implementation and compliance. Another client is the Deutsche Bundespost Federal Posts and Telecommunications Agency, which the group advises on its data protection management system, GDPR implementation and a major human capital management project. Asseco Solutions, Celanese, the university clinics of Düsseldorf and Frankfurt and the pension fund of the Hessen Regional Medical Council are among its other clients. Stephan Menzemer stands out for his ‘very good expertise, his pragmatic and practical approach and his quick thinking’ and is also noted for ‘his uncomplicated and friendly manner’.

Heuking Kühn Lüer Wojtek

Heuking Kühn Lüer Wojtek’s ‘always friendly and personal advice’ ranges across diverse data protection issues: from GDPR implementation to data transfers and from questions surrounding online platforms to the execution of internal investigations. Thomas Jansen is ‘an experienced lawyer, who solves problems in a wider context, shows alternative paths that lead to solutions for particular scenarios and helps to offset risks’. He is assisting Grafika with the implementation of the GDPR and provides product and solution-based data protection advice for the attainment of a GDPR certification. He is also advising The International Association of Lions Clubs on cross-border data transfer, GDPR implementation and the introduction of the members’ platform myLCI. In other work, the group is handling a GDPR implementation project for Peri concerning over 20 operational companies across Europe and Philip Kempermann is leading the firm’s advice to Santander on one of the largest GDPR projects. The firm is also developing a privacy policy for small and mid-sized companies together with the insurer VOV Versicherung. The ‘very knowledgeable and conscientious’ salary partner Britta Hinzpeter is ‘reliable with a clear and solution-oriented way of communicating and working’.

McDermott Will & Emery Rechtsanwälte Steuerberater LLP

Within its TMT practice McDermott Will & Emery Rechtsanwälte Steuerberater LLP also increasingly covers data protection matters. Ralf Weisser notably advises on data protection in the context of outsourcing transactions and Wolfgang von Frentz coordinates the global data protection practice with expertise in litigation. He is assisting Professor Flöther with the sale of the Unister Group, including several online travel portals, is advising the client on the transfer of millions of customer data to various buyers and is defending the client at court regarding the controversial admissibility of this kind of customer data transfer. He is also handling data protection matters for Celanese Europe, including GDPR compliance, in connection with internal investigations and cross-border data traffic. A new client is GEA. Counsel Claus Färber is particularly active.

Pinsent Masons Germany LLP

Pinsent Masons Germany LLP opened its first German office in 2012 and over the years has built a by now significant data protection practice. A focus lies on GDPR compliance: the firm advises various companies in the energy supply sector on implementation projects and, in cooperation with an energy supply association and a Düsseldorf-based Legal Tech start-up (smartvokat), has developed a tool for the execution of data protection audits according to the GDPR. Together with some of the firm’s other European offices, Stephan Appt assisted Do&Co, a catering company, with its GDPR implementation project. The firm is advising Wirecard on data protection issues in connection with the development and introduction of innovative payment methods. The practice also often covers data protection matters in the context of projects surrounding connected car and automonmous driving and in connection with cloud projects. Other expertise lies in public and social data protection law and employee data protection. Data protection expert Kirsten Wolgast was promoted to partner in May 2017.