Data protection in Germany
Baker McKenzie remains a top player with its highly active IT and data protection practice. The diverse expertise of practice heads Michael Schmidl and Holger Lutz reflects the breadth of group's entire portfolio. A strong focus lies on regulated industries, including the financial, pharmaceutical, medical device and telecoms sectors, and highlight matters are often cross-border in their nature. The team is further expanding its data protection advice in connection with areas such as fintech and big data, the automotive sector and mobility. Contentious matters are increasingly part of the portfolio and the team is seeing more activity in the legal tech segment. Michaela Nebel, who provides data protection advice to multiple financial institutions, was promoted to partner in July 2018 and Julia Kaufmann is also widely recognised. She has particular expertise in data protection in the pharmaceutical context.
Michel Schmidl; Holger Lutz
Other key lawyers:
Julia Kaufmann; Michaela Nebel
‘Very profound knowledge of European and US data protection law as evidenced by several seminars and practical cases.’
‘The firm’s offices in both Frankfurt and San Francisco are characterised by practice-oriented solutions and neat legal subsumption.’
‘The team are responsive, accurate and provide commercially minded advice. Given the nature of the area of a law, some firms have a tendency to be overly cautious and provide advice which – if implemented – would create significant issues in terms of cost and impact to the business.‘
‘The team always provided pragmatic solutions whilst navigating the challenges in the legislation. They recognised the challenges of companies that do not have unlimited budgets but want to comply with the law.‘
‘Michaela Nebel has excellent specialist knowledge. She is quick and solution-oriented.’
‘Both Holger Lutz and Michaela Nebel are very competent, precise, effective, practice-oriented and pleasant to work with.’
- Advised a call centre and IT service provider on the implementation of the GDPR in Europe and the US
- Provided comprehensive advice to a German bank on data protection law and issues surrounding the centralisation and digitalisation of its archive system in numerous jurisdictions.
- Provided comprehensive advice to an Asian car manufacturer on data protection, telecoms and contract law and on telematic data services, particularly regarding global IT systems and the relationships with subsidiaries and car dealers.
Bird & Bird's data protection competencies are the result of 20 years' experience in this segment. The firm advises DAX 30 and other market leading companies in the retail, healthcare, telecoms, automotive and media sectors on data protection with regard to the GDPR, international data transfers and the use of data. The broad practice is successfully expanding not only within Germany but also globally in strong collaboration with the firm's international offices. Recently the team saw particular growth in data protection advice in connection with new business models and hot topics such as IoT, digitalisation, the cloud and big/smart data. Noteworthy is also the firm's contribution to the development of the legal framework for data protection by participating in various industry associations and committees and government initiatives. Frankfurt-based Fabian Niemann, who is widely recognised as leading by competitors, heads the practice. Recently the Hamburg office in particular was strengthened with the arrival of Hartmut Hörner from Deloitte Legal Rechtsanwaltsgesellschaft mbH and the promotion of Miriam Ballhausen to counsel. Associate Simon Assion also enjoys a good reputation in the market and so does Lennart Schüßler with his comprehensive data protection knowledge.
- Continued to provide advice to adidas on its GDPR compliance project, queries by data subjects, GDPR compliant contract design and international data transfers.
- Advised EMnify GmbH on the drafting of contracts and data protection for an IoT platform.
- Provided comprehensive advice to FLIR Systems, including the management and coordination of its GDPR compliance project and conflicts with European and US requirements.
Latham & Watkins LLP's comparatively small data protection team nevertheless constitutes one of the market leaders in this segment. Towards the end of 2018 the firm received significant attention due to its representation of the chat portal knuddels.de in the first fine proceedings due to GDPR breaches in Germany. The practice is now well-equipped for increased legal actions in form of data protection disputes and damage claim proceedings. Besides representing clients in litigation, including at the Federal Court of Justice, Federal Labour Court and Federal Constitutional Court, the firm's range of services also includes GDPR implementation in company structures and data protection advice in connection with M&A transactions as well as internal investigations and international pre-trial discovery procedures. Through the close collaboration with the firm's compliance practice the team was also able to strengthen its competencies in crisis management in the case of data protection scandals and cyber crime. Practice head Tim Wybitul, who joined from Hogan Lovells International LLP in October 2018, and Frankfurt and London-based Ulrich Wuermeling are both considered leading in the German market.
Other key lawyers:
Ulrich Wuermeling; Joachim Grittmann
Deutsche Bank AG
Deutscher Dialogmarketing Verband e.V.
Dr. Ing. h.c. F. Porsche AG
Toscafund Asset Management LLP
- Represented Daimler as defendant in a trailblazing action at the Federal Labour Court (BAG) regarding the right to access of employees according to the GDPR. This is the first publically known case in which a German court is deciding on the extent of the law on the right of access and the receipt of a copy according to article 15 of the GDPR.
- Provided continued data protection advice to CrossLend in connection with its market-based lending platform.
- Presented Facebook in proceedings at the Federal Cartel Office due to suspected abuse of a market-dominating position in connection with data protection and antitrust laws.
Noerr only established a data protection group in 2018, but the firm's expertise in this field rests on longstanding experience, not least thanks to the expertise of practice head Daniel Rücker. With a consistently growing portfolio the firm advises German and international companies from its offices in Munich, Berlin and Frankfurt on data protection compliance issues, the processing and use of data and the introduction of data protection management structures and governance processes. Clients stem from the automotive, fashion, IT and finance sectors, among others. The team works particularly closely with the firm's Digital Business Group and is strengthening its ties with the compliance and litigation practices. Associate Sebastian Dienst is highly active in data protection matters and already recognised in the market and Benjamin Jahn, who focuses on data protection in an employment law context, was promoted to partner at the start of 2019.
Other key lawyers:
Joachim Schrey; Tobias Kugler; Pascal Schumacher
‘Very high capabilities in data protection and information technology-related matters paired with agile working methods.‘
‘Daniel Rücker: excellent lawyer, who always keeps an eye on the overall perspective of the business, provides high quality legal advice and at the same time finds pragmatic solutions.‘
‘Sebastian Dienst: Excellent knowledge of the GDPR. Easily reachable, pragmatic and pleasant when working together.‘
The bench strength of Taylor Wessing's consistently growing IT and data protection team enables the firm to act in a broad array of areas, including healthcare, life sciences, automotive and insurance. Multinational corporations, mid-sized companies but also start-ups seek the team's advice for ongoing support on topics such as cyber security, GDPR implementation and HR and employment related data protection. Axel Freiherr von dem Bussche heads the technology, media and telecoms practice, while Paul Voigt, who was promoted to equity partner in May 2019, is recommended by competitors and clients alike. The team was furthermore bolstered with five new hires at associate level. Sibylle Gierschmann, who handled numerous data protection projects, however, left the firm in July 2019 to set up her own unit Gierschmann Legal.
Axel Freiherr von dem Bussche
Other key lawyers:
‘Pragmatic, solution-oriented advice, to the point and practical in its implementation.’
‘Paul Voigt combines tremendous legal knowledge with an equally large economic understanding.’
Bertelsmann SE & Co KG
Crédit Agricole Assurances
DEKRA Arbeit GmbH
Ernst Russ AG
Freudenberg IT GmbH & Co. KG
Grand City Properties
Hyundai Motor Europe GmbH
Sirtex Medical Europe GmbH
Wargaming Group Limited
- Provided comprehensive advice to Berliner Verkehrsbetriebe (BVG), the main public transport company of Berlin, on data protection law.
- Advised Berkley in connection with its cyber security insurance.
- Advised Crédit Agricole Assurances on specific questions regarding the implementation of the GDPR and different national requirements in the life and non-life segments.
White & Case LLP's data, privacy and cyber security group advises clients on all aspects of data protection, especially on German and European data protection law, cross-border data traffic and IT governance issues. A big focus of the practice also lies on advising online platforms, which the firm assists not only with data protection matters but also regulatory, competition law and product-based questions (such as acting for Facebook and Facebook-company WhatsApp since 2011). Key clients also include automotive, food and construction technology companies. Detlev Gabel, who is considered leading in the German market, heads the European practice. Martin Munz and Sylvia Lawrence, who was promoted to partner in 2018, are the key figures in the Munich and Berlin offices respectively. Lawrence has particular expertise in advising digital platforms, especially in the areas of social media, automotive, energy and cloud services.
Daimler Financial Services AG
- Provided data protection advice to Daimler Financial Services on the strategic investment in the used car platform heycar.
- Advised Facebook on all data protection disputes outside of the US since 2011.
A large team and long list of prominent clients are securing CMS a place among the biggest players providing data protection advice in Germany. Besides giving ongoing GDPR advice, which focuses especially on the banking and life sciences sectors, the firm also offers a targetted information service in connection with the upcoming e-privacy regulation. The practice often covers matters beyond the domestic border and has also developed the data law navigator, a tool which informs clients about data protection and cybersecurity in various countries.
Other key lawyers:
Christian Runte; Michael Kamps; Florian Dietrich
‘The data protection/IT team is broad and, if necessary, able to incorporate other practice areas (such as employment law).’
‘Very engaged, precise, responsive, business-orientiered with a sharp eye for essentials.’
‘Florian Dietrich is an outstanding external advisor.’
‘CMS’ lawyers are always available and very quick. Everything is very professional and somebody is always at hand with the necessary legal knowledge for any given area.’
Fossil Group Inc
Hewlett Packard Inc.
Panasonic Automotive Systems Europe GmbH
Dr. Ing. h. c. F. Porsche AG
Wayfair Stores Limited
- Provided continuous and comprehensive advice to Airbnb Ireland UC on e-commerce, distance sales, IT and data protection.
- Provided continuous and comprehensive advice to eBay Marketplaces GmbH and several subsidiaries (such as mobile.de, eBay Kleinanzeigen, brands4friends, StubHub, Shutl) on various areas of the law, including the representation in front of data protection authorities.
- Advised Fossil Group comprehensively on the implementation of the GDPR (client and HR data).
Clients and competitors alike recommend DLA Piper's data protection practice which shows particular strength in the automotive and finance area and has recently handled topics such as big data, AI and privacy-by-design projects. Other pillars of the practice lie in advising clients on compliance applications, employee data protection and cybersecurity. In collaboration with the firm's global data protection group the team often acts in international data protection projects. In 2019 the team grew significantly: In May Hamburg-based Verena Grentzenberg, who focuses especially on data protection advice in connection with new business models, was promoted to partner and at the same time senior associate Jan Spittka made counsel in Cologne. Renowned university professor and data protection expert Jürgen Taeger already joined the firm in February 2019 as of counsel and in Munich the practice was further strengthened with counsel Katia Helbig from Baker McKenzie in September 2019.
Other key lawyers:
Jan Pohle; Jahn Geert Meents; Verena Grentzenberg
‘The team has a hands-on mentality and always searches for a pragmatic solution.’
Undine von Diemar heads Jones Day's cybersecurity, privacy and data protection practice at the German and the European level and recently focused not only on GDPR implementation projects but also topics such as the assertion of data protection law-related claims of the individuals affected (such as employees' information claims ) and data breaches (often cross-border). Advice in connection with internal investigations and with transactions constitute two other strategic pillars for the team, which often cooperates with the firm's US offices. Employment lawyer Paul Melot de Beauregard joined in May 2019 from McDermott Will & Emery Rechtsanwälte Steuerberater LLP and brought experience in data protection.
Undine von Diemar
Kendaxa Holding GmbH
- Provided continued advice to ICANN (Internet Corporation of Names and Numbers) in Germany and globally on data protection requirements, particularly those of the GDPR, and in negotations with data protection authorities, registrars and registries.
- Advised SAP SE on data protection matters in connection with its aquisition of Qualtrics International Inc. for $8bn.
- Advised the Landesbank Baden-Württemberg on data protection issues in connection with its pilot project on blockchain-based issues and repayments of asset-backed commercial papers (ABCP).
Osborne Clarke's data protection practice established a solid reputation in the German market in recent years through its advice on the design of international data flows, in connection with data protection audits and compliance projects. The well regarded Flemming Moos heads the team, but the other key figure Ulrich Baumgartner left for Allen & Overy LLP in November 2019.
SKW Schwarz Rechtsanwälte's broad data protection practice led by Matthias Orthwein, whose 'reliability and tact' are well regarded, is noted for the team's 'high expertise and practical explanations of legal issues'. Although the firm is known primarily as German entity, it did not miss out on the opportunity caused by the GDPR to participate in international business (especially in China and the US). Advice on data protection breaches, cybersecurity and data management continues to constitute the bulk of the work. The team also acts as data protection officer for companies and provides foreign clients with services as EU representative in accordance with the GDPR. At the start of 2019 Benjamin Spies was promoted to equity partner and Nikolaus Bertermann made salary partner. Hans Markus Wulf, however, had already left for Heuking Kühn Lüer Wojtek in July 2018.
Other key lawyers:
‘High skills and very good understanding of clients’ problems, as well as always practical solutions. Particularly in the data protection segment there are currently a lot of firms which deliver qualitatively low services. SKW, however, is highly recommendable.’
Autoliv B.V. & Co. KG
bayme – Bayerischer Unternehmensverband Metall und Elektro e.V.
CNA Hardy Versicherung
Diaotyutai Mansion Hospitality GmbH
DIEHL Stiftung & Co. KG
E.ON Energie Deutschland GmbH
SCHUFA Holding SE
Robert Bosch Power Tools SE
- Advised the internationally leading automotive supplier Autoliv B.V. & Co. KG as extended workbench for the chief data protection officer.
- Advised CNA Hardy and Markel SE on the implementation of its cybersecurity policies.
- Development and implementation of a concept for the deletion of data for Commerzbank AG.
According to clients German IT boutique SSW Rechtsanwälte Steuerberater Wirtschaftsprüfer determines the 'benchmark in data protection'. From its office in Munich the team handles Germany-wide and cross-border matters. It has particular know-how regarding data protection-related contract, compliance and security issues and acts for companies across various industries (including insurers, pharmaceutical companies, fintech platforms and telecoms providers) and public entities. Practice head Isabell Conrad is considered an 'impressive and razor-sharp negotiator'.
Other key lawyers:
‘Qualitatively excellent legal knowledge in the data protection segment, including regional legal particularities.’
‘Professional behaviour with solution-oriented approach.’
‘Maria-Urania Dovas: Very solid and broad knowledge in the entire segment. Regularly exceeded expectations of results.’
WilmerHale's data protection practice is particularly known for its longstanding advice for Facebook. The firm is representing the social media company in several proceedings, both at the German Federal Cartel Office and the ECJ. Besides its ancillary expertise in litigation and antitrust and its focus on the internet sector, the team is also highly active in the pharma industry and non-contentious matters, especially for international companies. The 'exceptional and well versed' Martin Braun, who is recognised as a leading figure by both clients and competitors alike, not only acts as practice head of the German and European data protection practice but also of the firm's international big data group together with Washington DC-based Reed Freeman.
Other key lawyers:
‘Dr Martin Braun: excellent lawyer with outstanding know-how in data protection and exemplary service attitude.’
‘Advice is always pragmatic with a clear focus on feasibility and use for the business.’
‘Risks are demonstrated and considered in a realistic manner, but never exaggerated.’
Reporters Committee for the Freedom of the Press
- Vertretung von Facebook im Verfahren um sog. Fanpages vor dem Gerichtshof der Europäischen Union und dem deutschen Bundesverwaltungsgericht.
- Laufende datenschutzrechtliche Beratung in allen datenschutzrelevanten Themenbereichen bei McDonald’s.
- Represented the Reporters Committee for the Freedom of the Press in ECJ proceedings on the geographic scope of the right to be forgotten (C-507/17 and C-136/17).
BEITEN BURKHARDT's IT practice surrounding Axel von Walter and Andreas Lober has a focus in the gaming area and on IT contracts but also consistently demonstrates expertise in data protection matters. The team provides mid-sized and large companies not only with legal but also technical advice, such as via a data protection app developed by the firm which assists clients with GDPR compliance. The segments fintech and big data constitute particular areas of growth for the practice. After Tilmann Lührig left for Lexton Rechtsanwälte in May 2018, the team was strengthened with Johannes Baumann and Laureen Lee from Bird & Bird and Baker McKenzie respectively. The former has particular expertise in data protection advice for banks and advertisement-specific data protection, and the latter is especially active in international data processing projects. Additionally, Gudrun Hausner and Susanne Klein were promoted to partner in 2018.
Axel von Walter; Andreas Lober
Other key lawyers:
‘The team is well integrated. Complex questions are solved quickly and competently.’
‘Comprehensive expertise. Uncomplicated and quick communication, also in terms of further queries.’
‘The colleagues know how to translate complex data protection requirements into practical suggestions for implementation.’
‘Axel v. Walter as lead partner gives entirely practical and legally sound advice.’
‘Paul Wilde, associate, works very reliably as secondee, has an extremely quick grasp of matters and offers pragmatic and legally solid solutions.’
Bundesministerium für Verkehr und Infrastruktur
FCS Frankfurt Cargo Services GmbH
Groß & Partner
MEC Holding GmbH (Messer Group)
SCHUFA Holding AG
E.M.P. Merchandising Handelsgesellschaft mbH
- Advised the Federal Ministry of Transport and Infrastructure on data protection issues in connection with the large project of establishing a national motorway company.
- Provided comprehensive advice to Linde AG on data protection compliance, data protection contracts and international data transfer within the corporation.
- Provided continued advice to FCS Frankfurt Cargo Services GmbH on the implementation of the GDPR.
At Eversheds Sutherland the data protection practice covers compliance, data transfers (aided by the firm's high international spread) and data protection breaches. Thanks to the firm's large employment law group, the team is also able to successfully provide advice on matters at the intersection with collective employment law. Data protection-related issues are predominantly handled by practice head Alexander Niethammer and counsel Nils Müller, both based in Munich.
Other key lawyers:
‘Very responsive, helpful and practical.’
‘Nils Müller is an excellent practitioner.’
Rohe & Schwarz
Special Olympics Deutschland
- Advised the South African pharmaceutical company Aspen Pharma, Africa’s largest pharmaceutical corporation, on group data protection.
- Advised the international airline association IATA on cross-border data transfer.
- Advised the US software provider Coupa Software Inc. on data protection nd cloud computing products in Germany.
After Heuking Kühn Lüer Wojtek over the last few years was able to gain data protection expertise with lateral hires such as practice head Thomas Jansen (2017) and Hans Markus Wulf (2018) from DLA Piper and SKW Schwarz Rechtsanwälte respectively, in 2019 the practice was ready to significantly expand its coverage. New clients – from domestic public entities to international companies – enabled the team's access to new types of projects, which, for instance, involved data transfer between governmental bodies and private actors as well as product advice and order processing agreements. The seven partner strong team that constitutes the firm's data protection task force sits within the larger IP, media and technology group.
Thomas Jansen; Philip Kempermann
Other key lawyers:
Hans Markus Wulf; Britta Hinzpeter
‘When working together with Heuking Kuhn’s data protection team profitability is always guaranteed. The lawyers deliver quick and practical results and are moreover very pleasant conversational and business partners.’
Bundesamt für Sicherheit in der Informationstechnologie (BSI)
EDEKA DIGITAL GmbH
Heinrich Hugendubel GmbH & Co. KG
meetyoo conferencing GmbH
Messer Group GmbH
Netigate Deutschland GmbH
Santander Consumer Bank AG
- Advised the German Federal Office for Information Security (BSI) in connection with the audit of the data protection limitations of the transfer of IT security-relevant information with 18 other governmental bodies and various private entities.
- Provided data protection advice to an IT subsidiary of the EDEKA corporation in connection with the implementation of the GDPR in the company under consideration of groupwide aspects and the drafting of company agreements.
- Provided comprehensive data protection advice to Graphika Inc., particularly product and solution-related advice in order to achieve a GDPR certification.
After the renowned data protection expert Tim Wybitul left for Latham & Watkins LLP in 2018, Hogan Lovells International LLP's data protection practice also lost Nils Rauer and senior associate Ruth Maria Bousonville to Pinsent Masons Germany LLP at the start of 2019. The team is now led by Burkhardt Goebel, Morten Petersenn and Andreas Bothe, who are responsible for the larger IP group. The departures were also met with the partner promotions of Martin Pflüger in Munich and Christian Tinnefeld in Hamburg. The newly formed practice now focuses on advising the telecoms, pharma, medical products, automotive and consumer goods sectors on GDPR implementation projects, the use of personal data and the data protection compliant drafting of IT contracts. Noteworthy is also the Hogan Lovells Data Breach Assessor, the firm's internal legal tech tool, which assists the decision-making process in the case of data breaches.
- Provided Daimler with IT, IP and data protection advice in connection with the establishment of a joint venture with BMW for the pooling of the global mobility services of both automotive corporations.
- Advised a German automotive manufactuer in the context of the data protection assessment of the use of video recordings for the purpose of developing highly automated driving functions.
- Provided data protection advice to a leading US investment bank in connection with the establishment and further development of a new website for the offer and distribution of structured products.
Traditionally known for its engagement in IP topics KNPZ Rechtsanwälte's practice is gaining increasing visibility in the data protection segment. The firm owes its growing reputation in part to its representation of the transport company Üstra againt Lower Saxony's data protection officer. The case, which concerns video surveillance on public transport services, was handled by Kai-Uwe Plath and Jan-Michael Grages.
Luther Rechtsanwaltsgesellschaft mbH
Luther Rechtsanwaltsgesellschaft mbH provides tailored data protection advice for the mid-sized sector. Recently the team was particularly busy advising on the establishment of data protection management systems. Through the use of external providers the firm was able supply companies in the finance, telecoms, energy and consumer goods industries with digital solutions for the protection of privacy. Clients in the healthcare and retail sectors also generated data protection projects for the firm. Wulff-Axel Schmidt in Frankfurt heads the entire IP and IT practice, but Michael Rath and the team in Cologne handle the bulk of data protection matters. Silvia Bauer conducts data protection audits and acts as external data protection officer.
‘Great legal knowledge, good bench strength and quick reaction times.’
‘Great expertise, efficient, solution-oriented.’
arvato Systems / Bertelsmann
Bundesministerium für Verkehr und digitale Infrastruktur (BMVI)
Procter & Gamble
- Provided data protection advice to Deutsche Telekom in a series of large strategic and international projects.
- Provided EDEKA Minden-Hannover IT-Service GmbH with data protection advice regarding the drafting of a supplier and operating agreement for hardware and software with Pentland Firth Software GmbH for the establishment of the digital shopping cart Easy Shopper.
- Advised E.ON SE on the implementation of the GDPR.
Pinsent Masons Germany LLP
Pinsent Masons Germany LLP's IT and data protection team is continuing to grow and was able to again expand its team in the course of the opening of its new Frankfurt office: Partner Nils Rauer and legal director Ruth Maria Bousonville joined from Hogan Lovells International LLP at the start of 2019 and strengthened the practice surrounding Stephan Appt, who remains based in Munich. The team predominantly covers data protection issues in the energy and automotive sector. For compliance matters the firm puts to use a tailor-made legal tech solution for data protection audits in the energy sector. Particularly advice on data protection breaches and cyber attacks are drivers of growth for the practice.
Other key lawyers:
Florian von Baum; Kirsten Wolgast; Nils Rause; Ruth Maria Bousonville
Anbieter eines cloudbasierten Videoerstellungsdienstes
Neovasc Tiara Inc.
Bundesverband der electronic cash – Netzbetreiber (BecN) e.V.
CarBlock Foundation Ltd
Evidensia Deutschland GmbH
Honda Motor Europe Limited
Mitsubishi Corporation (Through Secured By Design Ltd.)
- Advised and represented a US client, a provider of cloud-based video creation services, in front of German regulatory authorities following a cyber attack in the US, which affected the data of users in Germany.
- Advised a provider of a new operator model for radiology regarding the data protection conformity of the use of public and US cloud solutions.
- Advised a digitalisation company on the development of new products for the digitalisation of the process insdustry.
Over recent years Reed Smith was able to put together a team of 'proven experts' in technology, IT and data protection matters. The practice surrounds the prominent partners Andreas Splittgerber, Philipp Süss and Thomas Fischl. Start-ups make up a significant part of the client portfolio, including companies from outside the EU and internet platforms in areas such as mobility and banking. Advice on data protection breaches, GDPR projects and the drafting of contracts constitute the firm's daily business.
Allianz Arena München Stadion GmbH
Cayman Islands Department of Tourism
FC Bayern München AG
FC Bayern München Basketball GmbH
FC Bayern München Digital & Media Lab AG & Co. KG
Matthews International Corporation
Sourcepoint Technologies, Inc.
Allen & Overy LLP
Allen & Overy LLP's data protection practice originated in the year 2015 within the context of the firm's employee protection and HR compliance practice but today covers a much broader spectrum of data protection advice. Besides handling regulatory data protection issues the team also advises on data protection due diligence and in connection with areas such as fintech, insurtech and digital transformation. Former key figure Tobias Neufeld left the firm in autumn 2018 and established in his own entity neufeld Recht at the start of 2019, but with the arrival of Ulrich Baumgartner from Osborne Clarke in August 2019 the practice subsequently managed to gain a renowned and experienced data protection expert. He collaborates closely with tech practice head Jens Matthes.
Other key lawyers:
In accordance with the firm's general focus Ashurst LLP's data protection practice is shaped predominantly by transaction-related advice. Banks make up the majority of the client base which also includes other international companies. Andreas Mauroschat and his team concentrate in particular on issues such as data processing, GDPR implementation and international data transfers.
Graf von Westphalen
Graf von Westphalen's SME-oriented data protection team is 'pragmatic and extremely competent' and 'combines legal know-how with commercial thinking'. Practice head Stephan Menzemer has 'deep market insights and special expertise' in digitalisation and data protection matters, which he and his team handle at the intersection of various areas such as public law, banking and finance, and healthcare. The firm also increasingly acts as external data protection officer.
‘Wide range of expertise, diverse approaches, good communication and ability to handle complex matters in such a way that solutions can be found.’
‘The successful and trustworthy work with this firm is characterised particularly by competency, speed and reliability.’
3F Management GmbH
Asseco Solutions AG
Axivas Deutschland GmbH
Blue Mesa Health, Inc.
Celanese Europe B.V. /Celanese Services Germany GmbH
Cognizant Technology Solutions GmbH
dbb beamtenbund und tarifunion
get energy GmbH
GEWOFAG Holding GmbH
ÖRAG Rechtsschutz Versicherungs-Aktiengesellschaft
Scienta Omicron GmbH
Stiftung Kunstsammlung Nordrhein-Westfalen
TLG IMMOBILIEN AG
Universitätsklinikum Düsseldorf AöR
VDMA Verband Deutscher Machinen und Anlagenbau e.V.
- Provided comprehensive advice to Asseco Solutions AG (in Germany, Austria and Switzerland), the standard software manufacturer with more than 1500 company clients in Germany alone, on all IT and data protection matters.
- Advised Blue Mesa Health, Inc. on various matters including the development, licensing and distribution of ChatBots, which enable Blue Mesa’s clients the automated request of client and health data.
Morrison & Foerster LLP
Lokke Moerel and Hanno Timner head the data protection practice at Morrison & Foerster LLP, which historically originated as reaction to the increased data protection-related requirements of the firm's traditional media clients. The firm continues to meet the needs of music platforms, video streaming providers and companies in the film industry, but today an increased number of clients in the e-commerce area and tourism sector as well as recruitment agencies and large US and Asian corporations also seek the firm's advice on GDPR compliance and cyber security. Additionally noteworthy is Moerel's development of binding corporate rules for cross-border data transfers within a group of companies, a concept which was incorporated into the GDPR.
Lokke Moerel; Hanno Timner
American Academy Berlin GmbH
DocuSign, Inc., USA
Europäische Niederlassung einer globalen Payment-Service-Anbieters
Twitch Interactive, Inc.
- Provided comprehensive advice to United Internet (1&1, WEB.DE, GMX) on data protection aspects of the marketing concepts and log-in alliance with ProSiebenSat.1 and RTL.
- Provided continuous advice to an online music service on data protection, particularly regarding requests for information by users, dealing with data protection authorities and corporate restructuring.
- Continously acted for one of largest global hotel chains in all matters of German, European and global data protection law.
At the end of 2018 Norton Rose Fulbright's IT and data protection team underwent some structural changes: The group now sits within the firm's global practice that covers IP and IT issues combined. In the data protection area the team focuses especially on GDPR and global data protection breaches. The firm's work in the insurance sector is particularly successful. The key figures of the German team are Christoph Ritzer in Frankfurt and Jamie Nowak in Munich, who is responsible for the technology and innovation segment.
Christoph Ritzer; Jamie Nowak
‘Quick and pragmatic suggested solutions and good availability.’
‘Reliable advice with customised proposed solutions.’
Mitsubishi Electric Corporation (MELCO)
Mitsubishi Electric Europe (MEU)
AIG Europe Limited
- Advised AIG on an internationally coordinated service for the reaction to data breaches.
- Provided Bayerische Motoren Werke AG with data protection advice in connection with the merger of the mobility services of BMW and Daimler in 18 countries.
- Assisted the UK data protection teams with advice for Mitsubishi Electric Corporation (MELCO) and Mitsubishi Electric Europe (MEU) on various global projects for MELCO in connection with the export of personal data of multiple MELCO companies in EEA countries.
Orrick, Herrington & Sutcliffe LLP's small data protection team surrounding key figure Christian Schröder entered the firm's newly founded global practice group Cyber, Privacy and Data Innovation in 2018. Consequently, with the 'unique' support of the firm's international offices, including London, Seattle and Washington D.C., clients benefit from the seamless coordination of their frequently international data protection matters. The practice focuses in particular on topics such as international data transfers, data protection compliance and whistle-blowing.
‘Outstanding combination of very solid legal knowledge and broad experience. Very high availability and quick solutions.’
W.W. Grainger/Zoro Tools
- Advised Carnival Corporation, the largest cruise company worldwide, on global data protection matters.
- Advised Flexera Software on global GDPR compliance and the takeover and integration of the Brainware group.
- Advised W.W. Grainger / Zoro Tools on data protection issues, particularly regarding the GDPR.
SCHÜRMANN ROSENTHAL DREYER
Boutique SCHÜRMANN ROSENTHAL DREYER's 'comprehensive and highly qualified' advice focuses on the development and introduction of digital business models and associated data protection concerns. Traditionally the group provides advice on e-commerce projects, but increasingly it is also active in the pharma and healthcare sector, where profiling and loyalty systems cause questions surrounding the management of personal data. Kathrin Schürmann, who is considered 'experienced and well versed' in data protection matters, heads the practice together with Simone Rosenthal.
Kathrin Schürmann; Simone Rosenthal
Other key lawyers:
Deutschland Card GmbH (Bertelsmann)
HD Plus GmbH
INTERSPORT Deutschland eG
Westdeutsche Lotterie GmbH & Co. OHG
Takeda Pharma Vertrieb GmbH & Co. KG
sociomantic labs GmbH
- Advised Deutschland Card GmbH (Bertelsmann) on new legal text for participants of the customer loyalty programme and consent agreements.
- Advised Westdeutsche Lotterie GmbH & Co. OHG on GDPR implementation.
- Advised Takeda Pharma Vertrieb GmbH & Co. KG on the development of a digital healthcare solution.
Covington's IT group also demonstrates significant activity in data protection matters. The firm delivers 'efficient and practical' GDPR advice in connection with compliance and data protection breaches but also in litigation and international data protection challenges (in particular in the US and Chinese context). The team also often acts at the intersection with the life sciences area (in relation to the growth sector digital health) and employment law. Lars Lensdorf and the 'extremely skillful' Moritz Hüsch are the key contacts.
‘Large network and great expertise in several areas of law including the technical aspects of data protection.’
‘Moritz Hüsch displays a focused approach and great competence.’
DSK Hyp AG (früher SEB AG)
- Data protection-related weak point analyses for multiple companies, including Merck, Shire, AstraZeneca and Eli Lilly, Microsoft, Viacom; the planning and implementation of corrective measures.
- Advised DARZ GmbH (a high-security data centre) on several IT and data protection matters and the negotiation of partner contracts, distribution agreements and client contracts.
- Advised Fiplan GmbH on a cooperation agreement with Hexaware regarding the provision and implementation of software at Dubai airport for the collection of flight data, flight-related passenger numbers and passenger details.
Greenberg Traurig Germany's data protection practice can historically be traced back to the firm's data protection advice in the media sector. By now the client base is much more diverse and the firm has a dedicated Data, Privacy and Cybersecurity group, which is co-led by Viola Bensinger both at the domestic and global level. The team consequently not only advises large US and European media companies but also fitness, IT and real estate companies. Contentwise the advice focuses on GDPR, compliance issues and increasingly on fine proceedings and matters in connection with the planned e-privacy regulation. Noteworthy is furthermore the firm's activity in data protection issues specifically related to the car toll.
Other key lawyers:
‘Practical and quick advice at a perfect price.’
Bundesministerium für Verkehr und digitale Infrastruktur
PayPal (Europe) S.à r.l. et Cie.
Athletes’ Performance (EXOS)
Multi Corporation B.V.
- Advised the Federal Ministry of Transport and Digital Infrastructure on data protection aspects in connection with the preparation and implementation of procurement procedures for the introduction of the collection system for infrastructure charges.
- Advised the multinational operator of shopping centres Multi Corporation B.V. on various data protection matters, particularly the organisation of business processes in accordance with GDPR requirements.
- Advised EXOS, a US fitness company, on the collection and use of health and other data and international data transfer.
Oppenhoff & Partner's data protection practice, which is part of the firm's IT group, was able to grow significantly, also at a team level: In September 2018 Angela Busche joined from her previous in-house role at Thyssenkrupp and brought expertise in data protection challenges in connection with employee, client and patient data. Under Jürgen Hartung and Marc Hilber's lead the firm advises software, e-commerce and energy companies as well as insurers and banks on the GDPR, data protection audits and reviews and international data transfers.
Jürgen Hartung; Marc Hilber
Other key lawyers:
‘The results of queries are well articulated.’
‘Marc Hilber is always approachable, client-oriented and solution-oriented. Very strong negotiation skills.’
Deutsche Post AG
UNION Tank Eckstein GmbH & Co KG
- Advised Audemars Piguet on GDPR implementation.
- Advised Deutsche Post AG on the handover of its SIMSme business to Brabbler Secure Message and Data Exchange Aktiengesellschaft (a start-up).
- Advised UNION Tank Eckstein GmbH & Co KG (UTA) on group data protection, including the drafting of a intra-group data processing framework argeement.