Rising Stars

Firms To Watch: Data protection

Gleiss Lutz strengthened its IP technology capacities and comprehensively covers all aspects of data law thanks to the full-service appoach.
IT and data protection boutique PLANIT//LEGAL Rechtsanwaltsgesellschaft mbH advises corporations as well as start-ups on compliance and data protection management.

Data protection in Germany

Baker McKenzie

Baker McKenzie is among the leading addresses in data protection law and well-known for its cross-border capacities. The client roster includes companies from the pharmaceuticals, automotive, software and financial sectors; the first two areas are a key focus of Florian Tannen. Patrick Wilkening (previously at Hengeler Mueller) joined the team in October 2022 and specialises in IT law in connection with transactions, outsourcing and joint ventures. The team is jointly led by the renowned data protection expert Michael Schmidl, who frequently acts at the interface with employment law, and Michaela Nebel, who is experienced in contentious matters and proceedings before relevant supervisory authorities. Former co-head Holger Lutz (outsourcing, hardware and software contracts) joined Clifford Chance in June 2023.

Practice head(s):

Michael Schmidl; Michaela Nebel

Work highlights

Bird & Bird

Jointly led by Fabian Niemann and Lennart Schüßler, Bird & Bird advises national and global companies across all sectors, including the healthcare sector, on data protection law. Another key topic is the advice on European data protection, where the team recently advised on international data transfers and the introduction of new software as well as compliance and and data analytics. IT law expert Simon Assion is also part of the core team.

Practice head(s):

Fabian Niemann; Lennart Schüßler

Other key lawyers:

Henriette Picot; Simon Assion; Jörg-Alexander Paul; Miriam Ballhausen


‘The practice combines a high level of data protection knowledge with knowledge of our business model and develops practical solutions. Communication with our business areas works very well, something that other law firms often find difficult.’

‘Bird & Bird stands out for its unparalleled expertise and customer-focused approach.’

‘Their outstanding expertise is characterized by practical solutions and clear communication.’

Work highlights


CMS is experienced in traditional IT matters and offers additional expertise in compliance, digitisation, outsourcing as well as business process outsourcing (BPOs) and clients’ representation before the authorities. Thanks to the integration into the firm’s global network, the team is increasingly active in international data protection advice to clients from the e-commerce, platforms, technology, digital and life sciences sectors. The incident management support in connection with possible data breaches constitutes another mainstay, where the practice comprehensively covers all relevant aspects. The team is led by technology law expert Markus Häuser, who is well versed in digital business models and transactions. Frederik Leenen focuses exclusively on legaltech and made partner in July 2022.

Practice head(s):

Markus Häuser


‘Good coordination of the topics with each other, good balance in the context of partner/associate mix, very good distribution of knowledge.’

‘Targeted information and answers to questions about IT/data protection.’

‘High professional competence, quick processing of mandates, easy to reach.’

Work highlights

DLA Piper

DLA Piper's team assists clients with GDPR compliance programs, proceedings before the supervisory authorities and AI projects. Among the recent instructions is the support in data protection projects in the automotive sector. Stefan Engels (IP, media law) heads the group and is experienced in the data protection-compliant design of digital marketplaces, while Verena Grentzenberg is regularly instructed by clients from the media, retail and finance sectors in connection with new digital business models.

Practice head(s):

Stefan Engels

Other key lawyers:

Jan Pohle; Verena Grentzenberg; Jan Geert Meents


‘Informed and pragmatic data protection advice. Sound understanding of technical systems.’

‘Jan Pohle is a very good lawyer in every respect, who is both suitable for advising a board of directors and a very good negotiator. He keeps his calm even in the most difficult situations.’

Key clients

ResMed Inc



Work highlights

  • Advising a German manufacturer of premium vehicles on data (protection) law during its transformation into a digital group; Advice on the development of digital sales models, autonomous driving and the introduction of new digital technologies.

  • Advising the British international market research and analysis technology group YouGov on the acquisition of the European consumer panel business of the German GfK SE for a purchase price of €315 million.

  • Supporting an international group of IT consulting companies in the data protection compliance audit of all processes of the largest EU group companies in preparation for an application for Binding Corporate Rules (Controller and Processor).

Latham & Watkins LLP

Latham & Watkins LLP's data protection practice is among the top German players for data privacy litigation, which the team routinely demonstrates in major disputes as well as fines and civil proceedings, including GDPR fines, before the ECJ. Tim Wybitul is a key contact here, he is among Germany's leading data protection experts. Further focus areas include the advice on transactions, financing and IPOs as well as the support to companies in connection with possible data breaches and subsequent official proceedings. The practice routinely cooperates with locations in the US, the United Kingdom, France, Hong Kong, Singapore and Korea, thereby covering cross-border matters. This expertise is a strength of Ulrich Wuermeling, who advises on European, English and German data protection law.

Practice head(s):

Tim Wybitul

Key clients

Deutsche Wohnen SE

Volkswagen AG

Mastercard Europe SA


Advent International Corporation

Partners Group


Work highlights

  • Defense of Deutsche Wohnen SE before the ECJ in connection with the highest GDPR fine to date in Germany and relevant legal issues, in particular the liability of companies for data protection fines.

  • Successful defense of Volkswagen AG in data protection investigations regarding the use of camera systems during test driving with a significant fine reduction to €1.1 million.

  • Representation of SCHUFA Holding AG in data protection proceedings in all instances, including the European Court of Justice.


Noerr comprehensively covers data protection law thanks to cross-practice cooperation with the litigation, regulatory, compliance and cyber risks teams. The team focuses on data breach management and data protection litigation (Sebastian Dienst is a key contact for both areas), including the support and representation in administrative, fine and court proceedings. The practice’s GDPR advice covers the implementation of sustainable data protection compliance systems and data protection governance structures. IT law and data protection expert Daniel Rücker heads the team, which was recently increasingly active at international level in expanding relationships with Chinese companies and law firms. Pascal Schumacher primarily acts across regulated industries and made partner in January 2024.

Practice head(s):

Daniel Rücker


‘Dr. Daniel Rücker: Strategically far-sighted, top notch professionally and very nice.’

‘The team around Pascal Schumacher is characterized by excellent knowledge and expertise in IT and data protection law and in related legal areas. It is very responsive, delivers reliably high quality and works in a very structured and solution-oriented manner, even in challenging situations.’

‘Pascal Schumacher is an excellent legal advisor in every respect, absolutely familiar with the subject matter, has many years of experience (including dealing with the authorities) and has the ability to provide his clients with clear guidance and professional expertise in a goal-oriented manner, even in complex situations. He manages to make difficult things look easy.’

‘Pascal Schumacher is a top lawyer for digital companies because he not only understands his subject, but also the technology behind it.’

‘Noerr is characterized by “top-notch” lawyers. Hand-picked lawyers with the finest rhetoric, fast, friendly, forward-thinking, innovative. Simply outstanding and unique. A real added value!’

‘Dr. Daniel Rücker: An excellent and at the same time likeable lawyer. Solution-oriented, forward-thinking, cross-thinking, business-oriented, very responsive, technically brilliant. It’s fun to work with Daniel on data protection issues. A multi-talent!’

‘Excellent service. Helpful tools in IT/data protection law enable the efficient/quick creation of useful end products.’

Key clients



Hertha BSC

Domino’s Pizza Deutschland

Best Secret Group


McDonald’s Deutschland



Work highlights

  • Advising and representing Amazon in an administrative proceeding involving business-critical systems and processes for controlling logistics centers.

  • Ongoing advice to the Alibaba Group on IT and data protection issues.

Taylor Wessing

Taylor Wessing‘s data protection and cyber security expertise is regularly called upon by international and national companies from various sectors as well as public sector clients. The team is particularly well versed in the automotive and healthcare sectors, where the team respectively advises on e-mobility, autonomous driving and cyber security matters as well as data collection, the development of data structures and cloud applications. The practice acts from five German locations and assists with the transformation of digital and global business models and the development of new products. Mareike Gehrmann routinely covers data protection and cyber security issues in connection with digitisation projects; she made partner in April 2023. Malek Barudi (data protection, IP and e-commerce) made partner at the same time. The team also represents clients in contentious proceedings, here, practice head Paul Voigt is regularly instructed by online gaming providers.

Practice head(s):

Paul Voigt


‘TW is a very strong team (both professionally and personnel-wise) in the area of ​​data protection and IT law. In addition to the legal expertise, there is in-depth and specific industry knowledge.’

‘The partners are very practice-oriented. TW is very well connected and, in addition to specific mandates, is always a good sparring partner.’

‘Very responsive, dynamic and always creative solutions.’

‘Paul Voigt has enormous legal knowledge and understanding of data protection law. He is always able to find pragmatic and creative solutions.’

Very fast response times; clear initial assessments that are sound; very good expertise .’

Key clients



Momenta Europe



Vodafone GmbH


Work highlights

  • Representation of Google in various proceedings in all instances (including BGH, BVerfG and ECJ) on the question of the liability of service providers for third-party legal violations with regard to various services.

  • Ongoing advice to Novartis on data protection issues related to operations, including healthcare, IT and CRM systems; also carrying out studies and data collection.

Hogan Lovells International LLP

Hogan Lovells International LLP is experiened in cross-border project support and focuses on AI-related matters, here,  Martin Pflüger and Marcus Schreibauer are key contacts, as well as cyber security, including clients' representation in proceedings before the supervisory authorities and in civil proceedings, digital healthcare (including healthcare apps and patient data protection) and the European Data Strategy. The experience in the healthcare and life sciences sectors is complemented with relevant industry expertise in the finance, insurance, automotive and technology segments. The advice on contentious matters and compliance is a key strength of Christian Tinnefeld, while Stefan Schuppert focuses on data protection, IP and contract law.

Key clients


Boston Consulting Group

Brainloop AG


Cofinity X Joint Venture


Daiichi Sankyo Europe GmbH


Fresenius Medical Care AG & Co. KGaA




LEGO System A/S

MorphoSys AG

Munich Re

Novartis AG


Pfizer Pharma GmbH

Roche Diagnostics

UniCredit Bank AG

Work highlights

  • Multi-jurisdictional advice to the Eberspächer Group regarding a cyber incident.

  • Advising BMW and Mercedes-Benz on the sale of Share Now to Stellantis.

  • Advising UniCredit Bank AG on an agreement to sell a portfolio of German corporate and SME loans to non-recourse funds managed by LCM Partners.

Luther Rechtsanwaltsgesellschaft mbH

Luther Rechtsanwaltsgesellschaft mbH's team is led by Wulff-Axel Schmidt and advises companies, start-ups and public institutions on the use of data to train AI, international data transfers and digital business models. Stefanie Hellmich routinely assists with the implementation of the EU General Data Protection Regulation and data protection compliance. The team is experienced in the healthcare sector and advises on cloud-related matters, the use of patient data and data protection measures. This is complemented by relevant expertise in litigation, including proceedings before the data protection supervisory authorities and in connection with the enforcement of claims.

Practice head(s):

Wulff-Axel Schmidt


‘We switched to Luther/Ms. Silvia Bauer from the Cologne office several years ago for advice on IT and data protection matters because we prefer pragmatic solutions.’

‘Ms Silvia Bauer explains complex data protection issues in a way that even laypeople can understand – this also applies to technical/IT problems.’

Key clients

Charité – Universitätsmedizin Berlin

Ashfield Healthcare GmbH

DKMS gemeinnützige GmbH

Deutsche Telekom GmbH

Volkswagen Financial Services

Evonik Industries AG



Reemtsma Cigarettenfabriken GmbH


Metro AG


Peek & Cloppenburg KG Hamburg

Clariant Produkte (Deutschland) GmbH

Work highlights

  • Advising the Charité Universitätsmedizin Berlin as the NUM’s coordination point in the first and second funding phases on the development of a tailor-made referral agreement and on the creation of cooperation agreements with a focus on data protection law, among other things.

  • Advising the Ashfield Group on all data protection issues relating to the processing of data as part of patient programs for pharmaceutical companies, national and international healthcare professional programs as well as the implementation of data protection compliance in the pharmaceutical sector.

  • Advising Volkswagen Financial Services AG on data protection law in the context of various projects and in the implementation of a major international data protection project with audits in 16 European jurisdictions.

SKW Schwarz

SKW Schwarz focuses on data protection and cyber security and is well versed in the healthcare sector, where the team assists hospital management companies with operational data protection matters. A growth area is the support for providers and customers of SaaS solutions in connection with the contractual implementation of cloud-based business models. The team is led by Daniel Meßmer (implementation of software and cloud-based business models) and also advises on issues pertaining to mobility, AI and e-sports. Franziska Ladiges made partner in January 2023 and specialises in advising companies on the implementation of data protection compliance.

Practice head(s):

Daniel Meßmer

Key clients

Microsoft Deutschland GmbH

E.ON Energie Deutschland GmbH

Work highlights

  • Comprehensive operational advice to Asklepios Kliniken on data protection in close coordination with the corporate headquarters. Advice on operational data protection covers all questions about data protection, employee data protection, data protection of patient data and covid protection measures.

  • Data protection advice and contract drafting for Münchner Verkehrs- und Tarifverbund GmbH in connection with online ticketing and pilot projects.

  • Comprehensive advice to Röhn Klinikum AG on operational data protection, in particular all issues related to general data protection, employee data protection, data protection of patient data and covid protection measures.


WilmerHale is well-know for supporting the technology company Meta, which is regularly demonstrated in numerous major proceedings before the ECJ, the European Data Protection Board and national authorities. The team frequently cooperates with the Brussels location in connection with EU-related matters. Further key areas include the advice on contentious data protection matters, the structuring of international data transfers as well as data breach response and IT law. The latter is a focus of practice head Martin Braun, who is additionally well versed in the ​​social media segment.

Practice head(s):

Martin Braun

Key clients

Meta Platforms Ireland Limited

WhatsApp Ireland Limited

Work highlights

  • Advice to Meta Platforms Ireland Limited on data protection and European law aspects in the German Federal Cartel Office’s proceedings regarding the merging of user data, which, after stints at the Düsseldorf Higher Regional Court and the Federal Court of Justice, is currently being submitted to the ECJ (C-252/21).

  • Advice to Meta Platforms Ireland Limited on the submission procedure to the ECJ in the AppCenter proceedings regarding the right of consumer protection associations to bring legal action in the event of data protection violations.

  • Advice to Meta Platforms Ireland Limited  on various annulment actions against decisions of the European Data Protection Board.


ADVANT Beiten stands out thanks to the close cooperation of the IT and media practices. This expertise benefits clients from the gaming, finance and healthcare sectors. The client portfolio includes companies as well as public sector players, which the team advises on risk management, contract design, digitisation projects and compliance. The latter is a key competence of Susanne Klein, who made partner in November 2022. The partner roster was further strengthened with the addition of Birgit Münchbach (August 2022, previously at Friedrich Graf von Westphalen & Partner) and Ariane Loof (October 2022, formerly KPMG Law in Germany). While Münchbach focuses on digital business models and cloud solutions, Loof acts at the interface between data protection and employment law. Practice head Andreas Lober is well versed in litigation and clients' representation before the supervisory authorities.

Practice head(s):

Andreas Lober


‘Knowledge of the industry and data protection and data processing needs.’

‘Susanne Klein is always well informed and up to date. Fast, reliable and easy to implement work results. Practically oriented.’

‘The law firm works very precisely and always adheres to specified (even very tight) deadlines. We can always rely on the ADVANT BEITEN team and really enjoy working with them.’

Key clients

Areas Deutschland Holding GmbH

Deutsch-Amerikanische Fulbright-Kommission

finstreet GmbH


Freistaat Sachsen (Staatsbetrieb Sächsische Informatik Dienste) und Kommunale DatenNetz GmbH

Work highlights

  • Advising the German-American Fulbright commission on data protection law, initially in various procurement procedures, now in the role of external data protection officer.

  • Advising the Free State of Saxony (Staatsbetrieb Sächsische Informatik Dienste, SID) and Kommunale DatenNetz GmbH on the award of the design, construction and operation of the nationwide network for voice and data communication for the administration of the Free State of Saxony and the Saxon municipalities.

  • Ongoing data protection advice to Quantyoo GmbH & Co. KG on the implementation of a data-driven business model that also takes into account the basic data protection principles of privacy by design and privacy by default.

GvW Graf von Westphalen

GvW Graf von Westphalen's data protection practice primarily acts across the automotive, finance, public, insurance and healthcare sectors and advises companies, associations, NGOs and public institutions with a cross-practice approach. Practice head Stephan Menzemer also manages the firm's international desk and routinely covers cross-border matters, while Gudrun Hausner (outsourcing, cross-border data transfers) is based in Munich and made partner in January 2023. Thomas Schuster (interface between public law and IT/data protection law) joined Eichler Kern Klein Rechtsanwälte PartG mbB in December 2022.

Practice head(s):

Stephan Menzemer


‘Well-coordinated team, high level of professional competence, willingness and ability to think “out of the box” at any time. Very valuable as a sparring partner for the in-house colleagues.’

‘The team is always very reliable in communication, always up to date with the latest technologies, fast and to the point. The team has excellent accessibility and response times.’

‘Mr Stephan Menzemer is extremely reliable, eloquent and polite. He is always familiar with all current legal rulings and knows how to use and interpret them for our companies if necessary. Mr. Menzemer never loses track of the entire organization and knows how to apply his recommendations individually to our different GmbHs. He is forward-looking. He responds individually to the respective contacts in our company. He delivers on time, keeps to the deadlines. He is very responsive and will get back to us at short notice.’

Key clients


AEF Agricultural Industry Electronics Foundation e.V.

Biospring GmbH

E.M.P. Merchandising Handelsgesellschaft mbH

Etsy Inc.

Konecranes Gruppe

Kunstsammlung Nordrhein-Westfalen e. V.


Procter & Gamble

ratyonal GmbH

Simi Reality Motion Systems GmbH

SYNLAB International GmbH

VAG Verkehrsaktiengesellschaft Nürnberg AG


Work highlights


Heuking acts from five locations and comprehensively advises companies and public sector clients from various sectors on data protection issues. Thomas Jansen is well versed in the area of ​​autonomous driving, while Hans Markus Wulf focuses on international data transfers and cyber security. Philip Kempermann is experienced in the banking segement, which also includes contentious matters. Other key contacts are Michael Kuska, who covers issues pertaining to the healthcare and technology sectors, as well as Lutz Martin Keppeler, who made partner in January 2023 and frequently advises on novel technologies such as blockchain or metaverse; Keppler also covers cyber security matters.

Practice head(s):

Thomas Jansen; Hans Markus Wulf


‘Dr. Hans Markus Wulf: Very competent, fast and uncomplicated support in the analysis and further design of IT contracts.’

‘Very diverse, good team size, very good expertise.’

‘Philipp Kempermann: Very deep into the subject matter and an international thinker.’

Key clients

Aurubis AG


Certified Collectibles Group

EDEKA Digital GmbH

FTI Touristik


Ionos SE

Messer Group

Q-Park Operations Germany

Santander Bank

VDE e.V.

Verkehrsverbund Rhein Ruhr

Volkswagen Group Services

Work highlights

  • Supporting FTI Touristik GmbH in the development of a concept for an action plan as well as support in the introduction of a group-wide data protection management system and its implementation.

  • Advising GROHE AG on data protection law and supporting the centralization of IT services within the Japanese Lixil Group, which concerns, among other things, the relocation of data center services to Singapore as well as data protection documentation.

  • Advising Ionose SE on international data transfer, in particular on the US Cloud Act, the new EU digital law and the current legal requirements of public administration when using cloud services.

Jones Day

Jones Day offers advice and support in transactions, data breaches and cyber attacks, including related reporting obligations to authorities and those affected, as well as internal investigations. Martin Lotz is a key contact for the latter area, where he routinely cooperates with the compliance team. Other cross-practice capacities include the cooperation with the Munich-based life sciences team, such as the advice to pharmaceutical companies on data protection. The practice is led by the renowned data protection expert Undine von Diemar and primarily acts across the technology, life sciences and fintech sectors.

Practice head(s):

Undine von Diemar

Other key lawyers:

Martin Lotz


‘The team listens and understands their customers’ goals and constraints rather than applying a one-size-fits-all approach.’

‘Their listening skills are better than those of other law firms we work with, and they help develop strategies that are beneficial to each client’s unique situation.’

‘Undine von Diemar: She is top in her field and efficient, clever and experienced in collaboration. Clients value her clarity, calmness and extensive market knowledge.’

‘Undine von Diemar is a first-class data protection and data security lawyer. Undine is a great technical lawyer who is talented and very pragmatic. I really enjoyed working with her.’

Key clients

Internet Corporation of Names and Numbers|(ICANN)


Tikehau Capital



Experian Information Solutions, Inc.

IBM Corporation

Recorded Future


Thermo Fisher Scientific Inc.

WiseTech Global

Work highlights

  • Ongoing advice to ICANN in Germany, Europe and globally on all data protection requirements relevant to ICANN.

  • Ongoing comprehensive data protection advice to IBM Corporation.

  • Ongoing data protection advice to SAP SE.

Orrick, Herrington & Sutcliffe LLP

Orrick, Herrington & Sutcliffe LLP's team primarily advises technology companies on data protection compliance, the prevention of and response to cyber security breaches as well as licensing issues. Cross-border matters are also covered thanks to the international network. Practice head Christian Schröder is experienced in clients' representation before courts and EU authorities.

Practice head(s):

Christian Schröder

Other key lawyers:

Yumiko Olsen


‘The practice is very informed on current developments in the market; the advice is targeted and practical; They understand very well how to grasp even complex content and show great commitment even under time pressure.’

‘We have been working with Orrick in the area of ​​data protection and cybersecurity for several years now. In addition to its expertise in data protection and IT law, Orrick stands out for us through its excellent understanding of the needs and challenges of a global organization and the corresponding practical and pragmatic advice.’

‘Christian Schröder and his team always deliver reliable, quickly accessible and technically excellent results.’

‘Legally excellent, pragmatic and solution-oriented. Extremely short response times without sacrificing quality. A team that is great fun to work with, also on a personal level.’

‘Dr. Christian Schröder: Technically excellent, super networked, creative solutions.’

‘Their understanding of technology and industry, as well as their excellent legal knowledge and pragmatic advice, give them an exceptional advantage.’

Key clients

Carnival Corporation

CA Immo

Flexera Software


Work highlights

Pinsent Masons Rechtsanwälte Steuerberater Solicitors Partnerschaft mbB

Pinsent Masons Rechtsanwälte Steuerberater Solicitors Partnerschaft mbB's practice acts from three locations and is experienced in the technology, energy and automotive sectors. The latter is a particular focus of the Munich-based team, led by Stephan Appt, which advises on e-mobility, software and regulatory issues. Frankfurt-based Ruth Maria Bousonville covers the fintech sector and regularly assists with cross-border matters. In cooperation with the third location in Düsseldorf, which specialises in telecoms, the team follows a cross-location approach in advising on data protection, digital marketing and compliance issues.

Practice head(s):

Stephan Appt

Other key lawyers:

Ruth Maria Bousonville; Nils Rauer


‘Ruth-Maria Bousonville: Always pragmatic and to the point!’

‘I have been working with Stephan Appt for several years and am impressed by his competence, his entrepreneurial orientation and his pragmatic approach within the legal limits and requirements.’

Key clients

Honda Motor Europe Limited

Internationaler Bund e.V.


F24 AG


Daten-Kompetenzzentrum Städte und Regionen DKSR

Work highlights

  • Advising Honda Motor Europe Limited on EU data sharing requirements and developing a strategy to deal with the requirements of the EU Data Act.

  • Advising CycloMedia Deutschland GmbH on data protection issues.

  • Advising the US vehicle manufacturer Rivian on data protection and regulatory issues relating to market entry in Europe.

Reed Smith

Reed Smith advises US technology companies, digital platforms, European companies and start-ups on cyber security, risk management, compliance as well as transactions. Recent instructions include the advice on cookies and other matters pertaining to digital business models. Co-practice head Andreas Splittgerber (focus on new technologies such as Industry 4.0, IoT and AI) jointly leads the team with Thomas Fischl who regularly supports companies in the implementation of data protection compliance.

Other key lawyers:

Christian Leuthner


‘Reed Smith advises on data protection issues across the EU and globally as business needs span the globe.’

‘Reed Smith provides pragmatic advice that takes into account business constraints and resource limitations.’

“Reed Smith is technologically savvy and has been able to bring in technology experts who understand the complexities of a high-tech company to refine the data privacy advice.”

Key clients

Sphera Solutions Inc.


Matthews Inc.

FC Bayern München AG

Advanced Micro Devices Inc. (AMD)

Work highlights


SCHÜRMANN ROSENTHAL DREYER's data protection team recently increasingly assisted with contentious matters, including the support in official proceedings, the defence against fines as well as damages claims. The practice also advises on digitisation projects in the healthcare sector, regulatory matters pertaining to new technologies and data protection governance. Led by Kathrin Schürmann, Simone Rosenthal and Philipp Müller-Peltzer, the team primarily advises companies from the digital business, technology and media sectors and also covers interfacing matters, including IT, competition and telecommunications law.


‘The team consists of experts in the field of data protection and information technology. They are very familiar with e-commerce and are up-to-speed with the latest developments and trends.’

‘High quality advice with strong technical understanding.’

‘Philipp Müller-Peltzer: Very good, pragmatic and friendly advice and management of the rest of the team.’

Key clients

Robert Koch-Institut

gematik GmbH

DeutschlandCard GmbH (Bertelsmann)

C&A Mode GmbH & Co. KG

DeutschlandCard GmbH

Flughafen Berlin Brandenburg GmbH

Hypoport SE

heycar Group Germany

Zalando SE

Work highlights

  • Advising the Robert Koch Institute on various complex projects such as RKI Panel, Agora, digital COVID certificates / CovPass app and CovPassCheck app, data donation app, German Electronic Reporting and Information System for Infection Protection (DEMIS) and various studies.

  • Advising gematik GmbH on various IT and data protection issues that arise in connection with gematik’s tasks listed in Section 311 SGB V.

  • Ongoing advice to DeutschlandCard GmbH on data protection issues.

White & Case LLP

White & Case LLP acts across the social media, energy, automotive and technology sectors with a cross-practice approach and advises corporations, banks and fintech companies on all aspects of German and European data protection law, including data transfers, the establishment of digital platforms and cyber security matters. This is complemented by experience in clients' representation in litigation. The team is led by Detlev Gabel (data protection law, technology law).

Practice head(s):

Detlev Gabel

Other key lawyers:

Martin Munz; Sylvia Lorenz

Work highlights

  • Representing Meta in international privacy and data protection matters; also support in compliance with data protection requirements around the world.

  • Supporting a German subsidiary of a US/Canadian company in dealing with a ransom cyberattack from a data protection and cyber security perspective.

  • Advising Zalando on the acquisition of the majority stake in Highsnobiety. One of the focuses was on data protection law.

Clyde & Co LLP

Clyde & Co LLP's practice is experienced in digitisation matters as well as fine proceedings in connection with damages claims. The team, led by Jan Spittka, focuses on the insurance sector thanks to the firm's overall competencies. This interface expertise was further strengthend with the appointment of Paul Malek (cyber insurance and cyber risk issues) to partner in May 2023.

Practice head(s):

Jan Spittka

Other key lawyers:

Paul Malek; Florian Emmerich

Key clients


Work highlights

  • Advising and defending an Austrian industrial group in connection with a hacker attack.

  • Advice to an international platform in the healthcare sector on various data protection issues as well as communication with authorities.

  • Ongoing advice to various insurance companies on data protection issues, especially on digitalization projects.

Covington & Burling LLP

Covington & Burling LLP offers expertise at the interface between IT and life sciences and handles various related issues pertaining to data protection and regulatory law, such as digital healthcare matters. A further focus is on the automotive industry, where the team around Lars Lensdorf and Moritz Hüsch advises on projects in connection with ​​autonomous driving.

Practice head(s):

Lars Lensdorf; Moritz Hüsch

Key clients

GEA Group

Einkaufsbüro Deutscher Eisenhändler, E/D/E


Work highlights

  • Advising METRO AG on IT and data protection issues.

  • Advising a US manufacturer of medical devices on data protection, regulatory and contractual law on the Europe-wide introduction of an app that is connected to the manufacturer’s medical device.

  • Advising a German gaming software company on all data protection issues.

Eversheds Sutherland

Eversheds Sutherland offers clients from the life sciences, technology, aviation and automotive sectors a full-service approach thanks to the international network and close cross-practice cooperation. The team is well versed in advising on employee data protection and compliance, particularly in the context of product design. Another mainstay is the support in disputes before the relevant authorities. Practice head and managing partner Alexander Niethammer demonstrates his data protection and IT law expertise in the transactional context. Lutz Schreiber (IT, data protection, outsourcing) joined YPOG in August 2022.

Practice head(s):

Alexander Niethammer


‘Very good, hard-working and motivated team during the project phase to achieve the common goal.’

‘The team has excellent knowledge and experience and is very adept at translating this legal knowledge and experience into pragmatic advice, recommendations and solutions.’

‘Nils Müller is great to work with – knowledgeable, solution-oriented, great at translating technical legal issues into practice.’

Key clients

adidas AG

Bourns, Inc.

Command Alkon


Edwards Lifesciences

Kodak Alaris

Odeon Cinemas



Rolls Royce

Special Olympics


Turkish Airlines

Work highlights

  • Ongoing advice to CyrusOne Inc., which specializes in data centers and is listed on the stock exchange, on all contractual matters as well as with regard to current data protection and IT security requirements for data center operators.

Morrison Foerster

Morrison Foerster advises large German and international companies on GDPR compliance and data protection breaches as well as on data protection in the healthcare sector. A traditional focus remains on the representation of corporations in high-volume fine proceedings. Thanks to his employment law expertise, practice head Hanno Timner also assists in works council negotiations with the introduction of new IT systems, such as whistleblower systems.

Practice head(s):

Hanno Timner

Other key lawyers:

Philip Radlanski


‘Very extensive expertise in the area of ​​data protection, especially in the area of ​​consent management and related topics.’

‘Proactive approach in collaboration: active references to current developments in the area of ​​data protection, relevant court rulings, statements from data protection authorities.’

‘Very easy to contact, even well beyond “normal” working hours. The results delivered are of a very high quality- linguistically very clear and formally sophisticated communication – generally very solution-oriented rather than problem-oriented approach.’

‘The law firm is able to handle legal issues in an international context and in English. Since the law firm covers various topics, it offers a good interdisciplinary offering. The partners can be contacted quickly at any time and are always present.’

‘Hanno Timner can be contacted at any time, his statements are clear and very understandable, and he is extremely reliable and competent.’

‘Broad range, excellent specialist knowledge and pragmatic solution finding.’

‘Hanno Timner: Ideal partner for the issues for which we need support. Reliable partner and great responsiveness. Ideal responsiveness and all concerns are resolved to our complete satisfaction.’

‘The team is well staffed and the size ensures a good relationship with the lawyers.’

Key clients

Northrop Grumman LITEF (Germany)

United Internet/1&1 und Group Companies

1&1 Versatel

Twitch Interactive, Inc.

Notebooksbilliger.de AG

American Academy in Berlin GmbH

HeyJobs GmbH

Work highlights

  • Strategic advice to United Internet (1&1, WEB.DE, GMX) on data protection aspects of marketing concepts, in particular cookies and similar technologies, as well as representation in various court disputes and official coordination processes.

  • Ongoing advice to notebooksbilliger.de AG on various data protection issues, including defending the company against a fine of €10.4 million imposed by the Lower Saxony data protection authority for allegedly illegal camera surveillance of employees and customers.

  • Advising Northrop Grumman LITEF GmbH (and other German group companies) on the implementation of the Northrop Grumman Group’s compliance design in its German subsidiaries (including the introduction of an EU-based whistleblowing platform) as well as advising on the development of a compliance policy.

Ashurst LLP

Ashurst LLP's digital economy group covers IT, technology, data and data protection matters and advises financial institutions and international companies on the launch of new business models, outsourcing, data transfers and data protection compliance. The arrival of Alexander Duisberg from Bird & Bird LLP in February 2023 strengthened the capacity in supporting digitisation projects and data-driven business models, including related cyber security issues, as well as transaction-related data protection; he jointly heads the practice with Andreas Mauroschat, who is experienced at the interface between data protection and employment law.


‘The experience is very good. The quality of the team is excellent.

Key clients

Australia and New Zealand Banking Group Limited (ANZ)

Catena X


Commonwealth Bank of Australia (CBA)

FNZ Group

GEA Group Aktiengesellschaft

Holcim Group

Jefferies Group

Kuwait Petroleum International

K+S Gruppe


Work highlights

  • Advising Catena-X on the governance structure, legal framework and implementation of the Catena-X data space, the first international collaborative data ecosystem in the automotive industry based on the principles of Gaia-X and the Industrial Data Spaces Association.

  • Ongoing advice to Citigroup on data protection issues, including international data transfers, global products and related data flows, negotiation and drafting of contracts with IT and other service providers, internal investigations and the implementation of IT systems and data technology, and general compliance with data protection regulations.

  • Ongoing advice to FNZ Group on data protection issues and global IT and data protection projects, particularly with regard to the global transfer of data, the implementation of global IT systems and data-driven applications and compliance with general data protection regulations.

Büsing, Müffelmann & Theye

With particular industry knowledge in the automotive sector, Büsing, Müffelmann & Theye advises development service providers, suppliers and vehicle manufacturers. This is combined with experience in data protection law and utilised in the advice on data contract negotiations, digital products such as car software, connected cars, mobile apps, compliance and, increasingly, AI including related regulatory matters. This corresponds with the expertise of practice heads Matthias Terbach and Lars Siebert. In January 2023, Jan Dirkwinkel (R&D contracts, technology law, IT, data protection) made partner.

Practice head(s):

Matthias Terbach; Lars Siebert

Other key lawyers:

Justus Gaden; Jan Dirkwinkel


‘We are very satisfied with the law firm. We have a go-to contact person and always get appointments and answers to our questions at very short notice.’

‘Our main contact person is Dr. Justus Gaden and his team. He is very competent and advises us on all questions relating to IT law, general terms and conditions, etc.’

‘Excellent knowledge of all areas of law, also very satisfactory across borders. Communication is always great and the partners are very visionary and solution-oriented.’

Key clients


Volkswagen AG

Infomotion GmbH

Spleenlab GmbH

UsedSoft AG, Switzerland

abat AG

GEWOBA Energie GmbH

Repairfix GmbH

Target Mobility GmbH (movacar)

Trusted Care AG

ComS.I.T. Distribution GmbH

Work highlights


Dentons offers competencies at the intersection between compliance, IT, IP, corporate and employment law, which are frequently called upon by clients in international data transfers, GDPR compliance and the establishment of data protection compliance systems; practice head Christian Schefold is a key contact for the latter area. This advisory offering is complemented by expertise in crisis management issues such as data breaches. In December 2022, compliance specialist Ann-Kristin Cahnbley left the practice.

Practice head(s):

Christian Schefold


‘Very experienced.’

‘Very friendly contact person.’

Key clients

Vivy GmbH (Allianz Group)

Volkswagen AG


ANH Hausbesitz GmbH & Co. KG

Gothaer Finanzholding AG

OHHH! Foundation e.V.|Jugend gegen Aids e.V.

Analog Devices, Inc.

Allianz SE


Christian Otto


Allnex Belgium SA

Deutsche Bahn AG


UST Global


Analog Devices, Inc


Harting Stiftung GmbH & Co.KGaA

e-mobilio GmbH

Flughafen München GmbH

Fresenius Medical Care AG & Co. KGaA

Triodos Investment Management

Keller Group GmbH


eKomi Holding GmbH

Work highlights

  • Advising Volkswagen AG on the update in accordance with Directive (EU) 2019/1937 following the international introduction of a central whistleblower hotline in 91 jurisdictions and support in updating the central business partner due diligence process in 107 jurisdictions.

  • Supporting Vivy in the global introduction of an internet platform for medical services for insured persons.

  • Advising Deutsche Bahn on the implementation of the Whistleblower Directive (EU) 2019/1937.

Greenberg Traurig Germany

Greenberg Traurig Germany regularly assists with GDPR compliance, data protection fine proceedings and transactions as well as the structuring of international data transfers and exchanges. Cross-border matters are covered thanks to the international network and frequently advised on in close cooperation with the locations in the US. This approach is also mirrored in Viola Bensinger's dual role as head of the German data protection practice and as co-head of the global data privacy & cyber ​​security practice. Carsten Kociok is another key contact, he comprehensively advises on data protection law and primarily assists clients across the financial services, media, real estate and healthcare sectors.

Practice head(s):

Viola Bensinger

Other key lawyers:

Carsten Kociok


‘Their extensive knowledge and practical insights are second to none.’

‘The team has great expertise, gives very practical advice and communicates in a concise manner that is easy for businesses to understand.’

‘They are incredibly responsive and easy to work with.’

‘Wide international reach.’

‘Carsten Kociok has an excellent understanding of the needs of companies and provides insightful advice based on data protection authorities’ policies, decisions and best market practices. I often turn to him to consider how to address particularly complex privacy matters in my corporate practice, and he always delivers. He is incredibly responsive and a real pleasure to work with.’

‘Carsten Kociok is quick and efficient, but also takes the time to ensure his advice is easy to understand and implement.’

Key clients

BUWOG Bauträger GmbH

Cyren, Ltd.

Silgan Containers

Opswat, Inc.

Manscaped Inc.

Yorck-Kino GmbH


Torc Robotics


Heimstaden AB



Work highlights

  • Advising BUWOG Bauträger GmbH, which is part of the Vonovia Group, on all aspects of German and European data protection law and data security in connection with the planning and development as well as the distribution, sale and rental of condominiums to buyers and tenants.

  • Advising the Israeli/US cybersecurity specialist Cyren Ltd. on designing and distributing its email security products in Germany and the EU as well as the sale of its German business unit.

  • Advising the German cinema chain Yorck on the design and implementation of a new video-on-demand portal as well as the reorganization of its digital offerings and the introduction of new loyalty/membership systems.

GSK Stockmann

GSK Stockmann's data protection expertise is utilised in the advice on GDPR compliance, the creation of data protection concepts as well as in clients' representation before the authorities. Practice heads Jörg Kahler and Katy Ritzmann are experienced in the mobility, finance and real estate sectors and regularly assist with transactions and, thanks to the firm's focus on the real estate segment, advise facility managers on monitoring software, serviced apartments and parking space management.

Practice head(s):

Jörg Kahler; Katy Ritzmann


‘The IT team led by Jörg Kahler is very strong. They provide very good technical insights with a commercial approach that ensures positive outcomes for customers.

‘Jörg Kahler is my go-to lawyer. Jörg is very perceptive and gives very clear and easily digestible advice in a very complex area .’

Key clients

Gegenbauer Holding SE & Co. KG


GLS Gemeinschaftsbank eG


delta DAO AG

Otto-von-Guericke-Universität Magdeburg


Laka Ltd.

Solaris Bank AG


Work highlights

  • Advising and supporting Tesla in a legal dispute with authorities and a consumer protection organization regarding data protection compliance in the operation of the vehicles and individual vehicle functions.

  • Advice and support to Gegenbauer Holding SE & Co. KG on a large HR outsourcing project regarding the conversion of the IT infrastructure from an on-premise solution to the cloud.

  • Ongoing advice to Ryanair DAC on various data protection matters, in particular advice regarding the data protection relevance of the customer chat function (chatbots).

Lexton Rechtsanwälte

Lexton Rechtsanwälte focuses on the healthcare and media sectors, including social media, and advises on general data protection issues, medical billing software and international data flows. The expertise at the employment law interface is used in advising on employee data. These competencies correspond with the comprehensive data protection expertise of practice head Kevin Max von Holleben.

Practice head(s):

Kevin Max von Holleben

Other key lawyers:

Tilmann Lührig


‘Tilmann Lührig is an expert in the law and the industries in which he advises, and combines this with a very pragmatic approach that leads to real results.’

‘Very good quality and up to date. Fast response time and available at any time. Practical results.’

‘Lexton has an outstanding team with a high level of expertise based on many years of experience and industry know-how.’

Key clients

ARC GmbH & Co. KG

Basis Technologies Germany GmbH

Global Protect Sicherheitsdienste GmbH

QAD Europe GmbH

Investitionsbank des Landes Brandenburg

Codeflow GmbH

eBay Kleinanzeigen GmbH

Pares-IT GmbH & Co. KG

Scope SE & Co. KGaA

Stadler Deutschland GmbH

Torben, Lucie und die gelbe Gefahr GmbH (TLGG GmbH)

Trockland Management GmbH

Universal Music Entertainment GmbH

v. Rundstedt & Partner GmbH

The unbelievable Machine Company GmbH

Dreifive AG (TX Group)

Berlin Food Week GmbH

emtec solutions GmbH

Work highlights

  • Advice on data protection law to Universal Music Entertainment GmbH on the treatment of employee data and customer data in the global group and advice on the implementation of the ECJ Schrems II ruling in the group, particularly in the USA.

  • Advising the investment bank of the state of Brandenburg on the introduction of software.

  • Advising Cosmo Consult Group on the digitalization of B2B business, including data protection.


Led by Jürgen Hartung and Marc Hilber, Oppenhoff advises on GDPR, data protection compliance, website design, cyber security as well as the processing of healthcare data by AI. This is complemented by litigation experience in legal disputes and proceedings before the supervisory authorities. The team also supports digitisation projects and IT outsourcing thanks to the cooperation with the firm's digital business group.

Practice head(s):

Jürgen Hartung; Marc Hilber


‘Good mix of pragmatism and legal excellence.’

‘Marc Hilber: An excellent advisor and great lawyer.’

‘The team is resilient and broadly based. Availability is above average. The use of digital solutions and support for our own developments is unique.’

Key clients

Meta Inc.

Work highlights

  • Preparation of a report for Meta Inc. on the admissibility of Facebook fan pages and insights for German companies.

Redeker Sellner Dahs

Redeker Sellner Dahs supports ministries, state authorities, sports clubs and health insurance companies in data protection proceedings, which was recently demonstrated in the healthcare sector in connection with the admissibility of the electronic patient card. Another mainstay is the advice on data protection issues in the context of digitisation projects. Cornelius Böllhoff is experienced in representing clients before the authorities and places an additional focus on ongoing advice, while Sabine Wildfeuer is well versed in contract drafting and matters at the digitisation intersection.


‘Redeker is characterized by an extraordinarily high quality of workmanship. Work results can usually be adopted unchanged. Technically necessary adjustments are made quickly and easily.’

‘Dr. Böllhoff is exceptional and able to provide satisfactory clarification to critical situations. He is characterized by vehemence and determination in the matter.’

‘Highly specialized and extremely pragmatic at the same time!’

Work highlights