Includes advice on data protection, IT security and compliance.
Data protection in Germany
At Baker McKenzie, the cooperation between German and international offices is a key success factor. In Germany, the Munich-based Michel Schmidl has ‘the best team you could possibly work with on complex data protection issues at the interface to employment law‘, while the Munich team's skills are complemented by the experience of Holger Lutz‘ team in Frankfurt, which is particularly active in the banking, telecommunications and pharmaceuticals sectors. Another important pillar of the practice is its advice on administrative procedures in the event of ransomware attacks, international data transfers and with regards to the introduction of global data management platforms. Florian Tannen is particularly active in the automotive and mobility sectors. Julia Kaufmann joined Osborne Clarke.
‘Michael Schmidl has built up the best team in Munich that one can ever work with on complex questions of data protection at the interface to labor law – it combines the highest degree of legal expertise with absolute client orientation and thus always delivers well thought-out, practical recommendations for action . In addition to Florian Tannen, Matthias Scheck and Josephine Becker deserve special mention from the team.’
‘Michael Schmidl is the luminary in data protection law. But what particularly distinguishes him and what explains his uniqueness is that, in addition to his additional profound knowledge of labor law, he always focuses on the legal system as a whole and therefore whenever a question makes it necessary, he consults other areas of practice in order to deliver an overall solution. which then leaves no question unanswered when it comes to practical implementation. A very good discussion partner and advisor, who you wouldn’t want to do without, not only because of his above-average commitment.’
‘Florian Tannen combines outstanding legal expertise with total client orientation. In addition to the speed of the answers and availability, the appropriate communication with legal laypersons and the direct coordination with operational specialist departments should be emphasized.’
‘Broad know-how across all industrial sectors. Advice is always provided in a factual and pragmatic manner and, above all, solution-oriented.’
‘Florian Tannen and Michael Schmidl deserve special mention.’
‘The Baker team takes a very pragmatic and hands-on approach without sacrificing the necessary legal compliance. The recommendations can usually be communicated to all stakeholders and are never too one-sided. This is a great art in data protection. The team is characterized by the fact that the client is given uniform and equally excellent advice in most continental European countries with the same quality and the aforementioned approach.’
‘Holger Lutz and Michaela Nebel are two of the best and most respected data protection lawyers in Germany and worldwide. Despite the depth of their knowledge, they never lose their sense of business practice and everyday life. Their advice is usually very wise and they were almost always spot on.’
- Comprehensive advice to a large software manufacturer on the creation and introduction of Binding Corporate Rules.
- Advising a global automotive company on the introduction of a group and brand-wide B2C platform for the sale of (connected car) solutions, “function-on-demand” services, products and services in more than 40 countries.
- Advice on data protection law to a global provider of video conferencing services on various data protection issues and on communication with authorities.
Bird & Bird LLP offers top-notch advice on data protection matters, not least due to its cross-border capacities, more than 20 years of experience in data and IT issues as well as the expertise and market recognition of its team, whereby the successful German data protection practice attracts DAX30 companies as well as leading international clients. Fabian Niemann leads the team and is known for his commitment to regulatory issues pertaining to social media, IT security and data protection. Lennart Schüßler regularly advises on compliance matters related to GDPR implementation while Alexander Duisberg is an expert in cyber security issues and often applies his knowledge for clients in the automotive industry. In Hamburg, Miriam Ballhausen made partner in May 2021. Noticeably, the separate entity Bird & Bird Privacy Solutions offers DPO and legal representation services nationally and internationally; in addition, the team also utilises a range of technical data protection tools (such as Access platform and SCC generator) for the automatic generation of standard contractual clauses related to data transfers.
Other key lawyers:
‘Creative legal advice with a reasonable level of risk appetite, always focused on making things happen.’
‘Fast, good and on-the-spot.’
‘Alexander Duisberg: Very good cooperation; very international; experienced in various areas of IT law, also open to new topics such as blockchain.’
‘Clear focus on the client’s economic goals. Pragmatic approaches, high quality.’
‘Fabian Niemann: High level of expertise and quality in a variety of IT and commercial-related topics. Often knows the opposite side (service provider).’
‘Jörg-Alexander Paul: Good view of the commercially pursued goals, hands-on, pragmatic.’
Gesellschaft für Freiheitsrechte
GIZ, Gesellschaft für internationale Zusammenarbeit
Star Alliance Biometric Hub
Telefónica Germany GmbH & Co. OHG
Universitätklinikum Gießen und Marburg
- Comprehensive data protection advice to Dexcom, in particular on the use of diabetes/glucose measurement solutions based on wearables worn on the body and cloud solutions.
- Comprehensive data protection advice to GIZ in numerous data-based projects around the world.
- Advising the Star Alliance Biometric Hub on the introduction of a biometric facial recognition system for the airports in FFM and Munich, among others.
DLA Piper‘s data protection team is a popular choice for first-class transactional support, the implementation of data protection measures as well as in contentious proceedings before data protection supervisory authorities and against affected individuals and consumer protection associations. The team has in-depth knowledge particularly of the automotive sector, the high-tech industry and at the interface to insurance law, but the team’s consistent exchange with law firms worldwide also broadens its understanding of other adjacent areas, such as the manufacturing industry and the financial services sector. The group around Stefan Engels and Thilo von Bodungen also stands out for their expertise in ransomware attacks, compliance, data protection disputes, AI and data analytics. Jan Pohle advises on cyber security, while Verena Grentzenberg focuses on assisting with data protection matters pertaining to new business models and big data projects.
‘What is special about the law firm is that it has excellent specialist knowledge, it is fast but precise and understands how our company works and how the internal legal department communicates with the business.’
‘DLA Piper’s privacy team is excellent at handling all types of privacy issues. They always get their priorities right.’
‘DLA covers almost all jurisdictions in which German companies operate (about 50 countries worldwide) and the quality of their work is always the same, regardless of the jurisdiction or country.’
‘DLA Piper’s privacy team is always available, even if an urgent matter arises. They always support us with practical, but legally correct and clear advice.’
‘DLA Piper communicates (if necessary) in such a way that non-legal employees can easily understand her advice.’
1&1 Telecom GmbH
Heidelberger Druckmaschinen AG
- Advising Heidelberger Druckmaschinen AG on various outsourcing projects, including the transfer of the Shared Service Center for Purchase and Financial Management to an external service provider.
- Expert opinion and representation of 1&1 Telecom GmbH in fine proceedings at the Bonn Regional Court.
- Representing H&M in regulatory proceedings (in close cooperation with the regulatory team) and providing additional data protection compliance advice and communications advice.
Latham & Watkins LLP‘s Tim Wybitul is considered the ‘figurehead’ of Germany’s data protection sphere: him and his team particularly stand out for their activity in data privacy disputes, transactions and internal investigations and recently demonstrated their expertise in a series of cutting-edge matters, particularly in relation to data breaches, fine proceedings, damage compensation and information claims. For instance, the group successfully represented Deutsche Wohnen SE before the Berlin Regional Court in proceedings which overturned the to-date highest ever imposed data protection fine in Germany; here, the very active associates Wolf-Tassilo Böhm and Isabelle Brams were also involved.
Other key lawyers:
‘The data protection practice is very well positioned and certainly has one of the most renowned lawyers specializing in data protection in Germany. In addition, the team has a very good overview of the relevant adjacent or overlapping areas of law, namely labor law (with a focus on works constitution), fine and criminal proceedings and, last but not least, the defense against claims for damages.’
‘Tim Wybitul is a figurehead in Germany due to his many years of experience, the many processes and negotiations he has overseen, many publications and not least because of his appointment to the data protection advisory board. And at the same time he is approachable, pragmatic and not very pretentious. Isabelle Brams and Wolf-Tassilo Böhm are sociable, flexible, quick and just as pragmatic. It’s just really nice to work with these lawyers to find a solution.’
‘Under the leadership of Tim Wybitul, the team is in great form with Wolf-Tassilo Böhm as primus inter pares.’
‘Tim Wybitul is a knowledgeable privacy advocate who is safe to take to the boardroom. Wolf-Tassilo Böhm manages mandates in a very experienced manner and exudes the calm that a client wishes for in difficult mandates.’
SCHUFA Holding AG
- Successful defense of Deutsche Wohnen against the highest GDPR fine that has been declared invalid in Germany and the EU to date.
- Representing Daimler as a defendant in landmark proceedings before the Federal Labor Court (BAG) regarding employees’ right to information under the GDPR.
- Represented Facebook globally in a number of regulatory inquiries and investigations into alleged data breaches and/or alleged violations of the GDPR.
At full-service offering Noerr, clients can rely on a broad expertise spectrum encompassing advice on the entire range of data protection and adjacent issues as well as representation in court; one of the contributing factors for this offering is the team’s close cooperation particularly with the dispute resolution, regulatory and compliance practices, thereby generating synergies that primarily play out in matters related to data breaches, data protection by design and data protection disputes. In the latter area, the firm established a specialised team in 2021 which specifically acts in administrative, fine and court proceedings. Daniel Rücker, who heads the practice, often acts in high-profile data protection matters and investigations by the supervisory authorities; Joachim Schrey advises on international data transfers relating to cloud services and system implementation for data loss prevention among other matters; Sebastian Dienst has extensive expertise in advising international companies, especially on matters pertaining to data protection governance; and Pascal Schumacher specializes in regulated markets and digital health.
‘The quality is excellent in every respect and so is the price-performance ratio.’
‘Friendly and competent. Open to legal tech, very innovative.’
‘Joachim Schrey is characterized by a great understanding of bespoke and innovative advice on complex technical and economic issues. He is also able to enable a legally compliant design in new constellations in such a way that this comes as close as possible to the economically desired and technically feasible cornerstones. ‘
‘Noerr covers the entire range.’
‘Noerr’s data protection team is characterized by a helpful, very pragmatic approach. Extremely fast support is a matter of course here. Individual solutions that bridge the gap between compliance and business also help large companies to remain competitive in an international context.’
‘Pascal Schumacher: Due to his experience, he is very good at incorporating risks, common practice and possible reactions from the authorities into the company’s decision-making process, which actually makes it easier for complex projects.’
‘Pascal Schumacher can always be reached quickly and always has a competent representative, is patient and also very flexible. You get the feeling that you are always treated as priority A. Furthermore, he also supports the communication with international branches very professionally and is available for worldwide consultations.’
LVM Landwirtschaftlicher Versicherungsverein Münster a. G.
McDonald’s Deutschland LLC
MEWA Textil-Service AG & Co. Management OHG
Mobility Trader GmbH
Sunshine Smile GmbH
Finanz Informatik Technologie Service GmbH & Co. KG (FI-TS)
- Assessment of hurdles and design scope within data protection regulations for testing innovative business models as part of the Reallabore Deutschland strategy.
- Data protection advice on the use of tracking and analysis tools and on the use of biometric processes.
- Data protection advice on the structuring of US data transfers for a health app.
Osborne Clarke's highly regarded IT practice is flanked by a data protection group that is best known for its data protection support to digital transformation projects and thereby represents a key asset for the firm. Based in Hamburg, one of the practice's strengths is clearly its coordinator Flemming Moos, whose expertise continuously attracts clients from different sectors and jurisdictions; he predominantly focuses on the structuring of international data flows, data protection audits and IT compliance projects. Most recently, a team led by Marc Störing advised on an EU-funded project to research data exchange options in the transport sector. In June 2021, Julia Kaufmann joined from Baker McKenzie; she focuses on data protection issues in the healthcare sector.
‘Very high level of expertise in digitization issues, always available, good project management, including global data protection and IT security issues.’
‘Marc Störing: High availability, committed, transparent, very good sparring partner, excellent specialist knowledge.’
‘Adrian Schneider’s team scores with solutions that are easy to implement instead of just pointing out problems, efficient working methods, very good and understandable explanations of sometimes very complex legal problems.’
‘The team has a high level of expertise and works precisely and reliably, especially on special issues. The team is well organized and works with us in a structured way. This enables short-term satisfactory solutions, but also successful long-term cooperation on larger projects.‘
‘Jens Schefzig advises reliably and with a high level of expertise on data protection issues in connection with data analytics projects.’
- Advice on legal data and data protection issues relating to Allianz Real Estate GmbH’s extensive participation in a strategic project of the world’s largest real estate investor in the field of smart building.
- Ongoing advice to various AXA companies on data protection issues, in particular on digitization projects.
- Comprehensive data protection advice to Axel Springer.
From its five offices in Germany and with an international outreach, Taylor Wessing regularly assists with cutting-edge matters related to big data, machine learning and artificial intelligence, especially in the healthcare, finance and insurance sectors as well as in the automotive industry. The regarded Axel Freiherr von dem Bussche, who heads the technology, media and telecommunications practice as well as the international US Group for Germany, predominantly advises on international transactions, contractual and regulatory issues as well as on the transformation of digital business models and negotiations with supervisory authorities. Paul Voigt on the other hand, does 'a bombastic job' on international data protection projects as well as on e-commerce, IT contract and security law issues. Additionally, Thomas Kahl focuses on data protection incidents, cyber attacks and regulatory data protection procedures. Fritz-Ulli Pieper made partner in January 2021.
‘Paul Voigt is doing a bombastic job! Precise and perfectly implementable advice. It’s a real asset for companies to have him by their side as a consultant.’
‘Very approachable and responsive. Very applicable in practice. High quality and a friendly team.’
‘Paul Voigt is extremely dedicated and knowledgeable. In addition, personable and very responsive.’
Hyundai Motor Europe GmbH
Mazda Motor Europe GmbH
Vodafone Deutschland GmbH
- Advising eBay on the planning and implementation of one of the largest Schrems II projects in Germany to review third-country transfers, taking into account the requirements of the ECJ.
- Advice to Nintendo on the group-wide GDPR implementation as well as ongoing advice in all areas of data protection law.
- Comprehensively supporting the RXD, Privacy Management department of Vodafone in its data protection advice to the entire German Vodafone group.
CMS' highly regarded, extensive TMT practice also features in-depth data protection knowledge. Its broad advice focus extends beyond national borders and aims to provide euro-centric data protection assistance (also through the CMS cyber network, which encompasses 75 countries worldwide and acts primarily in the event of cyber attacks and critical emergencies). Fines, claims and proceedings following data breaches are also part of the service portfolio. The practice is headed by Markus Hauser in Munich and Florian Dietrich in Cologne. The team also includes the 'extremely experienced, excellently connected and tactically clever' Christian Runte and 'wonderful, intellectual sparring partner' Michael Kamps.
‘Practical, experienced advice from a diverse and experienced team.’
‘Very broad data protection expertise in a wide variety of facets, enormous track record.’
‘Christian Runte is extremely experienced, super well connected and tactically clever.’
‘The practice area data protection/information technology is characterized by its very practical, pragmatic and solution-oriented advice. CMS understands perfectly how to work out solutions together with the client that fit the specific problem.’
‘Michael Kamps does not get bogged down in highly theoretical memos (unless they are expressly requested), but works out solutions in cooperation with the client. Kamps is a wonderful intellectual sparring partner and, thanks to his cross-industry experience, can also help with highly complex issues. He has a very pragmatic and solution-oriented consulting approach, which is particularly important for in-house lawyers.’
CSW Rechtsanwälte Steuerberater Wirtschaftsprüfer‘s Isabell Conrad and her data protection team primarily focus on contractual matters, data transfers abroad (a field that experienced significant growth after the Schrems II judgment), administrative procedures before data protection supervisory authorities and data protection issues related to AI projects and AI applications; here, Jochen Schneider is particularly involved. The firm has further strong expertise in matters pertaining to social security data protection such as electronic patient files for statutory health insurance companies and in the area of order processing. Maria-Urania Dovas joined LANGWIESER RECHTSANWÄLTE Partnerschaft mbB in January 2022.
Other key lawyers:
Luther Rechtsanwaltsgesellschaft mbH's data protection advice is primarily characterized by topics such as industry 4.0, big data, internet of things, cloud computing and e-Health, with the team's expertise on matters related to the handling and usage of personal data, GDPR as well as data protection compliance being particularly valuable; practice head Wulff-Axel Schmidt and his group also regularly act as external data protection officers. Michael Rath is considered the main contact for the department and Silvia Bauer carries out data protection audits and also advises international and national companies on the design and implementation of their data protection concepts.
‘In addition to the high level of technical expertise, the team is excellently available and very responsive.’
Ashfield Healthcare GmbH
Augsburger Aktienbank AG
Clariant Produkte (Deutschland) GmbH
Deutsche Telekom AG
DKMS gemeinnützige GmbH
Evonik Industries AG
McKesson Europe AG (vormals Celesio AG)
R. Stahl Aktiengesellschaft
Reemtsma Cigarettenfabriken GmbH
Riedel Communications GmbH & Co. KG
Servicegesellschaft der PSD Banken mbH
Stadtwerke München GmbH
Volkswagen Financial Services AG
- Data protection advice to Augsburger Aktienbank AG and due diligence related to the sale of Augsburger Aktienbank AG’s custody business to European Bank for Financial Services GmbH, including the structuring of data transfers as part of the M&A transaction.
- Data protection advice to E.ON SE in connection with the implementation of the current EUMC 2021 within the group as well as externally.
- Comprehensive advice to Volkswagen Financial Services AG on data protection inquiries as part of various VWFS projects and on the implementation of a major international data protection project including audits in 16 European jurisdictions.
SKW Schwarz Rechtsanwälte's data protection practice assists with digital transformation and cloud strategies as well as issues pertaining to the commercial and industrial use of artificial intelligence among others. Due to its close cooperation with other practice groups such as media, publishing and IP, as well as with the sector group automotive, these competencies represent a crucial part of the firm's advice offering, whereby the practice also advises clients on cyber security, data protection impact assessments and risk assessments for the development of new business models. At contentious level, Matthias Orthwein's group recently excelled in representing Schufa in a GDPR court case, with Oliver Hornung and Franziska Ladiges taking the lead. Elisabeth Noltenius made partner in January 2021.
‘Always available and absolutely short response times for urgent matters. Appear as a duo to predict working structures and next steps directly.’
‘Matthias Orthwein: Maximum integrity, competence and reliability, convincing even in difficult and contradictory circumstances. A valued contact for discussions outside the box.’
Microsoft Corp, Microsoft Deutschland GmbH, Microsoft Online Ireland
SCHUFA Holding AG
VELUX Deutschland GmbH
Ask Brian GmbH
Erich Netzsch GmbH & Co. Holding KG
- Advising Microsoft on GDPR-compliant product design.
- Support for SCHUFA in over 100 pending court proceedings on GDPR issues.
- Worldwide data protection support for Erich Netzsch during a cyber attack that shut down operations.
At WilmerHale the representation in data protection disputes takes centre stage, with the group around the renowned Martin Braun being mainly known for its participation in data protection proceedings before the European Data Protection Board, national authorities and the ECJ. In addition to Braun, Brussels-based lawyers Hans-Georg Kamann and Frédéric Louis often take the lead. The practice frequently acts for Facebook which the team recently represented in proceedings concerning user data merging before the German Federal Cartel Office.
- Representing Facebook in German Federal Cartel Office proceedings concerning the merging of user data.
- Representing Facebook in proceedings before the Court of Justice of the European Union and before German courts concerning fan pages.
- Representing Facebook in proceedings regarding the so-called “like button”, currently before the Düsseldorf Higher Regional Court, after submission to the ECJ.
Due to its close cooperation with the firm's IT and media practice, ADVANT Beiten's data protection team is well equipped to advise on numerous aspects of their clients' digital businesses and demonstrates particular strength in acting in disputes with data protection authorities as well as in ongoing data protection advice to long-term clients. In the latter area, the video game industry in particular has become increasingly important in recent years, although financial service providers and the real estate industry also play a significant role for the firm. Andreas Lober and Matthias Stecher head the practice from Frankfurt am Main and Munich respectively. Axel von Walter is another key lawyer and focuses on privacy-related issues while Susanne Klein is particularly well versed in advising internal data protection officers on compliance issues and on the implementation of new technologies.
‘The personal, professional and yet cordial way in which you are greeted and picked up in the office and on the phone is outstanding. A consistently high standard is offered from telephone reception to advice from specialist lawyers. Requests for appointments on our premises were approved at any time, flexibility is a matter of course.’
‘ What is particularly impressive is the care with which various legal issues are dealt with. The interaction of different lawyers deserves an award, because for us as a client the result comes across as if it came from a single source. Sufficient time is taken into account and right questions are asked so that problems are considered from all angles leading to results that are sometimes different than what the first impression conveyed.’
‘ Opportunities as well as risks are considered in detail and discussed in an understandable way. Improving one’s own basic knowledge through explanations in difficult situations is a further added value. Every request is processed and explained in an understandable way. At all meetings, the participants were well prepared and deeply involved in the subject matter. As clients, we feel that we are in very good hands, well advised and always well and, above all, professionally represented.’
‘Matthias Zimmer-Goertz is an integral part of the legal circle in the area of data protection. Within a very short time, Zimmer-Goertz familiarizes himself with the client’s business model and provides security and valuable suggestions for improvement, so that data protection conformity is ensured. His routine in dealing with the data protection authorities supports the client and ensures quick clarification in the event of a complaint.’
‘ The open, friendly and objective way of looking after clients creates a very trusting working atmosphere. Every consultation and every query is explained in a professional and yet understandable way, so that you can learn from the consultation. Discussions with the other side take place in a calm, factual manner, which has an absolutely de-escalating effect.’
‘Susanne Klein is in charge of IT and data protection at BB and is a reliable, highly competent and outstanding expert in this area. Her quality speaks for itself. The cooperation was exemplary and particularly problem-oriented.’
expert Warenvertrieb GmbH, expert eCommerce GmbH
Landesanstalt für Medien NRW
Landesbank Baden-Württemberg (LBBW)
MEC Holding GmbH
WEISSER RING Stiftung
Zahlreiche Creditreform-Regionalgesellschaften unter Federführung der Creditreform Essen Stenmans & Waterkamp KG und der Creditreform Düsseldorf / Neuss Waterkamp, Zirbes & Coll. KG
Charité Universitätsmedizin Berlin
BNP Paribas Niederlassung Deutschland
Antenne Bayern GmbH & Co. KG
- Advising Landesbank BW on the conceptual review of the data protection feasibility of a €2.2 billion transaction.
- Advising QUANTYOO on a data-driven business model and the establishment of a European data alliance.
- Ongoing data protection advice to Charité’s data protection department as well as data protection support in special research projects.
In the data protection sphere, Eversheds Sutherland's group around Alexander Niethammer focuses on topics such as data usage, digital process design, digital transformation, cloud computing and EU data protection regulations. Cybersecurity is a further significant topic for the practice that is mainly tackled by its global cybersecurity and data privacy group as well as within the international network of the firm; here the team regularly advises on complex cyber incidents and cross-border data transfers. Lutz Schreiber frequently assists with cloud computing issues and IT disputes.
Other key lawyers:
‘Very responsive. Experienced lawyers and very competitive fees. ‘
‘Very friendly, good turnaround, generally very reliable and always high-performing.’
Modine Manufacturing Company
MTS Systems Corp.
Special Olympics Deutschland
Toyota Motor Credit Corporation
- Advising crypto stock exchange Coinbase in connection with the awarding of the first BaFin license for proprietary trading and crypto custody in Germany.
- Advising a manufacturer-dependent financial service provider in the automotive sector on an international IT compliance and data protection matter involving several European countries.
- Advising several companies from the industrial and technology sectors on how to respond to cyber attacks.
Heuking Kühn Lüer Wojtek offers a wide range of advice on data protection issues, which, in addition to the implementation of compliance programs, also includes assistance with software launches and data protection matters related to online trading. The team's expertise is further frequently applied in outsourcing projects and transactions. Philip Kempermann and Thomas Jansen jointly head the team.
‘Well-connected, broadly skilled unit that offers full service in data protection. They also work well internationally (and always deliver reliably).’
‘Philipp Kempermann is very well connected. He is characterized by his fast feedback, a solution-oriented approach and his detailed knowledge. Especially in cross-border matters, he thinks outside the box in order to achieve the best result for the client.’
‘Michael Kuska is very pragmatic, always available and has now taken on a leading role in complex GDPR issues.’
‘Britta Hinzpeter has managed to ideally combine her expert knowledge of GDPR and life sciences. It is the top address for wearables and health apps in Germany.’
‘Astrid Luedtke takes the lead in joint projects with commitment, asks the right questions and has a passion for innovative business ideas, which is reflected in her advice.’
‘Hands-on, practical, solution-oriented and able to adapt to the dynamics and peculiarities of a project and internal teams.’
‘Philip Kempermann is characterized by the fact that he always gives practical and solution-oriented advice “despite” his excellent professional qualifications. His ability to move a project forward is not only valued by the legal department, but also by the specialist departments involved, as is his hands-on and collegial nature, which makes him part of the team – an art that not many external consultants can master.’
Certified Collectibles Group (CCG)
Messer Group GmbH
- Data protection advice to Santander Consumer Bank AG on the introduction of personnel management software Workday.
- Ongoing advice and support to Versandhaus Walz GmbH on all data protection matters, especially in connection with the client’s mail order and online business as well as advertising customer approaches, particularly with regard to the client’s online shops.
- Data protection advice to MarketAxess Group at the Regulatory Reporting Hubs of Deutsche Börse Group.
Hogan Lovells International LLP
At Hogan Lovells International LLP, data protection and security advice is handled by a team belonging to the IP, Media and Technology practice led by Burkhart Goebel, Miriam Gundt and Andreas Bothe. Here, multinational data protection projects, cyber attack advice, the representation of companies before data protection authorities and in data protection disputes (especially in damages claims) represent the central pillars of its offering. In addition, as a result of the Covid-19 pandemic, a Munich-based group led by Martin Pfluger has recently been involved in data protection and labor law projects pertaining to information access on vaccinations. The practice also regularly advises on data transactions and data ownership.
‘The team advises pragmatically, very business-oriented and with consistently high competence; Individual questions are researched quickly and answered in a well-founded manner, the team proposes solutions, points out the risks, but does not hide behind non-liability formulations and communicates very clearly.’
‘Martin Pfluger is characterized by a high level of competence and clear communication.’
Bundesverband der Zahlungs- und E-Geld-Institute
Daiichi Sankyo Europe
Ford Motor Company
- Comprehensive data protection support for Brainloop on all internal matters, including data ownership, strategic data protection orientation of cloud services and advice on international data transfers as well as all GDPR compliance issues.
- Advising Salesforce on the implementation of the GDPR and other data protection issues.
- Data protection advice to Syncreo in relation to compliance, policy documentation and day-to-day advice.
Highly regarded in Germany and beyond, Undine von Diemar heads Jones Day's European practice for cybersecurity, data protection and privacy, thereby demonstrating 'deep and up-to-date understanding' of the German and international data protection landscape. This is especially true in relation to the US, where the group has a very strong presence. The practice particularly focuses on data breaches, employee data protection and international compliance projects and frequently benefits from its cooperation with other German offices, such as regularly cooperating with the Düsseldorf compliance team on internal investigations (here, Martin Lotz is very active) as well as with the firm's Munich-based life sciences practice. Data protection advice on transactions is another mainstay.
Other key lawyers:
‘Good multinational team. Market leader in the USA and Germany.’
‘Undine von Diemar is a real leader in this field. She simplifies complexity and gives clear advice and options for action.’
‘The Jones Day team provides sound and practical advice tailored to the unique needs of our organization in a niche area. The team has a clear understanding of client’s needs and overall strategy and implements this efficiently when advising on often new issues in an uncertain legal landscape. Also, the team is great to work with and they stick to tight schedules on critical business matters.’
‘Undine von Diemar has a deep and up-to-date understanding of the constantly evolving data protection landscape and related issues. Undine seamlessly applies an understanding of the client’s strategic objectives and understanding of where the law is leading to the unique issues that arise with the client. Undine is also very service-oriented, friendly and very pleasant to work with.’
‘A really hard working, responsive team who are easy to work with anywhere in the world. There is never any drama with them and they are really organized, smart and pleasant. You are first class.’
‘Undine von Diemar is fantastic, really great, with a good team. It’s available, responsive, and attuned to clients’ needs in a really refreshing way. Very client-oriented and friendly to work with.’
Internet Corpora-tion of Names and Numbers (ICANN)
European Bank for Financial Services GmbH (ebase)
Cooper Tire & Rubber Company
Lionbridge Tech-nologies, Inc.
New World Hotel Management (BVI) Ltd.
RTI Surgical Inc. (nunmehr Surgalign Spine Technologies)
- Advising ICANN in Germany, Europe and globally on all data protection requirements relevant to ICANN.
- Comprehensive data protection advice to the European Bank for Financial Services GmbH (ebase) on the takeover of Augsburger Aktienbank AG (AAB)’s securities business.
- Data protection advice to SAP on the planned €500m joint venture with dediq GmbH.
KNPZ Rechtsanwälte has a small but highly regarded practice that combines various skills within one team. Kai-Uwe Plath is the key contact for transactional advice and primarily assists with data protection aspects of outsourcing projects, IT matters and GDPR compliance. Jan-Michael Grages has significant experience in securing data flows and compliance investigations.
In recent years, Orrick, Herrington & Sutcliffe LLP has continuously expanded and deepened its combined IT and IP practice, with the team around 'pioneer' and 'data protection guru' Christian Schröder thereby gaining central importance for the firm. The group primarily advises international tech companies and developers on issues relating to internal and external data transfer, internet of things and on GDPR matters, as well as on the data protection-compliant design of products and reactions to cyber security incidents. Its intensive cooperation with the tech-focused transaction practice in Germany as well as with the firm's US-based data protection practice provides the department with further impetus.
Other key lawyers:
‘The team is truly global which is easy to observe when dealing with the Orrick team. This is of vital importance as they need different practice heads of each region to participate and bring issues to the table as a forum.’
‘Christian Schröder is a pioneer in the legal field, a data protection guru.’
W. W. Grainger / ZORO
- Advising CA Immobilien on issues at the interface of data protection and IT in connection with a leading Smart Office pilot project in Europe and follow-up projects.
- Comprehensive advice to Carnival Corporation on European data protection regulations in connection with strategic projects such as facial recognition products and external data transfers.
- Advising the leading, listed mobile gaming company Zynga Inc. on data protection, data security (including preparation of a Data Protection Impact Assessment, DPIA) and intellectual property matters related to the acquisition of a company.
Pinsent Masons Germany LLP
Pinsent Masons Germany LLP's data protection practice, and here predominantly its Munich-based team, is particularly well known for its experience in the automotive sector. Nevertheless, the unit works across offices and sectors: for instance, its advice on topics such as connected cars and cloud data centers combines the Düsseldorf team's know-how on data access and its communication law expertise as well as the digitization skills of the Frankfurt team. Moreover, the firm's international cyber practice also expanded with a new office in Amsterdam and the broadening of its related advice offering in Germany. Kirsten Wolgast is the cyber practice's key contact and also assists with technology disputes while data protection expert Ruth Maria Bousonville is particularly active in the finance sector including fintech matters. Stephan Appt heads the German TMT Group.
‘Profound knowledge of data protection. Clear communication: pragmatic, to the point.’
‘Very strong in applying data protection requirements related to the interpretation of GDPR. Solid and pragmatic advice. Good feel for details without losing sight of the bigger picture. Stephan Appt is an outstanding partner.’
CycloMedia Deutschland GmbH
Evidensia Deutschland GmbH
Honda Motor Europe Limited
- Advice to Honda Motor Europe Limited on the business process outsourcing project Roadside Assistance with Bosch as well as ongoing data protection advice.
- Advice to Cyclomedia Deutschland GmbH, which specializes in the development of tools for visualizing environments, on the design of an innovative tool in the energy supply industry.
- Advising Evidensia Deutschland GmbH on GDPR implementation, in particular on precautions in the event of a no-deal Brexit.
In addition to its established, Munich-based data protection team around Thomas Fischl and Andreas Splittgerber, Reed Smith LLP also boasts data protection expertise in Frankfurt with Christian Leuthner, who made partner in January 2022; Leuthner predominantly focuses on assisting with cloud computing, e-commerce and internet platforms. The firm is particularly renowned for its advice to start-ups.
Other key lawyers:
‘Working with the team is an absolute pleasure. They are thorough and experienced, but above all pragmatic. Sometimes consultants in law firms give advice that is very idealistic or impractical, but this team has a genuine business focus and understands that advice must be useful, not just academic and theoretical.’
‘The focus on pragmatism is definitely something that stands out. Open, honest discussions happen and matters are really worked on.’
White & Case LLP's German data protection team advises on German and European data protection law, cross-border data traffic and cyber security issues. The German group benefits from practice head Detlev Gabel's the great expertise. Facebook and Deutsche Bank are among their key clients.
- Advised Deutsche Bank AG on a multi-year strategic partnership with Google Cloud.
- External legal counsel to Facebook on a very large portfolio of international litigation and out-of-court litigation spanning more than 160 jurisdictions on six continents.
- Advising a bank on how to respond to a large-scale cyber attack.
By welcoming Tobias Neufeld from Allen & Overy LLP in March 2020 to its ranks, Arqis Rechtsanwälte gained a respected head for its own data protection and data law practice, who ist not only internationally well connected and has extensive data-related experience, but who is also well versed in employment law; this intersection between data and employment law subsequently represents one of the focal points of the practice. Most recently, the team was particularly active in advising on matters related to cyber attacks as well as assisting numerous clients from the healthcare sector with data protection issues. Moreover, and also supported by its office in Tokyo, the group frequently advises on international matters. Neufeld further heads the global employment and benefits practice as well as co-heads the German pensions group.
‘Service lines that are unique on the German market and which, in addition to pure data protection issues, also include digital ethics and data litigation. With this holistic approach, ARQIS is far ahead of its time.’
‘Very strong in the areas of data analytics, cloud computing and digital transformation as well as excellent knowledge in various sectors, especially health and life sciences as well as insurance and financial services.’
‘Tobias Neufeld is unique on the German market. He is pragmatic not only with regards to his consulting style but also to his language and communication, paired with innovative approaches and a large network, he finds a solution for every data-related problem that suits the respective business model and industry. It doesn’t get any better than that.’
‘Fast, uncomplicated, practice-oriented and competent support. Through the combination of compliance and labor law within one firm, their advice also considers aspects that a data protection boutique would not consider.’
‘Tobias Neufeld: Very quick reaction, combines employment law and data protection.’
Private Equity Unternehmen
Bencis Capital Partners
BME SHK Deutschland-Gruppe (Blackstone)
Domidep S.A.S. (I Squared Capital)
Alloheim Senioren-Residenzen SE
- Advising Triumph Control on the introduction of HCM software Successfactors via the US parent company; checking on data flows; data protection impact assessment; as well as conceptual design of the operation agreement.
- Advising a Japanese electronics company on how Brexit will affect data protection law and on which regulations data transfers can be based in the future.
- Data protection advice to an industrial company on the introduction of corona-related temperature taking among employees and examination of order processing agreements.
Covington & Burling LLP
Alongside its IT practice, data protection advice represents an important focus for Covington & Burling LLP. The group particularly impresses with skills at the intersection of IT and life sciences and predominantly utilises these in matters pertaining to digital health inquiries; here, regulatory issues as well as personal patient data protection are pertinent subject matters among others. Especially in the health industry, but also with regard to topics such as autonomous driving, outsourcing and big data, the firm's own internal network is an essential asset for the practice. Lars Lensdorf and Moritz Hüsch head the group.
Broadridge Deutschland GmbH
GEA Group AG
- Advising SmartRecruiters on the operation of an electronic recruitment platform with regard to data protection and the consequences of Schrems II.
- Data protection advice to Haniel on the acquisition of 100% of the shares in BauWatch, a company in the field of temporary outdoor security solutions.
- Many years of advice to GEA Group on all data protection issues at national and international level.
GvW Graf von Westphalen
Graf von Westphalen has a strong and independent data protection practice that stands out due to its interdisciplinary and international cooperation among other matters. The group is particularly successful in advising on matters touching on public procurement, healthcare and M&A, which is mainly due to the skills and network of practice head Stephan Menzemer, who has ‘distinct expertise in the healthcare and e-health sector‘ and, in his position as head of the firm’s international desk, also maintains strong international contacts (especially with China through the firm’s Shanghai office). New synergies developed following Thomas Schuster‘s arrival from PwC Legal (PricewaterhouseCoopers Legal AG Rechtsanwaltsgesellschaft) in March 2021; he combines IT and data protection expertise with knowledge of public and constitutional law.
‘Extremely professional. Very timely communication. Very good service at all levels.’
‘Stephan Menzemer is highly professional, very competent, extremely experienced and always courteous. Indispensable for questions of data protection and IT.’
‘The practice is particularly commended for striking the right balance between legal expertise and commercial thinking. They are enormously digital. The work is always characterized by profound legal knowledge (on behalf of the company as well as the authorities), which is very helpful.’
‘They are perfectly familiar with European and international data protection law. This makes it easy to pragmatically and effectively map international relationships. The contact of the firm are always extremely competent and responsive. The team is sufficiently staggered (from equity partners to associates) and uses resources accordingly and – also from the client’s point of view – economically. They manage the deal in every situation.’
‘Stephan Menzemer has in-depth knowledge of IT and data protection law and practice and has particular expertise in the healthcare and eHealth sector, including in the public sector. This is particularly useful for procurement procedures. He leads projects, including for example data protection road maps, to a successful conclusion in terms of time, budget and quality.’
AEF Agricultural Industry Electronics Foundation e.V.
Asseco Solutions AG, Asseco Solutions GmbH, Asseco Solutions s.r.l.
DIFA Deutsches Institut für Fachärztliche Versorgungsforschung GmbH
NET CHECK GmbH
Simi Reality Motion Systems GmbH
TCI Transformation Consulting International GmbH
- Comprehensive advice to standard software manufacturer Asseco Solutions on all IT and data protection issues including GDPR, amendment of standard contracts and modernization of the entire contract system.
- Data protection advice to Biospring in connection with the licensing of its new inventory management and compliance IT system.
- Advising Simi Reality Motion Systems GmbH on a VR/AI developer’s data protection compliance.
Morrison Foerster's privacy and data security team led by Hanno Timner is a good address for prestigious German and international clients facing GDPR-related issues; the group's representation of 1&1 in fine proceedings and the subsequent reduction of an imposed multi-million euro fine, which thus created a German GDPR precedent, became known throughout Europe. The practice further regularly assists international clients, with a particular focus on Japan, with data protection issues related to M&A and other transactions. Timner also has many years of experience in data protection matters touching on employment law.
Other key lawyers:
‘Philip Radlanski: Analytical approach and easily understandable reports of reasonable length and cost.’
Northrop Grumman LITEF (Germany)
United Internet/1&1 und Group Companies
Twitch Interactive, Inc.
American Academy in Berlin GmbH
DocuSign, Inc., USA
- Representation of telecoms provider 1&1 before the district court of Bonn with a successful reduction of the multi-million euro fine by more than 90%.
- Advising Northrop Grumman LITEF GmbH on the implementation of Northrop Grumman Group’s compliance design in its German subsidiaries (including the introduction of an EU-based whistleblowing platform).
- Defense of Notebooksbilliger.de AG against a €10.4m fine imposed by the Lower Saxony data protection authority for allegedly illegal camera surveillance of employees and customers.
Norton Rose Fulbright's German data protection practice is based in Frankfurt and Munich and cooperates closely with numerous international offices. The close relationship with the firms European and US lawyers creates a particular attraction for global companies in need of advice on international data transfers and cyber breakdowns. Practice head Christoph Ritzer particularly stands out for his expertise in cyber insurance solutions and technology transactions. Natalia Filkina is 'a top notch associate'.
Other key lawyers:
‘Christoph Ritzer and his team are characterized by a high level of competence in data protection issues. Ritzer’s appearance and his communication skills in the context of cyber insurance solutions set him apart from other colleagues. He is always very competent and solution-oriented. This is not least due to his many years of experience and the trust he has in his colleagues.’
‘Norton Rose convinces with bespoke advice at highest level. The practice group is exceptionally competent and experienced. When working on the matter, it is obvious that the group works well together and in a spirit of trust. Without exception, this leads to excellent results that are perfectly prepared and reflect the high practical orientation of the practice group.’
‘Christoph Ritzer is a very experienced lawyer who, due to his ability to immediately and accurately classify highly complex issues, is able to provide ad hoc advice of the highest quality at any time. Ritzer is not only very available and gives practical and to the point advice, he is also a very pleasant and solution-oriented advisor.’
‘Natalia Filkina is a first-class associate in Christoph Ritzer’s team and stands out with her expertise, her quick perception and her pragmatic actions. She has the potential to develop enormously and to work on mandates independently and with great success.’
‘Very good balance between depth of detail and bigger picture. Able to impart in-depth legal know-how to laypersons as well.’
- Advising Landis + Gyr on a large and global cloud transaction with Google Cloud.
- Advising a European insurance group on data protection law and the EU General Data Protection Regulation.
- Advising Pfizer on data protection issues related to day-to-day business.
Due to its focus on topics such as new technologies, artificial intelligence and corporate digitisation and technologization projects, SCHÜRMANN ROSENTHAL DREYER manages to attract a continuously high work load. The well-regarded practice advises clients from the healthcare, e-mobility, digital energy and education sectors, but also frequently utilises its expertise to assist public sector clients. Kathrin Schürmann has a 'very helpful connection to the authorities' and 'outstanding professional competence'; she jointly heads the practice with Simone Rosenthal, who predominantly advises on contracts related to video surveillance as well as data protection impact assessments and fine proceedings.
Other key lawyers:
‘The SRD team is committed and technically competent. The feedback is generally very easy to understand for colleagues. Constructive and practical solutions are always found and innovative paths are taken.’
‘Philipp Müller-Peltzer is always friendly and able to provide information on a technical level. His professionalism is also noteworthy. ‘
‘Very good accessibility. company oriented approaches. Good documentation. Very nice and friendly manner.’
‘Kathrin Schürmann: Very helpful network (e.g. to authorities), outstanding professional competence.’
C&A Mode GmbH & Co. KG
Charité – Universitätsmedizin Berlin
Deutschland Card GmbH (Bertelsmann)
Foxit Europe GmbH
Hasso-Plattner Institut für Digital Engineering gGmbH
kry | DMS Digital Medical Supply Germany GmbH
- Ongoing data protection advice to Robert Koch Institute Berlin on its Corona-Warn-App project; since April 2021 also advice on digital vaccination certificates.
- Advising SENEC GmbH on the rollout of new storage generations as a digital product or IoT platform, also taking into account the EU directive for digital content.
- Advice to Hasso Plattner Institute for Digital Engineering GmbH on the design of a data protection concept as part of the school cloud project for digital teaching support.
Greenberg Traurig Germany's data protection team is a popular choice not only due to its strong industry expertise, particularly relating to the e-mobility and real estate sectors, but also due to its multidisciplinary approach. Practice head Viola Bensinger has considerable experience in data protection matters in the IT and media sphere as well as in litigious proceedings, while Carsten Kociok is considered an expert in the field of fintech as well as financial and IT services among other matters; this further complements the team's expertise in cybersecurity, compliance, data breach and data protection in connection with corporate transactions, restructuring and disputes.
Other key lawyers:
‘Carsten Kociok: Good accessibility, quick feedback, good sparring partner. Open to new approaches. Undogmatic, solution-oriented.’
‘High competence, quick clarification of facts.’
‘Very experienced, hands-on Carsten Kociok always helps quickly and easily.’
Epiq Systems Inc.
Bundesministerium für Verkehr und digitale Infrastruktur
Die Autobahn GmbH des Bundes
- Comprehensive advice to the operator of shopping centers Multi Germany GmbH on GDPR compliance.
- Advice on the data protection-compliant design of personnel transfer from public bodies to the state’s Autobahn GmbH.
- Advised Digital Turbine Inc. on the $600m acquisition of ad tech company Fyber NV.
At GSK Stockmann, Jörg Kahler and Katy Ritzmann jointly head the firm's deeply embedded data protection and IT practices. The team focuses on advising industrial clients as well as the public sector – with both sectors having significantly gained importance for the firm in 2021 – as well as innovative technology start-ups, fintech companies and aviation industry clients. Data protection advice is often rendered in relation to compliance matters, transactions and outsourcing. The team's forensic activity is also notable.
‘GSK Stockmann’s ability to understand the commercial and operational issues of a large, multinational client and to deliver practical, goal-oriented advice makes GSK Stockmann’s practice unique among its peers.’
‘Jörg Kahler stands out. His ability to gain a deep understanding of Ryanair’s commercial and operational needs is exceptional. He is incredibly responsive, understands that commercial and operational challenges must be considered in any proposed legal solution and has a proven ability to provide practical, straightforward and objective legal advice.’
Deutsche Fonds Holding GmbH
Solaris Bank AG
- Advice and support to Otto von Guericke University Magdeburg on research project AURA – Autonomous Bike pertaining to the legal framework regarding autonomously driving cargo bikes.
- Advising Tesla on data protection in connection with the use of location localization data in the automotive sector.
- Advice to Contergan Foundation on GDPR implementation.
Notable recent highlights for Lexton Rechtsanwälte‘s IT and data protection practice included winning Nintendo as a client, which has been consulting the group on IT matters such as cloud solution acqusitions, SaaS contracts and associated data protection issues. The group’s client base is mainly composed of health and media industry clients as well as social networks. Kevin Max von Holleben leads the practice and Tilmann Lührig impresses with ‘very high professional competence’.
Other key lawyers:
‘Tilmann Lührig has a great deal of professional competence and quickly familiarises with a matter and the needs of his client. Very good balance between pragmatism and legally correct assessment, friendliness, availability, openness.’
ARC GmbH & Co. KG
Basis Technologies Germany GmbH
Race Scout GmbH
QAD Europe GmbH
Nintendo of Europe GmbH
Deutsche Gesellschaft für Lebensmittelsicherheit, Wasser- und Umwelthygiene mbH
J2C – Journey 2 Creation GmbH
Pares-IT GmbH & Co. KG
Scope SE & Co. KGaA
Stadler Pankow GmbH
Torben, Lucie und die gelbe Gefahr (TLGG GmbH)
Trockland Management GmbH
Universal Music Entertainment GmbH
v. Rundstedt & Partner GmbH
The unbelievable Machine Company GmbH
- Data protection advice to Universal Music Entertainment concerning the handling of employee data and customer data within its global company structure; advice on implementing implications of Schrems II judgment within the company.
- Data protection advice to digital agency Torben, Lucie und die GelbeANG GmbH relating to the effects of Schrems II and practical effects on the potential use of central IT infrastructure for the international company.
Oppenhoff's team around Jürgen Hartung and Marc Hilber recently advised on numerous as well as diverse data protection issues: while standard matters such as GDPR and proceedings before the supervisory authorities continue to play an important role, the practice's cross-practice cooperation with the firm's digitization group also attracted new clients and instructions pertaining to internet of things, connected cars and health data. The group's advice offering also includes expertise on cyber security including, among other things, preventive checks through legal tech quick checks.
‘The team works closely together, so that efficient advice is guaranteed. The team is characterized by quick reactions and pragmatic solutions.’
‘Jürgen Hartung has excellent data protection skills and always succeeds to translate them into pragmatic solutions. He is very well connected and informed and has a high degree of service orientation.’
‘Reliable, practical team with creative and resilient solution proposals. Oppenhoff & Partner is a strong and reliable partner who is always available and also offers the desired success at reasonable costs and short notice.’
‘From associate to partner, excellent work is achieved throughout and 24/7 availability fulfilled. Even associates have amazing in-depth specialist knowledge, so that the client does not have to pay for the “training periods” of job starters. Due to flat hierarchies and partners’ trust in associates, it is also avoided that costs are unnecessarily increased due to loss of coordination.’
‘High visibility of team members in a positive sense, service-oriented, high-end legal expertise.’
‘Marc Hilber is an excellent lawyer at the highest level. ‘der juristischen Expertise.’
‘Marc Hilber ist ein exzellenter Jurist auf allerhöchstem Niveau. ’
Bergfreunde GmbH (Backcountry Gruppe)
Johnson & Johnson
Bundesminsterium für Verkehr und digitale Infrastruktur
PKV (Verband Privater Krankenversicherungen)
Deutsches Zentrum für Luft- und Raumfahrt DLR
- Data protection advice to Shop Apotheke relating to the acquisition of the MyTherapy app.
- Advising JD Sports on data protection limits of video surveillance.
- Comprehensive data protection advice to Andagon/Aqua on a collaboration platform.