Back to Europe, Middle East & Africa

Data protection in Germany

Baker McKenzie

Baker McKenzie's internationally active data protection practice has its German headquarters in Munich and Frankfurt which are respectively led by Michel Schmidl and Holger Lutz. The team has a particular focus on regulated industries such as the finance, pharmaceuticals, healthcare and telecoms sectors while the group experienced its biggest client gain in the automotive industry. Here, Lutz and Florian Tannen, who made partner in June 2019, are particularly active and assist with data protection issues related to the connected car, global distribution models and B2C platforms. The team's strongest competences also include advising on rights of affected individuals and authorities procedures under GDPR regulations. Julia Kaufmann stands out for her extensive service offering to pharmaceutical companies.

Practice head(s):

Michel Schmidl; Holger Lutz


'Very high level of expertise and well-established teams in the area of data protection.'

'Michaela Nebel is excellent. She works in a practice-oriented, scientifically based and, what is also important, fast. '

'In Munich, Michael Schmidl has built up the best team with whom you can ever work on complex data protection issues at the interface to labor law – it combines the highest level of legal expertise with absolute client orientation and thus always provides clearly thought-out, practical recommendations for action . '

'Michael Schmidl is an expert in data protection law. A very good conversation partner and advisor who you would not want to miss, not only because of his above-average commitment. '

'Florian Tannen combines outstanding legal expertise with total client orientation. In addition to the speed of responses and availability, communication with legal laypersons tailored to the target audience and direct coordination with operational departments should be emphasized. '

Work highlights

  • Asian automaker: Comprehensive advice on data protection. Coordination with external data protection officers and dealer associations.
  • Automobile manufacturer: Comprehensive advice in connection with a Europe-wide declaration of consent under data protection law.
  • German credit institute: Comprehensive advice on data protection law and questions about the use of cloud services.

Bird & Bird LLP

Bird & Bird LLP's data protection team is based in Düsseldorf, Frankfurt and Munich and is composed of first-class lawyers who, based on a longstanding focus on IT and data matters, now advise on the most complex GDPR-related issues as well as on data usage, cloud computing and data-related disputes. Fabian Niemann heads the group and is particularly regarded for his interdisciplinary expertise. Alexander Duisberg has fruitful relationships with the automotive and healthcare sectors (for instance documented by instructions by Audi), and Lennart Schüßler is very well connected in the healthcare, finance, retail and telecoms industries. The practice's focus on the presence clearly reflects in its pro bono advice to Healthy Together GmbH, a joint effort to develop and launch the Covid-19 tracing app EINS supported by Switzerland and Liechtenstein. The firm also contributes to data protection literature, among others through Simon Assion's contributions.

Practice head(s):

Fabian Niemann

Key clients






FLIR Systems

Henry Schein

Hessischer Rundfunk


John Bean Technologies




Nuance Communications




Tata Communications

Universitätsklinikum Gießen und Marburg


Work highlights

  • Audi: Comprehensive advice on GDPR compliance (revision of the AUDI Group's data protection concept) and advice on the compliance monitor.
  • Dexcom: Comprehensive strategic and structural advice on the use of Dexcom diabetes / tissue sugar measurement solutions based on wearables and cloud solutions worn on the body as well as ongoing advice on the GDPR.
  • Healthy Together gGmbH: Advice on data protection law in the development and launch of the corona tracing app EINS of the healthy-together initiative. The app will initially be launched in Liechtenstein and Switzerland and is supported by the respective governments.

DLA Piper

DLA Piper's very solid data protection practice mainly foots on three pillars: the development and conception of data anonymisation systems (a central concern for the healthcare industry among others); advice to companies on GDPR compliance and fine proceedings; and cookies projects and related proceedings. With its German headquarters in Hamburg, Munich and Cologne, the team is part of the international Intellectual Property and Technology practice and is led by Stefan Engels and Thilo von Bodungen. In 2020, the Munich office welcomed of counsel Katia Helbig whose relationships with the automotive and high-tech industry are beneficial to the practice. Jan Geert Meents  is also very well connected in the automotive sector and specialises in data processing, data flow optimisation and data usage. Verena Grentzenberg  (Hamburg) primarily advises clients from the media, consumer goods and retail sectors on matters such as social media, big data and AI.

Other key lawyers:

Jan Pohle; Katia Helbig; Verena Grentzenberg ; Jan Geert Meents


‘The team is always up to date with the latest German and European developments in data protection. It is very practice-oriented and always shows very good recommendations for action in order to meet data protection requirements in the company. The European and global perspective will never be forgotten. The team has very good connections to its global colleagues, so that good coverage is also guaranteed internationally. ‘

‘Verena Grentzenberg is very committed, always available and ensures that a practice-oriented recommendation is guaranteed within a tight time frame.’

‘Verena Grentzenberg is a consultant who would also be followed to other law firms.’

Key clients

Allianz Real Estate

ATOS Information Technology GmbH

Dachser SE

Gothaer Versicherungsgruppe


Work highlights

  • Dachser SE: Advising Dachser SE on an international IT compliance and data protection mandate, including numerous countries.
  • Allianz Real Estate: Comprehensive advice, among other things, on all IT and data protection issues in connection with the conclusion of the purchase agreement with EDGE Hafencity Hamburg on the management and control of the first smart building acquired in Germany.
  • H&M: Representation in regulatory proceedings and additional data protection compliance advice and communication advice.

Latham & Watkins LLP

Latham & Watkins LLP has an excellent reputation for its advice on IT-related issues while its outstanding offering on the entire bandwidth of data protection matters is particularly appreciated. High-profile projects, such as defence instructions related to authorities investigations, as well as data breach and related damages claims are a particular mainstay of the practice. Both practice head Tim Wybitul as well as compliance expert Ulrich Wuermling, who is currently in London as a guest professor at the Queen Mary University, are considered Germany's data protection stars: Wybitul focuses on advising on the implementation of the European Union Data Protection Directive, employee data protection and internal investigations as well as on disputes and cross-border aspects; Wuermling impresses with his contributions to data protection literature and represents (from the London office in cooperation with the Frankfurt team) clients such as Schufa Holding AG in various data protection proceedings in higher courts including the Federal Supreme Court.

Practice head(s):

Tim Wybitul

Other key lawyers:

Ulrich Wuermling


'Team with absolutely outstanding lawyers.'

'Partner and head of the data protection practice Tim Wybitul is an expert in this area. There is no comparable expertise in Germany, especially at the interface between labor law and data protection. '

'Highly experienced practice in the field of data protection and IT law.'

Key clients

Deutsche Wohnen SE

Daimler AG

Deutsche Bank AG

SCHUFA Holding



ZF Friedrichshafen

Work highlights

  • Daimler AG: Representation of Daimler as a defendant in a landmark case before the Federal Labor Court regarding the right of employees to information under the GDPR.
  • German living: Defense in ongoing fine proceedings.
  • Deutsche Bank AG: Ongoing advice in connection with data protection issues, outsourcing and telecommunications projects.


Noerr's renowned, Munich-based data protection practice advises companies on their dealings with data protection authorities as well as in case of the imposition of significant fines. Data protection-compliant design of digital processes has increasingly gained importance for the data protection practice that was established in 2018 and which continues to focus on data protection litigation (based on close cooperation with the firm's dispute resolution team) and data breach management (offering both crisis management and prevention). This broad approach has won the trust of German as well as international market players - including relationships that stretch to China and have flourished particularly with regards to data protection by design and internet of things matters. Practice head Daniel Rücker significantly contributes to the firm's visibility through his publications on innovative business models. In Frankfurt, Joachim Schrey stands out for his advice on the international exchange of personnel data and whistleblowing issues. Sebastian Dienst, who takes on the lead in data protection matters in relation to complex franchise and corporation structures, made associated partner at the beginning of 2020.

Practice head(s):

Daniel Rücker

Other key lawyers:

Joachim Schrey; Sebastian Dienst


'When breaking new legal ground, Noerr has proven to be a high-priced, but always reliable partner.'

'' When advising, Joachim Schrey takes the client's respective initial situation into account and always has to point out practical, feasible solutions. He penetrates technical issues, framework conditions and necessities and works out tailor-made solutions, often iteratively. '

'Excellent cooperation with Daniel Rücker, who is always competent, committed and provides the best possible support.'

Key clients

Bundesministerium für Wirtschaft und Energie





KCRW Berlin

Insolvenzverwalter Thomas Cook


Mobility Trader


Wax in the City

Scout 24

Work highlights

  • Federal Ministry for Economic Affairs and Energy: Creation of a comprehensive report on hurdles and design leeway in European and German data protection law for the testing of innovative business models. This report is part of the Reallabore Deutschland strategy.
  • ING-DiBa AG: Advice on negotiating and concluding a contract with a global operator of marketplaces on a partnership to mediate power sellers as credit customers.
  • DATEV eG: Consulting in a project to set up an AI-based application to support the automated recognition and evaluation of data sets and documents for the use of the information obtained from them for the automated support of the user in the preparation of tax returns,

Osborne Clarke

Osborne Clarke's data protection team relies on the expertise of highly regarded data protection lawyer Flemming Moos. Recently, the Hamburg-based group managed to expand its activity in data protection disputes significantly. Moos not only frequently contributes to client's successes in fine proceedings, but also to an optimisation of their data protection compliance. The latter continues to generate a high case load while the firm also successfully attracts instructions regarding digital transformation and related data protection issues. Data protection expert Marc Störing receives instructions across Europe to explore data exchange options in the transport sector.

Practice head(s):

Flemming Moos

Other key lawyers:

Konstantin Ewald; Marc Störing


'Flemming Moos: very pragmatic approach in complex and brittle legal areas of data protection.'

'High level of expertise, pragmatism in the most complex topics, understanding of the goals and restrictions of a company.'

'Konstantin Ewald shows extremely high availability and very, very fast response times.'

'A diversified, very experienced team that works very well with the firm's own expertise in other areas of law (e.g. labor law).'

'Comprehensive advice with a pragmatic approach, fully usable as a separate project resource with practical advice that can be implemented directly.'

'Marc Störing is an experienced and very accomplished colleague who hits the pragmatic note. Topics outsourced to him and his team are dealt with competently and in line with their needs. In doing so, implementable and non-constructed approaches are always pursued, which means that only reasonable effort is generated. '

'' Extremely high level of professional expertise across all degrees. Very pragmatic approach, which enables the results to be integrated directly into one's own work. '

'Mr. Störing and Mr. von Bühler are two outstanding lawyers with a feel for the requirements of a global company. You develop pragmatic solutions and always think about what makes working with you a real pleasure. '

Taylor Wessing

Taylor Wessing's technology, media and telecoms group impresses with a very successful data protection and cyber security department. With focuses on monetisation and ad tech, interdiction and fine proceedings, as well GDPR and data protection audits, the group has managed to advise on the most important and current projects across Germany and the world. Led by Hamburg-based Axel Freiherr von dem Bussche, the team continued to grow in 2020 and is particularly sought-after by clients from the automotive, IT and gaming sectors. The Berlin-based Paul Voigt, who made partner in 2019, is particularly in these sectors 'an absolute expert'. From his location in the capital he has been able to establish close relationships with German startups and also assists US clients with privacy shield certificates as well as with complex local data protection audits.

Other key lawyers:

Gregor Schmid; Paul Voigt


'Very competent and specialized team.'

'Gregor Schmid is very specialized and has an excellent knowledge of the law.'

'The data protection team at Taylor Wessing is a well-rehearsed and very agile team that works with the client in a competent, practice-oriented and quick manner to develop meaningful and viable solutions for all data protection issues and to support them in their practical implementation. It is characterized by the strong responsiveness and the personal type of support. Particularly noteworthy is the strong industry focus and the distinctive data protection know-how. The team knows the client's business. '

'Highly qualified advice and the highest reputation also on the part of the court in contentious proceedings.'

'Axel von dem Bussche always provides us with targeted advice and high-quality solutions.'

'Cooperation in the team seems to work extremely well, everyone involved can be reached easily, very courteous and friendly.'

'Proactive communication on changes in the law, very fast response times, pragmatic.'

'Gregor Schmidt provides outstanding legal advice, which is characterized by in-depth knowledge of the matter, entrepreneurial expertise and pragmatism.'

Key clients

BVG – Berliner Verkehrsbetriebe



Hyundai Motor Europe





Springer Nature


Work highlights

  • Nintendo: Advice on the group-wide implementation of the GDPR and ongoing advice in all areas of data protection law.
  • Springer Nature: Data protection advice and support with the digitization of the data protection department.
  • Twitter: Representation in a legal dispute on the responsibility of the provider for data processing initiated by users against a consumer protection association.


CMS' sector focus is also much appreciated by clients in the data protection space and generates numerous instructions particularly in the banking and life sciences industries while e-commerce and technology companies also form part of its client base. The practice advises these clients on GDPR compliance (increasingly in the context of compliance structures), e-privacy, cookie banners and contract negotiations as well as in proceedings brought on by regulatory authorities. Highly technical matters such as data breach and IT security are also of central importance to the team. The group is spread across Hamburg with practice head Sebastian Cording, Munich with his counterpart Markus Häuser, Cologne and Stuttgart and broadly positioned due to its international integration in the firm's global TMC group. In addition, the firm is also a member of external networks World Law Group and International Technology Law Association.

CSW Rechtsanwälte Steuerberater Wirtschaftsprüfer

With its highly regarded practice head Isabell Conrad, who became name partner in June 2020, IT boutique offering CSW Rechtsanwälte Steuerberater Wirtschaftsprüfer, a spin-off of former SSW Rechtsanwälte Steuerberater Wirtschaftsprüfer, has an unaffectedly strong standing in the market. The firm, which houses some of 'Germany's best data protection specialists', advises a German, but very broad client base that includes both startups as well as DAX-listed companies. Hereby, the group focuses on assisting companies from the insurance sector with insure tech and KI-related data protection matters among others. The team boasts further specialist expertise in matters such as social data protection and data protection for the public authorities. In addition, the practice also covers cross links to data protection and IT security while advising on e-commerce, IT contracts and cloud projects. Data protection and open source expert Stefan Haßdenteufel joined newly formed firm Witzel Erb Backu & Partner with two associates in June 2020.

Practice head(s):

Isabell Conrad

Luther Rechtsanwaltsgesellschaft mbH

Thanks to its experienced and renowned team members in Frankfurt, Essen, Hamburg and Cologne, Luther Rechtsanwaltsgesellschaft mbH is able to offer its clients the entire spectrum of data protection advice on highest level. Headed by Wulff-Axel Schmidt, the group demonstrates deep know-how that matches the requirements and needs of both medium-sized clients as well as large corporations. Hereby, mobility and logistics are the practice's sector focuses. Alongside his main focus on data protection, Michael Rath also advises on IP, thereby assisting with high-profile matters in the healthcare, telecoms and distribution sectors. Stefanie Hellmich, who made partner in 2019, focuses on data protection management systems, client information review and cookie consent. Silvia Bauer has particular expertise in GDPR implementation matters, data compliance and cross-border data exchange compliance as well as the preparation of data protection relevant agreements.

Practice head(s):

Wulff-Axel Schmidt

Key clients

arvato Systems / Bertelsmann




Bundesministerium für Verkehr und digitale Infrastruktur (BMVI)

McKesson (former Celesio)

Deutsche Bank / Postbank


Evonik Industries


Metro AG


Procter & Gamble




Work highlights

  • Evonik Industries AG: Advice on a project for the worldwide implementation of the EU General Data Protection Regulation in the Evonik Group and development of a data protection management system.
  • Miele & Cie. KG: Advice on setting up and expanding the global data protection organization as well as implementing the GDPR and necessary changes due to the GDPR in the group.
  • McKesson Europe: Creation of a data retention schedule and comprehensive advice on the creation of deletion concepts on a European level.

SKW Schwarz Rechtsanwälte

SKW Schwarz Rechtsanwälte's broad data protection practice offers high-quality advice at various interfaces. Due to a hotline service, the group has asserted itself as a strategic advisor of the cyber insurance sector on data breaches and further expanded its competencies in the data security space. Data protection litigation is another area whose successful establishment led to attracting outstanding instructions. Hereby, the group focuses on defending clients against claims of affected individuals, also before the European Court of Justice. Most recently, the team further advised on the development and implementation of extinguishing concepts as well as data protection-compliant business processes; practice head Matthias Orthwein leads the advice in many of these projects. Oliver Hornung is an expert in developing data protection concepts, GDPR implementation and IT compliance.

Practice head(s):

Matthias Orthwein

Other key lawyers:

Oliver Hornung


'The lawyers at SKW Schwarz have very well-founded and broad expertise in all matters of IT and data protection law. Due to the many years of experience and the size of the team, even very complex issues can be dealt with promptly, carefully and competently. The team impresses with creative and innovative solutions that are precisely tailored to the client. '

'Matthias Orthwein advises at a very high technical level and with great professionalism.'

'Matthias Ortwein is an extremely knowledgeable and reliable contact person.'

'Oliver Hornung is very competent with a very broad knowledge base in data protection and information technology. Matthias Orthwein is a team player in the cooperation and results-oriented in the interests of the client. '

Key clients


E.ON Energie Deutschland GmbH


IKEA Deutschland

CNA Hardy Versicherung

Commerzbank AG

Deutscher Tierschutzbund

DIEHL Stiftung & Co. KG

Webasto SE

Robert Bosch Power Tools

Toll4Europe GmbH

Work highlights

  • Commerzbank AG: Comprehensive advice on data protection law; Secondment to the legal department; Principal Business Process Advisor.
  • Diehl Group: Advising the large international group on strategic data protection issues.
  • IDEX Group: Implementation of a major project for national and international data transfer, especially from the perspective of the German and European subsidiaries.

White & Case LLP

Due to a continuous pursuit of innovation, the commitment of highly specialised lawyers and the application of legal tech solutions, White & Case LLP occupies an enviable position among Germany's best players in the data protection space. The group has a significant advantage in international (particularly US) projects where it can easily activate its global, internal firm network. The client base predominantly includes banks, financial services providers and investment banks, but also car manufacturers. Facebook is also among its top clients; the team advises the social media company on disputes and data protection matters outside the US. Detlev Gabel is the key figure and specialises in supporting clients in the case of a cyber attack, data protection requirements for defensive measures and advice on the communication with data protection authorities.

Practice head(s):

Detlev Gabel

Work highlights

  • Facebook: Legal advisor since 2011 with regard to all civil law disputes outside the USA, including data protection.
  • German branch of an international financial services group: Transmission of employee data for administrative and management purposes.
  • Industrial and financial services company: Advising several companies from the industrial and financial services sector on responding to cyber attacks.


WilmerHale distinguishes itself from its competitors by its longstanding advice to and representation of Facebook before national courts as well as the European Court of Justice. Therefore, the group around the highly regarded Martin Braun has been acting in various legal proceedings as well as contributing to the discourse on current data protection and antitrust issues such as the inclusion of third party content on websites. In this context, the participation of the Brussels office and expert Hans-Georg Kamann is also relevant; he divides his time between Brussels and Frankfurt. Advice to the pharmaceutical industry is another focus for the team.

Practice head(s):

Martin Braun

Other key lawyers:

Hans-Georg Kamann

Key clients

Führendes deutsches Pharmaunternehmen

Reporters Committee for the Freedom of the Press

Work highlights

  • Facebook: Representation in the "Fanpage" procedure before the German courts and the Court of Justice of the European Union.
  • Facebook: Representation in proceedings against the Federal Cartel Office (data protection aspects).
  • Reporters Committee for the Freedom of the Press: Representation in the ECJ proceedings on the geographical scope of the data protection right to be forgotten.


ADVANT Beiten has used its solid standing as a key advisor to the media industry to also create a profile in the IT and data protection sector. Subsequently, the firm successfully established an integrated media, IP and IT practice under the leadership of Matthias Stecher and Andreas Lober, while Axel von Walter is a key figure for all privacy matters. The team is based in Frankfurt and Munich and sought after for its data protection advice across all industries; the group trains in-house data protection officers, carries out compliance checks and offers strategic advice on the implementation of new technologies as well as in the case of data protection violations.

Other key lawyers:

Susanne Klein


‘Hands-on approach in working with the internal legal department and business. No fear of contact. Solution orientation is in the foreground. ‘

‘Susanne Klein: to the best of my knowledge. Solution-oriented. ‘

‘Susanne Klein is available 24/7 and delivers very good results.’

‘Wide range of expertise and fast, solution-oriented work. Perfect networking of lawyers across locations and across practice groups. ‘

‘Andreas Lober: outstanding experience and pragmatic problem solving, experience in dealing with Chinese clients.’

Key clients


Charité Universitätsmedizin Berlin

Potsdam-Insititut für Klimafolgenforschung

E.M.P. Merchandise (a Time Warner Company)



Landwirtschaftliche Rentenbank

MEC Holding GmbH (Messer Group)

Groß & Partner Grundstücksentwicklungsgesellschaft mbH

Work highlights

  • Charité - University Medicine Berlin: Advice on data protection law on setting up a national network for university medicine on COVID-19 (merger of university clinics for Corona / COVID-19 research).
  • expert Warenvertrieb GmbH; expert eCommerce GmbH: Advice on data protection law on tracking and analysis, answering inquiries from data subjects and on internal group data exchange.

Eversheds Sutherland

Eversheds Sutherland's German data protection practice is part of a global network that is led from the firm's London and Washington offices. Therefore, the Munich-based team has access to international clients which predominantly stem from the regulated industries as well as the finance, pharmaceutical, healthcare and automotive sectors. The German team around Alexander Niethammer is considered a global point of reference  for the entire firm in matters pertaining to European data protection and GDPR as well as data transfer from and to the US. Agreements, data protection implementation, compliance and internet of things projects are also part of its service portfolio. Lutz Schreiber is a another key figure.

Practice head(s):

Alexander Niethammer

Other key lawyers:

Lutz Schreiber

Key clients

Aspen Pharma

Avis Budget


Cyrus One



Lyondell Basell


Modine Manufacturing Company

MTS Systems Corp.


Special Olympics Deutschland

Turkish Airlines

Work highlights

  • Aspen Pharma: Ongoing advice to the global pharmaceutical company on corporate data protection.
  • Allm Inc.: Advising the US health tech company on mobile health and related health apps, including international data transfer and questions about telematics infrastructure.
  • Dyson: Worldwide exclusive, ongoing data protection advice to the technology company Dyson across 82 legal systems.

Heuking Kühn Lüer Wojtek

Heuking Kühn Lüer Wojtek's data protection practice distinguishes itself through a varied, sector-spanning approach. Jointly led by Philip Kempermann and Thomas Jansen, the team is composed of lawyers with data protection expert knowledge in cyber security, GDPR, damages claims and agreements. The group not only acts for companies in various industries (such as the food, transport, communication, finance and healthcare sectors among others), but also for federal offices, administrations and research facilities. In January 2020, data protection auditor Hans Markus Wulf made equity partner.

Practice head(s):

Philip Kempermann; Thomas Jansen

Other key lawyers:

Hans Markus Wulf


'Known and busy.'

'Philip Kempermann and his team are a top address in the field of data protection and information technology. Kempermann is very effective, fast and always on a high level when it comes to developing practical solutions. Very good negotiator. '

'Very good customer orientation, very pragmatic, quick reaction time and perfect communication, building long-term and stable client relationship.'

Hogan Lovells International LLP

Hogan Lovells International LLP's German data protection team is part of the firm's comprehensive IP, media and technology practice. The group focuses on data security and data breaches (also with a specifically developed legal tech tool), their reporting to German and international regulatory authorities, on data processing and commercialisation as well as on transactions. Marcus Schreibauer co-heads the cyber security task force and maintains client relationships in the real estate, technology and finance sectors.

Other key lawyers:

Marcus Schreibauer

Key clients

ABB Group


Applied Materials

Art-Invest Real Estate


Daiichi Sankyo Europe

Desitin Arzneimittel

Enviro Chemie

Esteve Pharmaceuticals

ExB Labs


IKB Deutsche Industriebank

Jungheinrich Gruppe



Work highlights

  • Brainloop: Advice on the legal classification and conceptual implementation of data ownership and the protection of customer data in cloud services; Revision of terms and conditions and data protection agreements; Advice on the technical design.
  • Esteve Pharmaceuticals: Advice on the acquisition of the German pharmaceutical company Riemser, including on data protection aspects of the transaction.
  • ExB Labs: Regular comprehensive advice on IT and data protection law.

Jones Day

Munich-based data protection expert Undine von Diemar heads Jones Day's European cyber security, data protection and privacy practice. The group stretches across various jurisdictions, including Belgium, France and across the Atlantic also the US. Data-related transactions, internal investigations and GDPR implementation all constitute central pillars of the team's activity. Additionally, von Diemar's experience in matters pertaining to international data transfers as well as security issues and data breaches is also very sought-after. Martin Lotz frequently supports her in matters touching on compliance as well as on criminal law.

Practice head(s):

Undine von Diemar

Other key lawyers:

Martin Lotz


'Very solid team that not only understands data protection and data security law, but also the technology.'

"Undine von Diemar is a solid partner with knowledgeable resources."

Key clients

Internet Corpora-tion of Names and Numbers (ICANN)

Amadeus FiRe AG

BlackBerry Cylance / BlackBerry



Cardinal Health

Cray Supercomputer

Lionbridge Technologies, Inc.

New World Hotel Management (BVI) Ltd. (Rosewood Hotel Group, führender Betreiber von Hotels im Luxussegment)

RTI Surgical Inc.


Work highlights

  • Internet Corporation of Names and Numbers (ICANN): Continuous advice in Germany, Europe and globally on all data protection requirements relevant to ICANN.
  • Cardinal Health: Comprehensive advice on GDPR and ePrivacy requirements as well as the global data protection strategy.
  • New World Hotel Management (BVI) Ltd. (Rosewood Hotel Group, leading operator of hotels in the luxury segment): Worldwide data protection advice from Rosewood Hotel Group.

KNPZ Rechtsanwälte

Clients describe Hamburg-based IP, IT and media boutique offering KNPZ Rechtsanwälte as 'small but excellent'. The key figures Kai-Uwe Plath and Jan-Michael Grages are very successful in the transactional sphere and combine this expertise with data protection advice for companies seeking advice on data flow management, GDPR and compliance investigations.

Pinsent Masons Germany LLP

Pinsent Masons Germany LLP continues to push its market position in the technology and data protection space and recently made Munich-based Florian von Baum global AMT sector head (advanced manufacturing and technology) as well as Stephan Appt head of the German TMT group. The expertise in the Hamburg office is further complemented by the Frankfurt team around Nils Rauer. Based on this set-up the firm positions itself as a committed advisor to automotive suppliers and manufacturers. The monetisation of automobile data, predictive maintenance, data access and e-commerce represent the practice's bread and butter business. The service portfolio also includes data transfer and processing, SaaS applications and crisis management. Clients recommend Ruth Maria Bousonville for her 'excellent technical understanding'.

Other key lawyers:

Ruth Maria Bousonville


'The team works in German and English, which is very advantageous for an international company as a client, and offers comprehensive advice.'

'Ruth Maria Bousonville is always available when you need her. She manages to take the economic interests of the client into account as far as possible when providing legal advice. Her suggestions are practical, clear and show that she also has an excellent technical understanding. '

Key clients

Automobil Lamborghini S.p.A. (über Secured By Design Ltd.)

CycloMedia Deutschland GmbH

Evidensia Deutschland GmbH

F24 AG

Honda Motor Europe Limited

Mitsubishi Corporation (through Secured by Design Ltd)

The Binding Site GmbH

Wirecard AG

Work highlights

  • CycloMedia Germany GmbH: Advice on one of the most controversial data protection issues (controller to controller data transfer vs. joint controllership) in connection with a highly innovative solution for data acquisition and visualization.
  • Honda Motor Europe Limited: Advice on the hot topic of the automotive industry: “Access to Data / Data Ownership”.
  • Mitsubishi: Comprehensive regulatory advice on a large number of specific connected car functionalities in various European countries.

Reed Smith

Reed Smith considers itself a top address for data protection advice to startups in Germany. Nonetheless, the client base also includes internationally leading software providers, web-service companies, football clubs and music corporations. The team advises on the most current data protection matters such as marketing technologies (ad tech, social media), GDPR compliance, agreements and cookies. Andreas Splittgerber jointly heads the practice with Thomas Fischl. The duo is not only very well connected in Germany, but. also internationally via its firm-wide network.

Covington & Burling LLP

Covington & Burling LLP's technology practice receives praise for its high-quality advice not only in the IT and outsourcing sphere but also on data protection matters. In the latter area, the group assists with different issues, including in relation to imposed fines, compliance measures in accordance with GDPR and data collection. Lars Lensdorf's expertise in compliance and cyber security are very sought-after. He jointly heads the practice with Moritz Hüsch whose ability 'to analyze complex IT processes in order to design data protection contracts accordingly' is very much appreciated.

Practice head(s):

Moritz Hüsch; Lars Lensdorf


'Moritz Hüsch knows very well how to analyze complex IT processes in order to design data protection contracts accordingly. In these projects and contracts, all views are processed and included. '

Key clients


Broadridge Deutschland GmbH

GEA Group


American Airlines



Work highlights

  • Senvion: Advice on IT infrastructure services, outsourcing and data protection.
  • SmartRecruiters: Advice on an imposed fine for violating the imprint obligations under the TMG.
  • SmartRecruiters: Advice on the operation of an electronic recruitment platform in terms of data protection law.

GvW Graf von Westphalen

GvW Graf von Westphalen's IT and data protection practice is a driving force for the entire firm. The team's activity as data protection officers, which has been successfully ongoing for a long time, has paved the way for other forms of instructions such as in matters related to data protection-compliant digitalisation. Furthermore, the internal networking with the firm's public law, banking and finance as well as life sciences practices enables an even broader positioning for the group. Practice head Stephan Menzemer advises both clients from the private as well as the public sectors, thereby covering the whole array of data protection issues such as GDPR compliance, SAP systems and contract negotiations.

Practice head(s):

Stephan Menzemer

Other key lawyers:

Arnd Böken


'Competence, reliability and speed. For more complex problems, several experts work together as a team that delivers practical results at a reasonable cost. '

'Arnd Böken is very professional and solution-oriented. Even for complicated problems, he always finds practical solutions that are tailored to our needs. '

'The practice deserves special praise for the fact that it combines the right balance between legal expertise and economic thinking. They are enormously digital. The work is always characterized by profound industry knowledge (on the part of clients and contractors), which is very helpful. The law firm's contacts are always extremely competent and responsive. The team is sufficiently deep (from equity partners to associates) and uses resources appropriately and – also from the client's point of view – economically. '

'Stephan Menzemer has deep market insight and special expertise on the part of agencies, digitizers as well as on the part of clients and contractors.'

Key clients

3F Management GmbH

AEF Agricultural Industry Electronics Foundation e.V.

Asseco Solutions AG

Blue Mesa Health, Inc.

Bundesanstalt für Post und Telekommunikation

Celanese Europe B.V. /Celanese Services Germany GmbH

dbb beamtenbund und tarifunion

Kurita Europe GmbH

ÖRAG Rechtsschutz Versicherungs-Aktiengesellschaft

Publicis Communications (Publicis Pixelpark, CNC – Communications & Network, Starcom Mediavest Group Germany, Metadesign, Leo Burnett etc.)

Sapient GmbH

ThoughtWorks Deutschland GmbH/ThoughtWorks, Inc.

Universitätsklinikum Frankfurt am Main

Versorgungswerk der Landesärztekammer Hessen

Webasto Roof & Components SE


DIFA Deutsches Institut für Fachärztliche Versorgungsforschung GmbH


Stiftung Kunstsammlung Nordrhein-Westfalen

Work highlights

  • AEF Agricultural Industry Electronics Foundation e.V.: Global collaboration in connection with software, licensing, antitrust and data protection issues.
  • Asseco Solutions AG: Advice as an extended arm of the internal company data protection officer.
  • Blue Mesa Health, Inc.: Series of mandates relating to the development, licensing and distribution of chatbots in compliance with health data protection regulations.

Morrison & Foerster LLP

Morrison & Foerster LLP is considered an 'internationally very strong' firm for data protection and also fields German experts in this field. Hanno Timner, head of the privacy and data security team, advises large companies in the music industry, internet platforms and technological solutions manufacturers both in Germany as well as on cross-border matters (frequently stemming from the US and Japan). The group participates in national and international projects related to information injunctions by users in accordance with GDPR, inter-European transactions and related data, to fines and procedures against data protection authorities.

Practice head(s):

Hanno Timner

Key clients

Northrop Grumman LITEF (Germany)

United Internet/1&1

Twitch Interactive, Inc.

Scout24 AG

Fyber N.V.


American Academy in Berlin GmbH

DocuSign, Inc., USA

Work highlights

  • United Internet (1&1, WEB.DE, GMX): Representation in objection proceedings in court in connection with a fine of 9,550,000 euros imposed on telecommunications service provider 1 & 1 Telecom GmbH for an alleged violation of data protection laws.
  • United Internet (1&1, WEB.DE, GMX): Comprehensive strategic advice on data protection aspects of marketing concepts and the log-in alliance with ProSiebenSat.1 and RTL.
  • Northrop Grumman LITEF GmbH (and other German subsidiaries): Advice on the implementation of the Group's compliance organization in its German subsidiaries (including the introduction of the NAVEX-Wistleblowing-Helpline).

Norton Rose Fulbright

The strategic advantage of Norton Rose Fulbright's German data protection team lies in its integration with several of the firm's EMEA offices among other reasons. Based on this network, the Munich-based team has privileged access to international support and international clients that make up the client base alongside German corporations. Relevant sectors for the group include hotel, pharmaceuticals, insurance and banks which seek advice on matters such as GDPR, cyber attacks, profiling tool applications and data export to the US. Practice head Christoph Ritzer maintains a 'very good balance between risk perspective and business needs'.

Practice head(s):

Christoph Ritzer


‘Christoph Ritzer: very good balance between risk perspective and business needs, holistic thinking.’

Key clients


Work highlights

  • Pfizer: Advice on data protection in day-to-day business.
  • European insurance group: Advice on data protection law, EU General Data Protection Regulation; strategic advisor to corporate management.

Orrick, Herrington & Sutcliffe LLP

Christian Schröder and the Düsseldorf-based data protection, IP and IT team around him are the German arm of Orrick, Herrington & Sutcliffe LLP's international practice in this field. The group acts within the firm's global context and often cooperates with the London and Boston offices on matters related to compliance, data transfer and due diligence as well as representing clients before regulatory authorities. Due to its technology-oriented focus, which is appreciated by clients, the team advises on exciting and innovative technology projects such as Europe's first connected office building in Berlin, where the team advised on negotiations with the data protection authorities.

Practice head(s):

Christian Schröder


'The data protection team is extremely up-to-date and well networked with one another. Everyone in the team knows the latest developments and is prepared to answer questions with practical suggestions for implementation. The international connection can always be felt and, especially in data protection, offers enormous advantages for globally operating companies. '

'Christian Schröder: The problem management is clear and always up to date.'

'Dennis Schmitt (Associate) has learned a lot from the responsible partner Christian Schröder and is putting his skills into practice perfectly. He shows particular problem awareness and practical solutions. The processing is discussed and any open questions are clearly explained. The international connection is far more extensive than with many other law firms. '

'Excellent qualifications and customer orientation'

'Christian Schröder is one of the best in the field and communicates the subject in a very understandable way, even for laypeople. Amelie von Alten is extremely precise and always has an overview '.

Key clients

CA Immobilien

Carnival Corporation


Flexera Software


W.W. Grainger/Zoro Tools

Work highlights

  • CA real estate: Advice on data protection law on their IoT lighthouse project and the most modern office building in Europe, the Cube in Berlin.
  • Carnival Corporation: Advising the world's largest cruise operator on global data protection issues, including intra-group agreements and facial recognition.
  • US software company: Advice on data protection-compliant design of software in the field of artificial intelligence.

reuschlaw Legal Consultants

Since its inception in 2017, reuschlaw Legal Consultants has managed to attract lawyers, clients and a rising reputation, thereby enabling the data protection practice to occupy a significant position in Berlin's market after only a few years. The compact cyber security and data protection group is led by Carlo Piltz, who assists clients across various sectors (such as automobile suppliers, machine manufacturers and media companies) with the implementation of data protection requirements, administrative disputes and legal proceedings and also acts as an external data protection officer. B2B and employee data protection are additional mainstays.

Practice head(s):

Carlo Piltz


'Always up to date, quick response and proactivity.'

'Outstanding technical expertise and a pragmatic, practical approach.'

Key clients

Constantin Medien

Duttenhofer GmbH & Co. KG GmbH


Sport1 GmbH

Torben, Lucie und die gelbe Gefahr GmbH

Autoscout24 GmbH

Work highlights

  • Sport1 GmbH: Advice on data protection law for the legal department on various issues relating to online advertising, the involvement of service providers and the display of advertising as well as the use of data for advertising purposes.
  • GmbH: Work as an external data protection officer and advice on data protection issues relating to the handling of employee data or the conclusion of contracts for order processing with clients from the automotive sector.
  • Torben, Lucie and the yellow danger GmbH: Support in day-to-day business and project work with customers; Questions of data protection when using social media services.


Data protection advice is a self-evident part of technology-focused firm SCHÜRMANN ROSENTHAL DREYER's service offering. The group advises clients on the planning and implementation of IT and digitalisation projects, thereby covering GDPR implementation, warnings related to cookies, privacy and data protection impact assessments as well as revocation and appeal concepts for data protection agreements. Kathrin Schürmann and Simone Rosenthal jointly head the practice and recently gained further market visibility by advising on data protection issues related to a Covid-19 warning app project, to reporting and information systems for infection protection as well as to contract trancing.

Other key lawyers:

Charlotte Schieler


'High level of specialization, outstanding technical and legal understanding.'

'' Very broad legal knowledge on all current issues of data protection as well as a very sound technical understanding. At the same time, the knowledge is combined with practical recommendations for action. '

'Good availability, reliable and fast processing, innovative approaches, strong links between legal / technical know-how.'

'Simone Rosenthal: Excellent negotiating skills when involved in contract negotiations. Very in-depth legal know-how. '

'Charlotte Schieler is an incredibly well-versed data protection expert who transfers her experience from other mandates well and provides tips that have been tried and tested in practice.'

Key clients

C&A Mode GmbH & Co. KG

Charité – Universitätsmedizin Berlin

Deutschland Card GmbH (Bertelsmann)

Digitalprojekt 4 GmbH (EWE-Gruppe)

Ernsting’s Family GmbH & Co. KG

Foxit Europe GmbH

Gothaer Finanzholding GmbH

Hasso-Plattner Institut für Digital Engineering gGmbH

INTERSPORT Deutschland eG

LabTwin GmbH

MEDIAPOOL Content Services GmbH

Outfittery GmbH

remerge GmbH

Skoobe GmbH (Thalia / Random House / Holtzbrinck Publishing Group)

Westdeutsche Lotterie GmbH & Co. OHG

Joyn GmbH

Zalando SE

Work highlights

  • Gothaer Finanzholding GmbH: Comprehensive advice in connection with digitization and AI projects; Advice on data protection law with regard to the legally compliant use of data in several AI applications with special attention to the legal requirements for the insurance industry.
  • Hasso-Plattner Institute for Digital Engineering gGmbH: Ongoing advice on the school cloud project; Recently intensive advice due to the current Covid19 situation on the nationwide roll-out of the school cloud (in particular advice on individual state-specific features in school data protection, creation of legal texts, drafting of contracts, etc.); Coordination with authorities.
  • Charité - University Medicine Berlin: Advice on setting up the Charité digital consultation and carrying out data protection impact assessments.

Ashurst LLP

Ashurst LLP's compact team around Andreas Mauroschat foots on three pillars: employment law, IT including data protection as well as compliance. Its data protection advice focuses on the needs of banks and large international corporations pertaining to data processing and data switching as well as GDPR matters.

Practice head(s):

Andreas Mauroschat

Greenberg Traurig Germany

Based on the experience and reputation of its media team, Greenberg Traurig Germany's practice for data, privacy and cyber security has picked up speed in recent years. The team around global co-chair Viola Bensinger offers legal expertise for US companies and German clients alike and focuses on data collection, use, storage and deletion, GDPR and audit procedures as well for companies from the e-commerce, technology, media and healthcare sectors as well as for the public authorities.

Practice head(s):

Viola Bensinger

Key clients

ADO Properties

Bundesministerium für Verkehr und digitale Infrastruktur

Caesars Entertainment

Cyren Ltd.

Deutsches Rheuma-Forschungszentrum

Multi Corp.

Garbe Industrial Real Estate GmbH

Deutscher Sparkassen- und Giroverband

Deutsche Multimedia Service GmbH


Work highlights

  • BMVI: Legal advice to the federal government on data protection aspects in the preparation and implementation of the procurement procedure for the introduction of the infrastructure fee collection system.
  • German rheumatism research center: Advice on data protection law in setting up, structuring and updating cooperations with pharmaceutical companies and medical institutions for the implementation of research projects in the field of rheumatism research.
  • ADO Properties: Comprehensive data protection advice for the residential real estate company on all aspects of business operations.

GSK Stockmann

At GSK Stockmann in Berlin, data protection constitutes an important pillar of its IT practice which focuses on digital products, data models and compliance. The service portfolio also includes support in crisis situations and in dealing with regulatory authorities. Jörg Kahler and Katy Ritzmann  jointly head the practice.

Practice head(s):

Jörg Kahler; Katy Ritzmann

Key clients


Land Berlin, HOWOGE Unternehmensgruppe, HOWOGE Wohnungsbaugesellschaft

Lupin Pharmaceuticals

ONE Versicherung AG

Otto-von-Guericke-Universität Magdeburg

Biotechnologie-Unternehmen Affimed

solaris Bank AG

HOWOGE Wohnungsbaugesellschaft


Work highlights

  • Lupin Pharmaceuticals: Comprehensive advice on data protection law for the company’s European units in the pharmaceutical sector.
  • Otto-von-Guericke University Magdeburg: Advice and support in the research project “AURA – Autonomes Rad” on the legal framework with regard to autonomous cargo bikes, in particular regarding data protection issues.
  • Payback: Advice and support in various data protection matters relating to cooperation with partner companies, including drafting and negotiating data protection documents.

Lexton Rechtsanwälte

Berlin-based Lexton Rechtsanwälte has expertise in the IT and data protection space which it applies in manifold projects such as online platform operation, the handling of employee data at international corporations as well as data protection advice in relation to M&A. Practice head Kevin Max von Holleben advises clients on the design and management of international data flows and is known for defending a media company against Berlin's data protection authority. Tilmann Lührig is another key contact.

Practice head(s):

Kevin Max von Holleben

Other key lawyers:

Tilmann Lührig


'Lexton delivers first class advice, always clear and straightforward. The firm's partners and associates are quick to respond and offer excellent value for money. '

'Tilmann Lührig is able to quickly put together a strong team for larger projects that is able to deal with complex matters and difficult situations in a very short time. In addition to his outstanding expertise in IP and IT law, Lührig's strengths are his clear, consistent and at the same time pleasant communication. What is remarkable is that the quality and responsiveness at Lexton is very high. '

'The expertise and experience are excellent. If there are any doubts, problems or challenges, a solution is sought together with the legal department. Very strong basis of trust. '

Key clients

ARC GmbH & Co. KG

Basis Technologies Germany GmbH

Race Scout GmbH

QAD Europe GmbH

Opel Automobile GmbH

Deutsche Gesellschaft für Lebensmittelsicherheit, Wasser- und Umwelthygiene mbH

J2C – Journey 2 Creation GmbH

Pares-IT GmbH & Co. KG

Scope SE & Co. KGaA

Stadler Pankow GmbH

Torben, Lucie und die gelbe Gefahr (TLGG GmbH)

Trockland Management GmbH

Universal Music Entertainment GmbH

Rosneft Deutschland GmbH

v. Rundstedt & Partner GmbH

The unbelievable Machine Company GmbH

Visi/One GmbH

Zuckerkommunikation GmbH

Work highlights

  • Universal Music Entertainment GmbH: Advice on data protection law on the handling of employee and customer data in the global group.
  • Scope SE & Co. KGaA: Advice on data protection law when setting up and operating an online platform.
  • Rosneft Germany GmbH: Advice on data protection law in Germany.


Data protection advice on subjects such as industry 4.0, blockchain and internet of things as well as in the context of internal investigations, personal data and data protection audits are part of Oppenhoff's service portfolio. Hereby, the group acts with a sector focus on the insurance and energy industry and subsequently assists large German insurance companies and solar power corporations among others with new business models, Group Data Privacy, data property rights and GDPR implementation. Jürgen Hartung and Marc Hilber jointly head the practice that is internationally and particularly in the US very well connected. Additionally, the team also offers legal know-how to clients, in-house counsel and companies via its Oppenhoff Akademie.

Practice head(s):

Jürgen Hartung; Marc Hilber


'Very good teamwork in which the lawyers support each other and also do everything across teams to achieve the client's goals as effectively as possible.'

'Marc Hilber works brilliantly as a sparring partner and is probably the benchmark for legal advice in data protection law. He is also very familiar with related areas of law and arranges appropriate contacts to his colleagues for a well-founded conclusion. Marc Hilber is always the first and best point of contact for all questions relating to data protection and information technology. '

Key clients LLC; Bergfreunde GmbH

Deutsche Post AG

UNION Tank Eckstein GmbH & Co KG

Work highlights

  • UNION Tank Eckstein GmbH & Co KG (UTA): Advice on corporate data protection, including the creation of an intra-group data processing framework agreement.