The Legal 500 > Europe, Middle East & Africa > Germany > Data protection

Baker McKenzie remains a top player with its highly active IT and data protection practice. The diverse expertise of practice heads Michael Schmidl and Holger Lutz reflects the breadth of group's entire portfolio. A strong focus lies on regulated industries, including the financial, pharmaceutical, medical device and telecoms sectors, and highlight matters are often cross-border in their nature. The team is further expanding its data protection advice in connection with areas such as fintech and big data, the automotive sector and mobility. Contentious matters are increasingly part of the portfolio and the team is seeing more activity in the legal tech segment. Michaela Nebel, who provides data protection advice to multiple financial institutions, was promoted to partner in July 2018 and Julia Kaufmann  is also widely recognised. She has particular expertise in data protection in the pharmaceutical context.

Bird & Bird's data protection competencies are the result of 20 years' experience in this segment. The firm advises DAX 30 and other market leading companies in the retail, healthcare, telecoms, automotive and media sectors on data protection with regard to the GDPR, international data transfers and the use of data. The broad practice is successfully expanding not only within Germany but also globally in strong collaboration with the firm's international offices. Recently the team saw particular growth in data protection advice in connection with new business models and hot topics such as IoT, digitalisation, the cloud and big/smart data. Noteworthy is also the firm's contribution to the development of the legal framework for data protection by participating in various industry associations and committees and government initiatives. Frankfurt-based Fabian Niemann, who is widely recognised as leading by competitors, heads the practice. Recently the Hamburg office in particular was strengthened with the arrival of Hartmut Hörner from Deloitte Legal Rechtsanwaltsgesellschaft mbH and the promotion of Miriam Ballhausen to counsel. Associate Simon Assion also enjoys a good reputation in the market and so does Lennart Schüßler with his comprehensive data protection knowledge.

Latham & Watkins LLP's comparatively small data protection team nevertheless constitutes one of the market leaders in this segment. Towards the end of 2018 the firm received significant attention due to its representation of the chat portal knuddels.de in the first fine proceedings due to GDPR breaches in Germany. The practice is now well-equipped for increased legal actions in form of data protection disputes and damage claim proceedings. Besides representing clients in litigation, including at the Federal Court of Justice, Federal Labour Court and Federal Constitutional Court, the firm's range of services also includes GDPR implementation in company structures and data protection advice in connection with M&A transactions as well as internal investigations and international pre-trial discovery procedures. Through the close collaboration with the firm's compliance practice the team was also able to strengthen its competencies in crisis management in the case of data protection scandals and cyber crime. Practice head Tim Wybitul, who joined from Hogan Lovells International LLP in October 2018, and Frankfurt and London-based Ulrich Wuermeling are both considered leading in the German market.

Noerr only established a data protection group in 2018, but the firm's expertise in this field rests on longstanding experience, not least thanks to the expertise of practice head Daniel Rücker. With a consistently growing portfolio the firm advises German and international companies from its offices in Munich, Berlin and Frankfurt on data protection compliance issues, the processing and use of data and the introduction of data protection management structures and governance processes. Clients stem from the automotive, fashion, IT and finance sectors, among others. The team works particularly closely with the firm's Digital Business Group and is strengthening its ties with the compliance and litigation practices. Associate Sebastian Dienst is highly active in data protection matters and already recognised in the market and Benjamin Jahn, who focuses on data protection in an employment law context, was promoted to partner at the start of 2019.

White & Case LLP's data, privacy and cyber security group advises clients on all aspects of data protection, especially on German and European data protection law, cross-border data traffic and IT governance issues. A big focus of the practice also lies on advising online platforms, which the firm assists not only with data protection matters but also regulatory, competition law and product-based questions (such as acting for Facebook and Facebook-company WhatsApp since 2011). Key clients also include automotive, food and construction technology companies. Detlev Gabel, who is considered leading in the German market, heads the European practice. Martin Munz and Sylvia Lawrence, who was promoted to partner in 2018, are the key figures in the Munich and Berlin offices respectively. Lawrence has particular expertise in advising digital platforms, especially in the areas of social media, automotive, energy and cloud services.

A large team and long list of prominent clients are securing CMS a place among the biggest players providing data protection advice in Germany. Besides giving ongoing GDPR advice, which focuses especially on the banking and life sciences sectors, the firm also offers a targetted information service in connection with the upcoming e-privacy regulation. The practice often covers matters beyond the domestic border and has also developed the data law navigator, a tool which informs clients about data protection and cybersecurity in various countries.

Clients and competitors alike recommend DLA Piper's data protection practice which shows particular strength in the automotive and finance area and has recently handled topics such as big data, AI and privacy-by-design projects. Other pillars of the practice lie in advising clients on compliance applications, employee data protection and cybersecurity. In collaboration with the firm's global data protection group the team often acts in international data protection projects. In 2019 the team grew significantly: In May Hamburg-based Verena Grentzenberg, who focuses especially on data protection advice in connection with new business models, was promoted to partner and at the same time senior associate Jan Spittka   made counsel in Cologne. Renowned university professor and data protection expert Jürgen Taeger already joined the firm in February 2019 as of counsel and in Munich the practice was further strengthened with counsel Katia Helbig from Baker McKenzie in September 2019.

Undine von Diemar heads Jones Day's cybersecurity, privacy and data protection practice at the German and the European level and recently focused not only on GDPR implementation projects but also topics such as the assertion of data protection law-related claims of the individuals affected (such as employees' information claims ) and data breaches (often cross-border). Advice in connection with internal investigations and with transactions constitute two other strategic pillars for the team, which often cooperates with the firm's US offices. Employment lawyer Paul Melot de Beauregard joined in May 2019 from McDermott Will & Emery Rechtsanwälte Steuerberater LLP and brought experience in data protection.

SKW Schwarz Rechtsanwälte's broad data protection practice led by Matthias Orthwein, whose 'reliability and tact' are well regarded, is noted for the team's 'high expertise and practical explanations of legal issues'. Although the firm is known primarily as German entity, it did not miss out on the opportunity caused by the GDPR to participate in international business (especially in China and the US). Advice on data protection breaches, cybersecurity and data management continues to constitute the bulk of the work. The team also acts as data protection officer for companies and provides foreign clients with services as EU representative in accordance with the GDPR. At the start of 2019 Benjamin Spies was promoted to equity partner and Nikolaus Bertermann made salary partner.  Hans Markus Wulf, however, had already left for Heuking Kühn Lüer Wojtek in July 2018.

According to clients German IT boutique SSW Rechtsanwälte Steuerberater Wirtschaftsprüfer determines the 'benchmark in data protection'. From its office in Munich the team handles Germany-wide and cross-border matters. It has particular know-how regarding data protection-related contract, compliance and security issues and acts for companies across various industries (including insurers, pharmaceutical companies, fintech platforms and telecoms providers) and public entities. Practice head Isabell Conrad is considered an 'impressive and razor-sharp negotiator'.

At Eversheds Sutherland the data protection practice covers compliance, data transfers (aided by the firm's high international spread) and data protection breaches. Thanks to the firm's large employment law group, the team is also able to successfully provide advice on matters at the intersection with collective employment law. Data protection-related issues are predominantly handled by practice head Alexander Niethammer and counsel Nils Müller, both based in Munich.

After Heuking Kühn Lüer Wojtek over the last few years was able to gain data protection expertise with lateral hires such as practice head Thomas Jansen (2017) and Hans Markus Wulf (2018) from DLA Piper and SKW Schwarz Rechtsanwälte respectively, in 2019 the practice was ready to significantly expand its coverage. New clients – from domestic public entities to international companies – enabled the team's access to new types of projects, which, for instance, involved data transfer between governmental bodies and private actors as well as product advice and order processing agreements. The seven partner strong team that constitutes the firm's data protection task force sits within the larger IP, media and technology group.

After the renowned data protection expert Tim Wybitul left for Latham & Watkins LLP in 2018, Hogan Lovells International LLP's data protection practice also lost Nils Rauer and senior associate Ruth Maria Bousonville to Pinsent Masons Germany LLP at the start of 2019. The team is now led by Burkhardt Goebel, Morten Petersenn and Andreas Bothe, who are responsible for the larger IP group. The departures were also met with the partner promotions of Martin Pflüger in Munich and Christian Tinnefeld in Hamburg. The newly formed practice now focuses on advising the telecoms, pharma, medical products, automotive and consumer goods sectors on GDPR implementation projects, the use of personal data and the data protection compliant drafting of IT contracts. Noteworthy is also the Hogan Lovells Data Breach Assessor, the firm's internal legal tech tool, which assists the decision-making process in the case of data breaches.

At the end of 2018 Norton Rose Fulbright's IT and data protection team underwent some structural changes: The group now sits within the firm's global practice that covers IP and IT issues combined. In the data protection area the team focuses especially on GDPR and global data protection breaches. The firm's work in the insurance sector is particularly successful. The key figures of the German team are Christoph Ritzer in Frankfurt and Jamie Nowak in Munich, who is responsible for the technology and innovation segment.

Orrick, Herrington & Sutcliffe LLP's small data protection team surrounding key figure Christian Schröder entered the firm's newly founded global practice group Cyber, Privacy and Data Innovation in 2018. Consequently, with the 'unique' support of the firm's international offices, including London, Seattle and Washington D.C., clients benefit from the seamless coordination of their frequently international data protection matters. The practice focuses in particular on topics such as international data transfers, data protection compliance and whistle-blowing.

Greenberg Traurig Germany's data protection practice can historically be traced back to the firm's data protection advice in the media sector. By now the client base is much more diverse and the firm has a dedicated Data, Privacy and Cybersecurity group, which is co-led by Viola Bensinger both at the domestic and global level. The team consequently not only advises large US and European media companies but also fitness, IT and real estate companies. Contentwise the advice focuses on GDPR, compliance issues and increasingly on fine proceedings and matters in connection with the planned e-privacy regulation. Noteworthy is furthermore the firm's activity in data protection issues specifically related to the car toll.