Twitter Logo Youtube Circle Icon LinkedIn Icon

The Legal 500 Hall of Fame Icon The Legal 500 Hall of Fame highlights individuals who have received constant praise by their clients for continued excellence. The Hall of Fame highlights, to clients, the law firm partners who are at the pinnacle of the profession. In Europe, Middle East and Africa, the criteria for entry is to have been recognised by The Legal 500 as one of the elite leading lawyers for seven consecutive years. These partners are highlighted below and throughout the editorial.
Click here for more details

Germany > IT and outsourcing > Data protection > Law firm and leading lawyer rankings


Index of tables

  1. IT and outsourcing: data protection
  2. Leading individuals
  3. Next generation lawyers

Next generation lawyers

  1. 1

Who Represents Who

Find out which law firms are representing which Data protection clients in Germany using The Legal 500's new comprehensive database of law firm/client relationships. Instantly search over 925,000 relationships, including over 83,000 Fortune 500, 46,000 FTSE350 and 13,000 DAX 30 relationships globally. Access is free for in-house lawyers, and by subscription for law firms. For more information, contact


In data protection matters Baker McKenzie stands out for its high-end advice to telecoms, pharma, financial, IT and industrial companies characterised by ‘expert knowledge’, ‘quick, uncomplicated contact’ and ‘short response times’. Building on the many ancillary practices of the full-service firm, the four-partner team often advises on data protection in connection with M&A transactions and contentious telecoms matters, such as assisting a large international telecoms company with the Federal Network Agency’s order on the advance deleting of data and GFKL Lowell Group with data protection issues related to the acquisition of Tesch Inkasso. Other highlights included advising the asset management company of a global insurance company on data protection matters related to the introduction and registration of a mechanism for worldwide personal data processing; an international bank on the transfer of documents and information to domestic and foreign authorities and courts in connection with potential money laundering and tax evasion investigations; and a global biotech corporation on the structuring of requirements of EFPIA (European Federation of Pharmaceutical Industries and Associations) transparency systems. The team also sees a constantly high work load related to the introduction of the General Data Protection Regulation (GDPR). Other clients include Siemens Healthcare and Daimler. Holger Lutz has ‘excellent expertise’ and is noted for his ‘practically oriented advice’ and Julia Kaufmann is also recommended.

Bird & Bird’s ‘pragmatic and legally outstanding’ data protection lawyers ‘make clients very happy’, not least due to the ‘high level of expertise and acute business sense’. As ‘one of the best data protection practices in Germany’ the team advises an impressive number of IT corporations and DAX 30 companies on the entire spectrum of data protection matters, cybersecurity and corporate binding rules (CBR). It recently gained adidas as a new client in connection with various cross-border data protection projects. Other regular clients are blood glocuse meter manufacturer Dexcom regarding international data transfer and data protection matters related to variable tech and mobile and cloud solutions and Audi concerning big data matters. The portfolio furthermore includes Huawei, Levi’s, Microsoft and SAP. The ‘extraordinarily smart’ Fabian Niemann has a ‘deep understanding of European data protection law’ and ‘the quality of his advice is first-class in all regards’; Lennart Schüßler, who was promoted to partner, ‘can also always be reached in times of crises’.

Hogan Lovells International LLP advises prominent clients in the finance, insurance, automotive and healthcare sectors, companies in the manufacturing industry and IT service providers on the entire range of data protection matters with a ‘very high service level’. While the team surrounding the ‘practically oriented and assertiveTim Wybitul was frequently sought out for advice on the implementation of the GDPR in 2017, the practice additionally focuses on employee data protection, cybersecurity and international data transfer. It also assists well established corporations and tech start-ups with data protection issues related to autonomous driving and the connected car, the internet of things and digital healthcare. Marcus Schreibauer is the main contact for cybersecurity matters.

Latham & Watkins LLP’s data protection practice is tightly integrated in the European structure of the firm and enjoys an excellent reputation in Germany, particularly for its strong dispute resolution expertise in contentious data protection matters, although the firm also handles the entire spectrum of preventative data protection advice, especially for industry giants in the healthcare, finance and automotive sectors. It assists SCHUFA with data protection compliance and in data protection proceedings at higher courts; provides regular advice to IMS Health on data protection matters related to information services in the healthcare sector; and advises the German Dialog Marketing Association (Deutschen Dialogmarketing Verband, DDV) on data protection issues in connection with advertisement. The client portfolio also includes DZ Bank, Deutsche Bank and Tata Communications. Other expertise lies in cybercrime. Counsel Ulrich Wuermeling, who divides his time between Frankfurt and London, is considered ‘one of the best lawyers for data protection law’ particularly due to his ‘decade-long experience and good networks’.

Besides the omnipresent advice on the GDPR and complex data protection projects, Osborne Clarke’s expertise in data protection matters also includes CBR, cybersecurity and data protection compliance. Clients benefit from the specific industry knowledge of the three partners: Hamburg-based Flemming Moos is well versed in healthcare and FinTech-related data protection; Marc Störing, who was promoted to partner in Cologne, focuses primarily on data protection matters in the automotive and PropTech sectors; and the well regarded Ulrich Baumgartner is the main contact for data protection issues connected to digital business models. Recent highlights include coordinating Amadeus IT Group’s Europe-wide adaption to the GDPR; advising Google on the task force investigation proceedings of the Hamburg data protection officer regarding the unified harmonised Google privacy policy; and assisting Sixt with the negotiation of a high-volume data management platform contract. The high-end client roster includes Facebook, Ferrero and Weight Watchers International.

SSW Schneider Schiffer Weihermüller is a well-established firm for data protection matters: The team surrounding the renowned Isabell Conrad acts on the entire spectrum of relevant legal issues and saw increased international mandates in 2017, particularly related to worldwide data transfer concepts, data protection impact assessments, GDPR implementation and data transfer and deletion schemes for Industry 4.0 platforms. The firm advised a US big data provider on anonymity concepts and contract data processing; a German medical device manufacturer on data protection in connection with advertisement consent; and conducted an internal data protection audit for an international software provider. It furthermore carried out an expert study for a Swiss big data provider on the topic of data protection admissibility and legitimate use of big data solutions for airlines and also advised a US platform provider on telecoms data protection with respect to an international messenger platform. Other expertise lies in data protection compliance, social data protection and IT security.

Taylor Wessing’s international and diverse industry-spanning client base also benefits the firm’s wide-ranging IT expertise in data protection matters; GDPR implementation and advice on privacy shield regulations constitute current pillars of the practice. In recent highlights the extremely well regarded Axel von dem Bussche advised Atos on group privacy and employee data protection as well as GDPR implementation and together with David Klein, who was promoted to partner, also assisted eBay with data protection aspects of the marketing of inventory and advertisement. Gregor Schmid regularly advises ZAB (business development in Brandenburg) on data protection. The team furthermore often handles mandates related to international data transfer, data protection compliance and in connection with employment law. Other clients include Check24, Sirtex and Galeria Kaufhof. Thomas Kahl was also promoted to partner.

White & Case LLP often handles cross-border data protection matters and saw highlight matters particularly in the automotive, consumer goods and IT sectors. While the firm frequently advises on GDPR-related issues, intragroup and employee data protection, IT security and transaction-related data protection also play an important role. Due to the well regarded team’s close cooperation with the firm’s white collar crime practice, advice on data protection in the course of internal investigations and data protection compliance gained further significance in 2017. Detlev Gabel leads the global data privacy and cyber security group.

Also in data protection matters CMS positions itself with a broad practice and besides a high volume of GDPR-related mandates also covers data protection aspects of transactions, outsourcings and cloud computing as well as CBR and data security. In 2017 the team assisted an international outsourcing service provider on data protection issues during a complex BPO from Germany to the Philippines and advised the credit insurer Euler Hermes and the financial service provider Eos on data protection in connection with the sale of their joint subsidiary. A steady flow of work also stems from the firm’s regular data protection advice to Ströer and the Sparkassen-Finanzgruppe. Reemt Matthiesen and Christian Runte are the key figures.

Data protection now forms one of the most important pillars of DLA Piper’s well regarded IT practice and besides GDPR expertise clients seek the team’s data protection knowledge in the context of the connected car, cloud computing and online business models. In 2017 highlights included Jan Geert Meents’s advice to automotive manufacturers regarding the establishment of a global data protection monitoring system and in connection with big data projects and counsel Verena Grentzenberg’s advice to a German media corporation on data protection aspects of an innovative online business model. Cyber security and data protection compliance are other areas of expertise.

Eversheds Sutherland’s data protection lawyers ‘quickly understand clients’ needs’ and stand out for their ‘very high availability, deep industry expertise and team work’. The team led by the highly recommended Alexander Niethammer increasingly handles cross-border data protection projects and frequently advises on international data transfer, employee and customer data protection and data protection compliance. Recent clients include the US-Swedish automotive supplier Autoliv regarding data protection aspects of a joint venture with Volvo Cars, a US manufacturer of water treatment plants on data protection compliance and new client Messe München (the Munich Trade Fair) on customer data protection. Vodafone and Microsoft are also new clients; the practice won the latter through Lutz Schreiber’s arrival from Norton Rose Fulbright in 2016; he was recently promoted to partner.

Jones Day’s data protection expertise is clearly the main pillar of the firm’s broad IT practice surrounding the well regarded Undine von Diemar and besides domestic work also generates an impressive number of mandates from Asia and the US. The team advises on GDPR matters and frequently on international data transfers, cybersecurity, employee data protection and group privacy, data protection in connection with internal investigations, transactions and compliance. A highlight in the healthcare sector was advising Cardinal Health on data protection aspects during the acquisition of Cordis from Johnson&Johnson, in the course of the integration and regarding the GDPR. Heilind sought the firm’s advice for data protection issues related to its acquisition of the MPS group of companies and RTI Surgical for data protection during an SAP implementation project, which involves data transfer from different European states to the US. and ICANN are other clients.

Luther Rechtsanwaltsgesellschaft mbH provides ‘clear implementation recommendations for daily operations’ to listed and mid-sized companies but also public authorities regarding data protection matters. The firm’s broad advice on data protection in 2017 again manifested itself in a diverse portfolio: The IT practice led by Wulff-Axel Schmidt saw a particularly high volume of GDPR advice to domestic and European clients but also data protection matters in the energy industry. Michael Rath advises the Postbank Group and the pharmaceutical company Klosterfrau on the implementation of the GDPR and Bayer on data protection aspects of diverse IT projects; Silvia Bauer acts as external data protection officer for Reemtsma Cigarettenfabriken and assists the client with data protection compliance, amongst other matters; and Maximilian Dorndorf advised Essener Verband (Essen-based association) on data protection issues in connection with the corporate restructuring of the association. Other regular clients include BASF, ThyssenKrupp and E.ON.

Noerr combines ‘outstanding expertise’ in data protection matters with an ‘excellent service level’: The ‘always ready and available’ team assists domestic and international industry giants across various sectors with GDPR questions, international data transfer, IT security and data protection compliance and saw recent highlights particularly in healthcare and finance and here especially in connection with digital business models. The ‘strategic, clever, extraordinarily competent and friendlyDaniel Rücker advised an international tobacco corporation on various data protection matters. Senior associate Sebastian Dienst is considered an ‘outstanding young talent’ and is noted for his ‘business focus and good networks’.

In 2017 Oppenhoff & Partner particularly saw data protection matters in the telecoms, healthcare and IT sectors, which ranged from GDPR advice and international data transfer to employee data protection, data protection compliance and IT security. The especially active Jürgen Hartung advised Sony on data protection issues in connection with company agreements, email and internet, amongst other matters.

Recommended without reservationAshurst LLP’s IT practice is ‘very service-oriented’, ‘always responsive’ and ‘capable of providing sound advice even at short notice’, also in data protection matters. With a focus on comprehensive data protection projects, data protection compliance, international data transfer and GDPR advice, the team recently saw a high volume of work: It advised LafargeHolcim and Navitas Group on the global implementation of the GDPR, assisted Modern Times Group with data protection aspects of the acquisition of shares in InnoGames and also regularly handles data protection matters for Amazon, Citigroup and Clariant International. Andreas Mauroschat stands out for his ‘high legal expertise’ and ‘is able to come up with practical solutions that not only take legal issues into consideration but also the business and practical aspects’.

Beiten Burkhardt’s ‘outstanding’ team advises international IT service providers, technology companies and clients in the cosmetics, finance and telecoms industries on the entire spectrum of data protection matters, data security and cybersecurity and ‘always takes into consideration the economic aspects’. Recent highlights include assisting Estée Lauder Companies with data protection matters related to the setup of WLAN networks in the German retail stores of the client; advising a FinTech company on the data protection compliant design of their business model; and providing comprehensive data protection advice to electric car manufacturer NIO. The ‘brilliant’ Claudio Chirco, who was promoted to partner, ‘always thinks in the interest of clients’ and Axel von Walter also ‘has broad experience and gives competent advice’. Tim Caesar left the firm and works as corporate counsel for Infosys since August 2016.

KNPZ Rechtsanwälte advises domestic and international companies ranging from the finance and IT to the automotive and consumer goods industry on diverse data protection matters, but particularly stands out for assisting clients with data protection issues in connection with cross-border transactions, internal investigations and compliance matters and in contentious data protection proceedings. The client portfolio includes Evertracker and Bauer Media Group. Kai-Uwe Plath is the key figure.

Morrison & Foerster LLP’s IT team advises on data protection in the context of digital business models in the telecoms sector with particular expertise in connection with transactions, the development of digital platforms and cloud computing. Also noteworthy is the strong international orientation of the practice, which as part of the firm’s global privacy and data security group regularly handles cross-border data protection matters. Recent clients include Epcos, a subsidiary of the international TDK Group, regarding employee data protection in the course of a global joint venture with US chip manufacturer Qualcomm; DocuSign concerning contract data processing agreements with resellers and customers; and Anschutz Entertainment Group with regards to continuous advice on various data protection issues. Hanno Timner provides ‘extraordinarily good, quick and practical advice’.

Norton Rose Fulbright’s international data protection practice focuses on global GDPR projects, GDPR advice for European and Asian clients, cybercrime and contentious data protection proceedings. Christoph Ritzer, who was promoted to partner, continues to advise Lilly Germany on the Privacy Shield agreement; other data protection mandates stem from a client portfolio that ranges from IT, finance and automotive to pharma and medical companies and entail compliance, internal investigations and employee data protection. Jamie Nowak is the main contact for disputes; Lutz Schreiber left for Eversheds Sutherland in May 2017.

As part of the ‘outstanding’ global data protection practice Orrick, Herrington & Sutcliffe LLP’s German team surrounding ‘top data protection expert’ Christian Schröder also advises on the entire spectrum of relevant matters, including cyber security, GDPR and data protection aspects of transactions; increasingly US but also Asian clients make use of the team’s cross-border expertise. The firm advised Carnival Corporation on global data protection matters and internal company group contracts and a Chinese technology corporation on data protection issues in connection with autonomous driving. Other clients include Flexera Software and SIG Combibloc.

Reed Smith’s ‘strong’ IT team led by the recognised Andreas Splittgerber also has deep expertise in data protection matters ranging from CBR and GDPR advice to data protection issues related to transactions, international data transfer and IT security. It advises a company in the automotive industry on employee data protection; assisted a Dutch provider of eReader systems with customer data protection; and handled the introduction of CBR for a German pharmaceutical corporation. The client portfolio also includes Qubit, Netbiscuits and Neato Robotics.

SKW Schwarz Rechtsanwälte was able to strengthen its data protection with the arrival of Volker Wodianka, previously at Scheja & Partner, and has been particularly active in providing data protection advice in connection with transactions and the GDPR. The team assisted both Commerzbank and EDEKA-LUNAR, the retail chain’s IT company, with several phases of the GDPR implementation and recently advised SGL Group on data protection matters related to the sale of its graphite electrode business division to the Japanese company Showa Denko. Another client is STRATO.

Schürmann Wolschendorf Dreyer Rechtsanwälte’s data protection advice is marked by ‘great expertise, creativity and reliability’ and ‘due to the consistency in main contacts trusting relationships prevail’. The team primarily advises prominent domestic companies and associations on all data protection aspects connected to digitalisation, big data and data and IT security. It assisted an eCommerce company with data protection linked to big data concepts for the marketing and logistics divisions and in proceedings with data protection authorities; advised a local public transport company on the conception of a data protection compliant measurement of the stream of passengers for the analysis of traffic routes; and represents an international airline in official proceedings with the Berlin data protection officer. The ‘very solution-oriented’ Kathrin Schürmann has ‘very good legal and technical knowledge’ and Simone Rosenthal is ‘excellent, effective and pragmatic’.

WilmerHale’s data protection practice primarily handles cross-border matters, in 2017 the team again cooperated closely with the firm’s US colleagues and was able to maintain the high level of activity in contentious data protection matters. Martin Braun, who also acts as co-chairman of the global big data practice, continues to represent Facebook in proceedings at the administrative court in Hamburg regarding the question whether German data protection law is applicable on Facebook Ireland and whether the Hamburg data protection officer is responsible for measures against the client. The firm also regularly advises McDonald’s and a leading German pharmaceutical company on data protection issues.

Interview with...

Law firm partners and practice heads explain how their firms are adapting to clients' changing needs

International Law Firm Networks

International Law Firm Networks

Press releases

The latest news direct from law firms. If you would like to submit press releases for your firm, send an email request to

Legal Developments in Germany

Legal Developments and updates from the leading lawyers in each jurisdiction. To contribute, send an email request to

Press Releases in Germany

The latest news direct from law firms. If you would like to submit press releases for your firm, send an email request to