Firms To Watch: Data protection

Clyde & Co LLP welcomed data protection expert Jan Spittka (previously at DLA Piper) in July 2021 and focuses on the insurance sector. The team represents clients in fine proceedings and data protection damage claims.
Gleiss Lutz further expanded its IP-tech capacities and offers a full-service approach covering all relevant data matters.
Redeker Sellner Dahs offers tailored support for health insurance companies in proceedings and, thanks to the cooperation with the public law team, also advises companies, associations, federal ministries and authorities.

Data protection in Germany

Baker McKenzie

Integrated into the firm’s global network, Baker McKenzie frequently cooperates across practices and also offers additional local expertise. The versatile client portfolio includes international automotive, software and pharmaceutical companies as well as financial institutions, which are advised on data protection law as well as supported in proceedings before supervisory authorities, Florian Tannen is a key contact here. Additional capacities are located at the interface with telecommunications, contract, medical and distribution law. Co-practice head Michael Schmidl covers the interface to employment law, while co-head Holger Lutz is experienced in outsourcing matters as well as hardware and software contracts. Competencies in direct marketing and the associated tracking and profiling activities were strengthened in July 2022 with the partner appointment of Simone Rieken.


‘Very large team with in-depth specialist knowledge and broad industry knowledge.’

‘The law firm has unique know-how in this area and very good contacts with the data protection authorities.’

‘Excellent availability and short response times. Proactive and independent work; Coordination and consultation whenever necessary.’

Bird & Bird

Bird & Bird ‘s versatile team impresses with in-depth data protection expertise and cross-locational capacities via its international network. DAX companies, global market leaders and state-owned companies are among the client roster, which the team advises on international data transfers, data analytics and cloud matters, but also increasingly on new business models and current trends such as AI, blockchain, IoT and digitisation. Companies from the healthcare, automotive, media and consumer goods sectors are supported in digital disruption, which is a core focus of Lennart Schüßler. Practice head Fabian Niemann focuses on technology, digital media, cloud computing, copyright and data protection law. In May 2022, Simon Assion, a specialist in information and telecommunications law, and Benjamin Wübbelt, who acts at the interface between public procurement law and IT law, made partners. IT and data protection expert Alexander Duisberg joined Ashurst LLP in February 2023.


Fabian Niemann




Brain Corp


D-Trust / Bundesdruckerei




GIZ, Gesellschaft für internationale Zusammenarbeit



Lumen Technologies Germany GmbH



Nuance Communication


Star Alliance

Telefónica Germany GmbH & Co. OHG




  • Global advice to SAP on data and data protection law issues, in particular issues related to data localization requirements, international data transfers and sector-specific data protection law requirements.

  • Comprehensive advice to AUDI on data transfers to and from China, connected cars and data usage as well as other special topics in the automotive sector and comprehensive advice on GDPR compliance.

  • Comprehensive advice to GIZ on numerous international data protection projects.


Integrated into the firm’s global cyber network, CMS' team is increasingly active in cross-border advice to financial institutions, online platform operators and technology companies on data protection issues, such as the development of automated driving systems. Another core competence is clients’ representation before the authorities. Markus Hauser‘s expertise encompasses digital business models and technology transactions, while Florian Dietrich is experienced in e-commerce, e-payment, fintech and online advertising. The practice significantly expanded at partner level: In January 2022, Markus Kaulartz (blockchain and crypto), Martin Gerecke (new media and e-commerce) and Philippe Heinzke (implementation of digital business models) made partners.


‘Fast communication, flexibility, professional, industry knowledge, innovation.’

‘We are extremely happy with the support we receive from CMS.’

‘Availability, flexibility, creative ideas.’

DLA Piper

The interdisciplinary and internationally-oriented data protection team at DLA Piper is led by Stefan Engels and Thilo von Bodungen and supports well-known clients in transactions, IT compliance, the implementation of data protection requirements in projects and in proceedings before data protection supervisory authorities and against damaged individuals as well as consumer protection associations. The advice on IP, digital transformation, outsourcing and IoT is another core area, where Jan Geert Meents and Jan Pohle are the key contacts. The client base includes insurance companies, media corporations as well as national and international companies from the automotive sector and high-tech industry, with a recent notable increase in the advice to clients from the media, consumer goods and retail sectors. Verena Grentzenberg offers longstanding experience in new business models, big data and AI projects.


‘The data protection team is very practice-oriented and gives very pragmatic advice, especially when support is needed at short notice.’

‘Very pleasant scope and absolutely helpful expertise!’

‘DLA Piper helped us a lot under time pressure.’

‘Verena Grentzenberg: Very high problem-solving skills, focus on practicality, eye for the essentials, efficient processing, reliable cost estimates.’


Fresenius Medical Care (FMC)


Heidelberger Druckmaschinen AG



  • In cooperation with the regulatory team, advising H&M on fundamental administrative and constitutional issues in fine proceedings.

  • Ongoing advice on IT law and data protection law since the start of the transformation of Heidelberger Druckmaschinen AG in 2020.

  • Advising an international insurance group on the legality of electronic advertising activities in terms of advertising law and data protection law.

Latham & Watkins LLP

Latham & Watkins LLP‘s data protection practice covers transactions, strategic advice (especially digital economy matters) and data privacy litigation. The team recently demonstrated its strength in major disputes, including in proceedings before the data protection authorities, in fines and civil proceedings related to possible data breaches, as well as damage compensation. European data protection law expert Ulrich Wuermeling regularly advises technology companies as well as organisations from the direct marketing, healthcare and financial services sectors. The practice is led by renowned Tim Wybitul, who is among the leading figures in German data protection law; he took the lead in the successful defence against the highest German GDPR fine to date before the ECJ.


Tim Wybitul


‘Excellent professional competence and pragmatic solutions.’

‘High know-how; clear guidance; willingness to discuss; clear expectation management.’

‘Absolute know-how; good interaction between the various specialist departments within the law firm; sufficient capacity for timely completion; already the first drafts with a good outcome; absolute reliability in appointments/coordinations.’


IQVIA Commercial GmbH & Co. OHG



Daimler AG


MediaMarkt Saturn Retail Group

Deutsche Wohnen


  • Successful representation of Daimler as a defendant in proceedings before the Federal Labor Court (BAG) regarding the right of employees to information and data copies.

  • Defense of Deutsche Wohnen before the ECJ in connection with various issues regarding the highest GDPR fine to date in Germany. This is the first procedure on the current German GDPR fine practice before the ECJ.

  • Advising Meta in relation to a series of multi-jurisdictional governmental inquiries and investigations into alleged data breaches and compliance with data protection laws generally, and related litigation.


Noerr ‘s full-service approach covers the entire spectrum of data protection law, including clients’ representation in administrative, fine and court proceedings, where the team routinely cooperates with the relevant litigation, regulatory and compliance experts. A particular focus is on data breach management and data protection litigation, which are among Sebastian Dienst‘s areas of expertise, as well as on the implementation of sustainable data protection compliance systems in the context of the GDPR legislation. Cross-border matters are also covered, particularly with reference to China, where the team regularly cooperates with local law firms. Joachim Schrey advises on data and confidentiality issues, while practice head Daniel Rücker assists with the structuring of international data flows, among others.


Daniel Rücker


‘Extremely good accessibility, high-quality and practice-oriented advice, quick response.’

‘Detailed, at the same time business-oriented and pragmatic.’

‘Professional advice and pragmatic as well as innovative solutions.’

‘Partners and associates with very good legal and IT know-how.’

‘Great expertise. Very fast, flexible and top customer orientation.’

‘Always find a first-class solution, even for complex issues.’

‘Very accessible. Fast response. Absolutely first-class professional and human competence.’


ADA Health

adjust GmbH

BoardGameGeek LLC

X-Technology Swiss research & development AG


Lotus Technology Ltd.

Lotto 24


Cision Inc

MediaMonks Germany GmbH


Bundesministerium für Wirtschaft und Klimaschutz

EVE Germany GmbH


LVM Landwirtschaftlicher Versicherungsverein Münster a. G.

McDonald’s Deutschland LLC

MEWA Textil-Service AG & Co. Management OHG

Microsoft Corporation

Mobility Trader GmbH

Finanz Informatik Technologie Service GmbH & Co. KG (FI-TS)


Schwarz Gruppe





  • Comprehensive advice to Europcar/Buchbinder on handling a data protection incident.

  • Advice on data protection law to EVE Germany GmbH on EU market entry, including the implementation of a data protection governance structure, the creation of data protection information and international data transfers.

  • Advice on data protection law to Ada Health at the interface to medical device regulation and AI regulation.

Osborne Clarke

Osborne Clarke impresses with comprehensive data protection expertise, including litigation and cyber security as well as digital transformation projects; the latter is a core focus of Adrian Schneider, who made partner in January 2022. Frequent cooperations with other practices results in synergies at the commercial, antitrust, insolvency and, above all, IP interface. This comprehensive expertise is requested by clients from various sectors, with Julia Kaufmann, who joined the practice in July 2021 (previously at Baker McKenzie), strengthening the expertise in the healthcare sector. Lina Böcker (previously at JBB Rechtsanwälte) joined the firm in September 2022 and specialises in IT transactions. In addition to recognised practice head Flemming Moos (data protection and IT law), the practice also fields renowned expert Marc Störing (software development and IoT).


Flemming Moos


‘Fast-acting, nationally strong team that acts calmly and with a focus even in pressure situations.’

‘The team is characterized by a comprehensive depth of knowledge that can be conveyed in an understandable way and implemented in everyday practice.’

‘The short seminars offered on developments relevant to data protection, including the impact on related areas of law, are extremely helpful for day-to-day work.’

‘The combination of data protection knowledge and experience in programming software as well as the consulting expertise in relation to supervisory authorities and their views.’

‘Good understanding of the issues to be resolved in corporate legal departments. Consistent practice-oriented approach.’

‘Adrian Schneider: In-depth specialist knowledge, very fast delivery of solutions, very high availability, technical understanding of the technologies underlying the challenges.’




Fidelity Strategic Ventures Limited

CooperVision, Inc.

Curalie GmbH

METRO Markets GmbH

Münchener Rückversicherungs-Gesellschaft Aktiengesellschaft

Quest Software AG

Splunk, Inc.

SSI Schäfer


  • In the course of the integration process of G+J into RTL, advising the new integrated group of companies of RTL, including strategic advice to G+J on smart data and big data analyses.

  • Ongoing strategic advice on data protection and other IT regulatory issues relating to the Curalie GmbH health platform in a national and international context.

  • Comprehensive advice on data protection and e-commerce issues to CooperVision, Inc.

Taylor Wessing

Taylor Wessing ‘s interdisciplinary data protection and cybersecurity team acts from five German locations and covers cross-border as well as cross-practice matters. Clients include start-ups, medium-sized companies and large multinational corporations, which the group routinely advises on digital business models, transactions, contract drafting and regulatory issues. The support covers the sectors healthcare, finance, gaming and automotive, with regular instructions on big data, machine learning and artificial intelligence. Other key areas include clients’ representation in ban and fine proceedings before data protection supervisory authorities and cyber security issues; the latter is a particular strength of the team. Practice head Paul Voigt is a proven expert in IT contract and IT security law as well as the e-commerce sector and is supported by IT law specialist Axel Freiherr von dem Bussche.


Paul Voigt


‘The Taylor Wessing team has a variety of skills that are very well suited to our industry: they act quickly, are solution-oriented and reliable.’

‘They are able to present the same complex facts to different groups of recipients (management, experts) accordingly.’

‘They also think outside the box in other sectors and compare the solutions. They act in a very practice-oriented manner and have a very good feeling when theoretical and when practical approaches are necessary.’





Douglas / Parfümerie Douglas Deutschland

E.ON Energie Deutschland





Hyundai Motor Europe GmbH


  • Comprehensive and strategic advice to Ebay on data protection.

  • Ongoing advice to Novartis on data protection issues related to business operations, including healthcare, IT and CRM systems, conducting studies and data collection.

  • Comprehensive advice to the entire German Vodafone group of companies in the areas of compliance, data protection and telecommunications law.

Luther Rechtsanwaltsgesellschaft mbH

Large international corporations as well as public sector players rely on Luther Rechtsanwaltsgesellschaft mbH‘s data protection expertise, which is regularly requested in the context of digital business models and AI platforms, most recently in the areas healthcare, mobility and telecoms. IT and data protection law expert Kay Oelschlägel is a key contact here and assists with both major projects and contentious issues; he is part of the practice led by Wulff-Axel Schmidt. Procurement law expert Tobias Osseforth joined from LUTZ | ABEL RECHTSANWALTS PARTG MBB in January 2022 and advises on tender procedures in the IT sector. Michael Rath covers matters at the interface between IT and IP law, while Stefanie Hellmich has expertise in digitisation matters and the use of new technologies.


Wulff-Axel Schmidt

Weitere Kernanwälte:

Michael Rath; Stefanie Hellmich; Silvia Bauer; Tobias Osseforth; Kay Oelschlägel; Christian Kuß; Michelle Petruzzelli


‘The IT and data protection team of Dr. Rath is very efficient and technically outstanding.’

‘Dr. Michael Rath can be contacted at any time and, in addition to his technical expertise, is characterized by a very good ability to empathize.’


Ashfield Healthcare GmbH

Augsburger Aktienbank AG


Clariant Produkte (Deutschland) GmbH

Deutsche Telekom AG

DKMS gemeinnützige GmbH


EDEKA Gruppe

Evonik Industries AG


McKesson Europe AG (vormals Celesio AG)

R. Stahl Aktiengesellschaft

Reemtsma Cigarettenfabriken GmbH

Riedel Communications GmbH & Co. KG

Servicegesellschaft der PSD Banken mbH

Stadtwerke München GmbH

Volkswagen Financial Services AG

Charité – Universitätsmedizin Berlin


  • Advice on data protection law to Stadtwerke München on the introduction of a new sales background system for the mobility services operated by the Munich Transport Company (MVG).

  • Advice on data protection and IT law to the Charité – Universitätsmedizin Berlin on setting up a research data platform for research into Covid-19.

  • Advice on data protection law to ECE Group Services GmbH & Co. KG in connection with a request from the data protection supervisory authority regarding customer tracking in shopping centers and questions of group data protection.

SKW Schwarz

The data protection team at SKW Schwarz is known for its expertise in SaaS matters and other cloud-based business models and also advises on cyber security and cyber incidents. The group offers industry expertise in the automotive sector, where various topics in the IT and digital business segment are covered, thanks to the close cooperation with the media, IP, M&A and tax law teams. Daniel Meßmer made partner in January 2022 and jointly heads the team with Andreas Peschel-Mehner, both focus on supporting platform-related matters as well as cloud strategies.


‘Short response time, profound realistic and also creative solutions.’

‘The very strong team and network deserve special mention.’

‘Excellent professional competence and quick response as well as flexibility.’

‘Dr. Daniel Meßmer: Fast, thorough and excellent professional competence.’


Microsoft Corp., Microsoft Deutschland GmbH, Microsoft Online Ireland



  • Advice on data protection law and other contractual advice to WhistleB (NAVEX Global Inc.) Whistleblowing Center AB to adapt the contract documents to German law and to comply with data protection compliance in accordance with the provisions of the GDPR.

  • Advising and representing SCHUFA Holding AG in various BGH proceedings in legal disputes regarding the discharge of residual debt; over 150 new legal disputes before regional courts and higher regional courts throughout Germany in the reporting period.

  • Advising GRID esports GmbH on the development of an OpenData platform for licensing esports data. In addition, creation of data protection documentation, data processing contracts and determination of the data protection structure.


WilmerHale is renowned for its data protection litigation expertise and has a correspondingly remarkable track record of ECJ proceedings and proceedings before the European Data Protection Board and before national authorities; The long-standing relationship with the technology company Meta, which is supported in numerous procedures, is noteworthy here. Martin Braun focuses on international data transfer and social media, he is supported by Hans-Georg Kamann and Frédéric Louis, who also frequently take the lead. The capacities in EU competition and regulatory law were strengthened with the partner appointment of Anne Vallery in January 2022.


Martin Braun


Meta Platforms, Inc.

WhatsApp Ireland Limited


  • Advice on data protection and European law aspects to Meta Platforms Ireland Limited (Facebook) in the proceedings of the German Federal Cartel Office regarding the merging of user data.

  • Representation of Meta Platforms Ireland Limited (Facebook) in the fan page proceedings before the Court of Justice of the European Union and the German courts.

  • Representation of Meta Platforms Ireland Limited (Facebook) in proceedings regarding the so-called Like button.


Thanks to the close cooperation with the IT and media practice, ADVANT Beiten comprehensively advises on data protection issues, including compliance audits and the introduction of new technologies. This combined expertise is frequently requested by a loyal client base from the gaming, finance and healthcare sectors. Practice head Andreas Lober focuses on technology, digitisation and electronic entertainment and also represents clients in court and arbitration proceedings. Axel von Walter (data protection and digitisation) and Gudrun Hausner (data protection, IT and competition law) joined GvW Graf von Westphalen in July 2021.


Andreas Lober


BKK Dachverband

Charité Universitätsmedizin Berlin

finstreet GmbH

Investify S.A.

LaSalle GmbH

Ministerium der Finanzen des Landes Sachsen-Anhalt

Oxolo GmbH



  • Advising the Charité Universitätsmedizin on special (research) projects.

  • Advice on public procurement, IT and data protection law to the Ministry of Finance of the State of Saxony-Anhalt as part of a negotiation process with a participation competition for the procurement of household software.

  • Comprehensive advice to various Creditreform companies on data protection-compliant execution of debt collection and scoring.

Eversheds Sutherland

The Eversheds Sutherland team around Munich-based Alexander Niethammer is a popular address for the risk assessment of international data transfers, privacy litigation, cyber security as well as data privacy issues. The practice acts integrated into the firm’s international network and regularly assists with large-scale projects. Industrial companies as well as clients from the healthcare and life sciences sectors regularly instruct the team on digitisation and transformation matters. In August 2022, Lutz Schreiber (IT, data protection, outsourcing) joined YPOG.


Alexander Niethammer

Weitere Kernanwälte:

Nils Müller; Constantin Herfurth


‘Practical solutions, fast and efficient feedback.’

‘Nils Müller is an extremely uncomplicated lawyer who can be contacted at any time, offers pragmatic solutions and does everything necessary to help the client – exemplary.’

‘Constantin Herfurth provides practical, clear and understandable advice.’


Adidas Group


Aspen Pharma



Coupa Software

Cyrus One



Edwards Lifesciences Services



Modine Manufacturing Company




Special Olympics Deutschland

Sun Express

Toyota Motor Credit Corporation

Turkish Airlines



  • Advising a global leading US company on the privacy-by-design drafting and implementation of an AI technology in ten countries, including communication with supervisory authorities; as well as support in various data protection procedures and investigations by various supervisory authorities.

  • Representation of an international airline as data protection coordinator in Europe to ensure GDPR compliance at all EU locations, especially in the area of cookie and marketing compliance.

  • Advice to Coupa Software Inc on the re-papering strategy and implementation with regard to the new Standard Contractual Clauses (SCC) for over 1,000 customers.

GvW Graf von Westphalen

GvW Graf von Westphalen focuses on the automotive, finance, insurance and the public sector, where the group demonstrates particular expertise in interfacing public law and public procurement law as well as  healthcare matters. Stephan Menzemer heads the firm’s international desk and advises on IT law in addition to his work as mediator. The team expanded at partner level with the appointment of Michael Herold (IT law and data protection) in January 2022 and the additions of Axel von Walter (data protection and digitisation) and Gudrun Hausner (data protection, IT and competition law) in June 2022 (formerly at ADVANT Beiten).


Stephan Menzemer


‘Uncomplicated communication, quick understanding of the client’s needs.’

‘All the lawyers in the firm advise us competently, reliably and very quickly. We have fixed contact persons who bring in experts in each case. For more complex problems, several experts work together as a team.’

‘The practice is particularly to be commended for combining the right balance between legal expertise and commercial thinking.’

‘The work is always characterized by profound legal knowledge (on the part of the clients as well as the authorities), which is very helpful.’

‘The team is perfectly familiar with European and international data protection law. That makes it easy to map international relationships pragmatically and effectively.’

‘The team is sufficiently staggered (from equity partners to associates) and uses resources appropriately and – also from the client’s point of view – economically.’

‘They make the deal happen in every situation. We are very satisfied, anytime again.’

‘Dr. von Walter has a very good problem awareness and advises quickly and solution-oriented. He always keeps an eye on the sometimes special requirements of the client.’



Advent International Ltd


CDP Europe

DKB Deutsche Kreditbank AG

E.M.P. Merchandising Handelsgesellschaft mbH

N-ERGIE Aktiengesellschaft


Northrop Grumman Sperry Marine B. V.

SYNLAB International GmbH

AEF Agricultural Industry Electronics Foundation e.V.

Asseco Solutions AG, Asseco Solutions GmbH, Asseco Solutions s.r.l.

Biospring GmbH

DIFA Deutsches Institut für Fachärztliche Versorgungsforschung GmbH

Kunstsammlung Nordrhein-Westfalen e. V.

Infosys Limited

ratyonal GmbH

Simi Reality Motion Systems GmbH


gematik GmbH

Heuking Kühn Lüer Wojtek

Heuking Kühn Lüer Wojtek‘s comprehensive data protection expertise encompasses outsourcing projects and related contract drafting, cross-border data transfers, software launches and the implementation of data protection audits. In addition, the team around Thomas Jansen and Hans Markus Wulf is well versed in transactions, which is also a core focus of Michael Kuska. Former salary partner and expert in data protection Britta Hinzpeter joined Kaiser X Labs as head of legal in May 2022.

Weitere Kernanwälte:

Michael KuskaAstrid Luedtke


‘Very good breadth of the team, proven specialists. Up to date.’

‘The Heuking team is always characterized by the solution-oriented and pragmatic approach to complex problems.’

‘They give concrete cost estimates in advance, which they then meticulously stick to during implementation. This transparency combined with the technical know-how is very well received.’

‘The combination of the key areas of IT, IP and data protection is to be emphasized – this means that the essential issues can be covered with a well-coordinated team, especially in the cloud or software development area as well as in complex IT projects.’

‘We found HKLW to be very competent and always practice-oriented. Despite the size and diversity, there is a very pleasant medium-sized company orientation.’

‘Complex projects are equipped with a team that works well together, so that as a client you feel very well advised and represented.’

‘Astrid Luedtke: Good knowledge of the industry, to the point.’

‘The collaboration with Dr. Thomas Jansen is excellent. From the analysis of contracts to the assessment of legal situations, I am satisfied without exception. Accessibility and the high-quality creation of documents are crucial for me.’


  • Advice to the Verkehrsverbund Rhein Ruhr on the implementation of a new check-in/be-out system as part of the introduction of the new electronic transport tariffs in North Rhine-Westphalia; including a comprehensive examination of the data protection roles of the transport companies involved and other parties involved, as well as the development of a corresponding agreement on joint responsibility and the design of the international data transfer as part of the hosting.

  • Comprehensive product-related data protection advice to Arlo Technologies, Inc., in particular on new and innovative camera and WLAN functionalities.

  • Advising the Santander Consumer Bank on data protection issues in connection with the introduction of HR management software. This concerns the substantive legality of software use within the German company and the transfer to other group companies associated with use, as well as questions of setup and implementation.

Hogan Lovells International LLP

Integrated into the firm’s IP, media and technology practice and led by Burkhart Goebel, Miriam Gundt and Andreas Bothe, Hogan Lovells International LLP advises clients on data breaches, cyber attacks and transactions and represents them in data protection litigation and proceedings before German and international supervisory authorities. The group specialises in advising on the interface between data protection and employment law and covers topics such as employee data protection in the context of outsourcing projects. In line with the firm’s orientation, the data protection team is also focused on the automotive, healthcare, finance and insurance sectors.

Weitere Kernanwälte:

Marcus Schreibauer; Martin Pflüger


Akamai Technologies, Inc.



Brainlab AG

Brainloop AG

Bundes-verband Herzkranke Kinder e.V. (BVHK)

Bundesverband der Zahlungs- und E-Geld-Institute e.V., BVZI


Daiichi Sankyo Europe

Dana Incorporated

Erste Abwicklungsanstalt (EAA)

ExB Labs GmbH

IKB Deutsche Industriebank GmbH

Helsing AG

Jungheinrich Gruppe






Phoenix Contact

Regeneron Pharmaceuticals

Roche Diagnostics GmbH



Texas Instruments


  • Advising Akamai on the Hochschule Rhein Main’s complaints procedure before the VGH Baden-Württemberg against decisions by the Administrative Court of Wiesbaden on application on questions of data protection law and administrative procedural issues.

  • Advising Aminus on various projects in connection with the neighborhood network app developed by Animus.

  • Advising Catena-X on the establishment of the Catena-X initiative.
    #### ORIGINAL ####
    Beratung von Catena-X bei der Gründung der Catena-X-Initiative.

Jones Day

Jones Day‘s interdisciplinary practice comprehensively covers data protection law and frequently advises across locations on cyber attacks and transactions and also leads internal investigations, thanks to the cooperation with the compliance team and the expertise of Martin Lotz. German and international clients, particularly the US, from the technology, life sciences and fintech sectors regularly instruct the team, which is led by renowned data protection expert Undine von Diemar.


Undine von Diemar

Weitere Kernanwälte:

Martin Lotz


‘The law firm pursues a comprehensive and interdisciplinary approach. This enables a 360° view of the relevant topics in highly networked and complex mandates.’

‘Highly specialized legal advice in the field of blockchain technology. Very deep technical understanding.’

‘Pleasant cooperation and real experts in their field.’

‘Extremely competent, very readily available and friendly advice.’

‘Undine von Diemar is an outstanding data protection lawyer. She convinces equally with her well-founded expertise and her impressive knowledge as well as with her business-oriented approach.’

‘Dr. Martin Lotz is extremely competent and advises at an optimal and very practice-oriented level. The consultation leads to the best possible results.’


Internet Corporation of Names and Numbers  (ICANN)

PTT Global Chemical

The Duchossois Group, Inc.


Cardinal Health

Experian Information Solutions, Inc.

IBM Corporation

Recorded Future

New World Hotel Management (BVI) Ltd. (Rosewood Hotel Group)


Thermo Fisher Scientific Inc.

WiseTech Global


  • Advising ICANN in Germany and globally on all data protection requirements relevant to ICANN.

  • Advice on data protection law to the listed chemical group PTT Global Chemical Public Company Limited on the acquisition of allnex Holding GmbH from Advent International.

  • Advice on data protection law to the IBM Corporation.

KNPZ Rechtsanwälte

KNPZ Rechtsanwälte‘s data protection law expertise encompasses e-commerce, carve-outs and outsourcing. The team supports the implementation of compliance projects within the framework of the GDPR, transactions with a focus on due diligence and represents clients in proceedings before supervisory authorities and courts. In addition, the client base expanded with international players, while new capacities regarding future topics such as OSS, NFT and crypto were added to the offering. Data flows and related data security issues are Jan-Michael Grages‘ areas of expertise, while practice head Kai-Uwe Plath offers comprehensive transactional support.


Kai-Uwe Plath

Weitere Kernanwälte:

Jan-Michael Grages

Orrick, Herrington & Sutcliffe LLP

Orrick, Herrington & Sutcliffe LLP primarily advises technology companies on data protection compliance (in the transactional framework), prevention and response to cybersecurity breaches, data transfers and matters pertaining to licensing, IP and the Internet of Things. Cross-border mandates are also routinely handled, thanks to the integration into the firm’s global network. Data protection law expert Christian Schröder leads the team and, in addition to the advisory role, also represents companies in court, before supervisory authorities as well as patent and trademark offices.


Christian Schröder

Weitere Kernanwälte:

Yumiko Olsen


‘Pragmatic in dealing with data protection.’

‘Orrick’s advice is tailored to us, which is particularly evident in the fact that the colleagues try to understand the business model and ask the right questions. This allows them to do many things with little coordination and draw the right conclusions.’

‘Orrick is very ‘tech’ and that’s not easy to find, ie Orrick not only has excellent legal knowledge but also understands the technology and that is extremely useful and important in the IT/privacy space.’

‘Every Orrick attorney that my team has dealt with over the years has been very knowledgeable and informed, provided us with timely and pragmatic advice and has a deep understanding of the industry, the law and our company – everything at a reasonable price.’

‘Orrick has become an important partner for our legal needs.’

‘Urgent issues are dealt with quickly and to our complete satisfaction.’

‘Christian Schröder: He is undoubtedly one of the best IT/data protection lawyers in Germany. Technically first class, very pragmatic (“to the point”) and excellent customer service.’

‘Christian Schröder: He is one of the most responsive and knowledgeable attorneys I have worked with in my career.’


Carnival Corporation

Carrot Fertility

CA Immo

Flexera Software




  • Advising CA Immo on their new skyscrapers ONE and HAB at the interface of data protection and IT in connection with several smart office projects.

  • Comprehensive advice to Carnival Corporation, the world’s largest cruise line, on European data protection regulations in connection with strategic projects such as facial recognition products and external data transfers.

  • Comprehensive data protection advice to Lilium during SPAC preparation and afterwards. Establishment of a data protection compliance program.

Pinsent Masons Rechtsanwälte Steuerberater Solicitors Partnerschaft mbB

The team at Pinsent Masons Rechtsanwälte Steuerberater Solicitors Partnerschaft mbB, led by Stephan Appt, continues to expand its capacities in the automotive sector (a core focus of the team in Munich) thanks to increased instructions from well-known international companies. The Frankfurt-based team around Ruth Maria Bousonville and Nils Rauer advises on digitisation and transformation. In joint cooperation with the third location in Düsseldorf, the group advises on data protection, website compliance and e-commerce matters. Kirsten Wolgast (IT law and data protection) left the practice in April 2022.


Stephan Appt

Weitere Kernanwälte:

Ruth Maria Bousonville; Nils Rauer


‘One has the feeling of being looked after very personally in addition to the professional competence of the lawyers.’

‘It is also worth mentioning that all seniority levels are included in a sensible and cost-effective manner, right down to the associates.’

‘Ruth Maria Bousonville provided us with excellent advice on several data protection issues. In addition to her excellent specialist knowledge, we were particularly impressed by her pragmatic approach from an entrepreneurial point of view, as well as her commitment and the always prompt feedback.’


ACIC – Automotive Cybersecurity Industry Consortium

Mullen Coughlin – Cyber


LogPay Financial Services GmbH

Road Transportation Agency

CycloMedia Deutschland GmbH

Honda Motor Europe Limited

Internationaler Bund e.V.




  • Advising Suzuki on an international survey, including on data protection issues relating to connected cars in 42 countries (EU and neighboring countries).

  • Support for Cyclomedia Deutschland GmbH, which specializes in the development of tools for visualizing environments, in the design of an innovative tool in the field of energy supply and in dealing with inquiries from supervisory authorities and those affected.

  • Ongoing advice on data protection law to F24 AG on questions relating to the SaaS application for crisis management offered by F24.

Reed Smith

Among the client base of the Munich-based Reed Smith team are US and European technology companies and online platforms as well as start-ups, which the team advises with a full-service approach on data protection, cybersecurity, risk management and compliance. The team is led by Andreas Splittgerber, an expert in the field of new technologies such as Industry 4.0, IoT and AI, and Thomas Fischl, who advises on the launch of new systems. In January 2022, Christian Leuthner (cloud computing, e-commerce and data transfers) made partner in Frankfurt.

Weitere Kernanwälte:

Christian Leuthner


‘Outstanding expertise in data protection and IT law.’

‘Responsive, pragmatic, business-oriented.’

‘It is a real pleasure to work with the Reed Smith team. As a client, I particularly appreciate the deep understanding of our technology and our business model as well as the great service orientation.’


FC Bayern München AG

Sourcepoint Technologies Inc.

Unilever Deutschland GmbH



Scoperty GmbH

Teletracking Technologies Inc. und Teletracking GmbH

White & Case LLP

White & Case LLP advises its clients on all aspects of German and European data protection, with particular expertise in cross-border data traffic and cybersecurity. Clients’ representation in international court proceedings is another mainstay as well as the advice on contract and public procurement law. Head of the global practice group Data, Privacy & Cyber Security Detlev Gabel is well versed in data protection as well as technology law.


Detlev Gabel

Weitere Kernanwälte:

Martin Munz; Sylvia Lorenz


  • Advice to Meta on a very large portfolio of international litigation and out-of-court disputes spanning more than 150 jurisdictions and six continents involving sensitive data protection matters.

  • Advising wefox Holding AG on the $650 million Series C financing round.

  • Advising a global messenger service on compliance with German media and telemedia law.

Covington & Burling LLP

Covington & Burling LLP‘s data protection team is particularly experienced at the interface with IT and the life sciences, where the team advises clients on digital healthcare and related regulatory issues, such as the protection of health and patient data. Lars Lensdorf and Moritz Hüsch head the practice, which acts integrated into the firm's international network; both are well versed in outsourcing, big data and IoT matters.



GEA Group


ZF Friedrichshafen

Centric Software

SmartRecruiters Inc.

American Airlines


  • Advice on data protection law to Centric Software on various international licenses, such as international data transfer and order processing.

  • Advising Zweites Deutsches Fernsehen (ZDF) on the procurement of cloud-based IT infrastructure services (IaaS) and on the migration of the current data center services to the cloud.

  • Advising METRO AG on IT and data protection issues.

Morrison Foerster

Morrison Foerster‘s data protection team supports well-known German and international (especially Japanese) companies, which the group advises on M&A transactions, GDPR compliance and data protection breaches. The experience in contentious high-volume fine proceedings, which include the highest fines imposed in Germany to date, is particularly noteworthy. The team is led by Hanno Timner, who covers the interface between employment law and data protection.


Hanno Timner

Weitere Kernanwälte:

Philip Radlanski


‘The team offers the right mix of fast, practical and legally sound advice on high-quality data protection issues.’

‘Flexible and business-oriented way of working coupled with a high level of expertise in the context of ongoing assignments.’

‘This team makes data protection casual, approachable, human.’

‘Very friendly, flexible and competent contacts.’

‘Privacy can be a lot of gibberish, especially for those of us who weren’t trained as lawyers in the EU. Hanno Timner and Philip Radlanski are characterized by the fact that they can avoid legal jargon and give short and sweet business-friendly advice.’

‘Hanno Timner is an excellent lawyer who takes the time needed to understand the case. Mr. Timner has a fast turnaround time. Basically, it is available when and when it is needed. The work results are consistently at the highest level.’

‘Hanno Timmer is an outstanding attorney who provides thoughtful, practical and totally actionable advice that is understandable to both corporate counsel and corporate employees.’

‘We really enjoy working with Mr. Timner. He reacts quickly to our sometimes very short-term requests. Communication is always open and very constructive.’


Northrop Grumman LITEF (Germany)

United Internet/1&1

1&1 Versatel

Twitch Interactive, Inc. AG

American Academy in Berlin GmbH


  • Ongoing advice to United Internet on various data protection issues, in particular on product development and in administrative and court disputes.

  • Ongoing advice to AG on various data protection issues, including defense against a €10.4 million fine (imposed by the data protection authority of Lower Saxony).

  • Ongoing advice to Twitch Interactive, Inc., a live streaming video portal, on various aspects of the service, in particular the development and introduction of innovative features as well as advice on official coordination processes (Europe-wide).

Norton Rose Fulbright

Norton Rose Fulbright 's team acts in cross-border cooperation with locations in Europe, the US and Asia and advises  international companies in the finance, insurance, life sciences and healthcare sectors with a particular focus on the automotive industry. The advice offering covers data transfers, outsourcing and data breaches. The team is led by Christoph Ritzer and Jamie Nowak, who are experienced in software licensing, e-commerce and M&A transactions.

Weitere Kernanwälte:

Natalia Filkina


‘The focus of the advice is always on a quick solution to the problem and unnecessary costs are always avoided.’

‘The team around Dr. Christoph Ritzer works very harmoniously and efficiently.’

‘The associate Natalia Filkina deserves a special mention, she delivers excellent work results and is always available.’





SCHÜRMANN ROSENTHAL DREYER places a dual focus on digital healthcare matters, including corona alert apps, digital Covid-19 certificates and e-prescriptions, and on new technologies, such as the use of AI as well as digitisation and technology projects. In addition to these key areas, the team also advises on issues pertaining to education, e-mobility, energy and IoT. The practice is led by the Berlin-based trio Kathrin Schürmann , Simone Rosenthal and Philipp Müller-Peltzer, who was appointed partner in January 2022.


‘Open, friendly, practice-oriented cooperation.’

‘Targeted approach; no unnecessary costs.’

‘High level of expertise in data protection issues and excellent technology affinity. Also equipped with the necessary industry knowledge.’


Robert Koch-Institut

gematik GmbH

DeutschlandCard GmbH (Bertelsmann)

Bundesdruckerei GmbH

C&A Mode GmbH & Co. KG

Clark Germany GmbH

ecolytiq GmbH

heycar Group Germany

Hypoport SE

Joyn GmbH

Mister Spex GmbH

Skoobe GmbH

Zalando SE


  • Comprehensive data protection advice to the Robert Koch Institute on various complex projects such as digital Covid-19 certificates, further development of the Corona warning app, data donation app, German electronic reporting and information system for infection protection (DEMIS).

  • Comprehensive data protection advice to the Charité Universitätsmedizin Berlin on setting up a joint independent data trusteeship between the Charité – Universitätsmedizin Berlin and the Berlin Institute of Health (BIH).

  • Ongoing advice to Zalando SE on data protection issues.

Baumgartner Baumann Rechtsanwälte PartmbB

Baumgartner Baumann Rechtsanwälte PartmbB, managed and founded by Ulrich Baumgartner and Johannes Baumann in January 2021, focuses on data protection and IT law and impresses with DAX companies and other large corporations among its client roster. The team specialises in economically relevant projects, such as the digitisation of business models, international data transfers, cloud-related products as well as clients' representation before data protection supervisory authorities.


‘Small but nice! Although Baumgartner Baumann is a very small law firm, the lawyers are characterized by their proven technical expertise.’

‘Both partners impress with their in-depth expertise.’

‘Dr. Baumann has been advising us on data protection in the field of digital products/medicine/health since our company was founded. From the start-up at that time to today’s company, he was able to find the right data protection solution for us.’


Aon Beteiligungsmanagement GmbH & Co. KG

Birkenstock Group B.V. & Co. KG

Daimler Truck AG


fabfab GmbH

Funke Mediengruppe

Hitachi High-Tech Europe GmbH

Lilium GmbH

Osram GmbH

SAP Deutschland SE & Co. KG

Smart Patient GmbH

Südwestdeutsche Medienholding / Süddeutsche Zeitung

Trigo Vision Germany GmbH

Zeppelin GmbH


  • Strategic advice to Daimler Truck AG on the use of vehicle data.

  • Advising SAP Deutschland SE & Co. KG on the takeover of Emarsys by SAP.

  • Advice on data protection law to Trigo Vision GmbH on the digitization of two leading German supermarket chains.

Büsing, Müffelmann & Theye

Büsing, Müffelmann & Theye's team offers longstanding experience in the automotive sector and advises development service providers, suppliers and vehicle manufacturers. This industry expertise is combined with many years of experience in data protection law and utilised in comprehensive advice on the drafting and negotiation of R&D contracts, IT and data procurement and the development of data protection and consumer protection-compliant products and services. The internationally-oriented team is headed by Justus Gaden.


Justus Gaden

Weitere Kernanwälte:

Matthias Terbach; Lars Siebert


‘Incredibly organized and well connected team.’

‘They handle important, large-scale tasks for international clients with ease and effectiveness.’

‘Significant in-depth expertise, a highly dedicated and hands-on team capable of handling state-of-the-art, large-scale cross-border mandates. The technical support is second to none and really makes the day to day business easier.’


IAV GmbH, Berlin, Deutschland

Volkswagen AG, Wolfsburg, Deutschland

Infomotion GmbH

Spleenlab GmbH, Saalburg-Ebersdorf, Deutschland

UsedSoft AG Schweiz

abat AG

Arctic GmbH

Repairfix GmbH


  • Comprehensive advice to Volkswagen AG on Schrems II compliance and support for the implementation and documentation of transfer impact assessments.

  • Comprehensive advice to the group legal department of Volkswagen AG on the implementation of Directives 2019/770 (Digital Products Directive) and 2019/771 (Goods Purchase Directive); including a Europe-wide comparative law study on the implementation of the requirements in digital products and goods with digital elements from Volkswagen AG.

  • Advising Volkswagen AG on the internationalization of a large number of digital products and services (worldwide with partner law firms) in the areas of connected car services for all vehicle series, functions on demand, platforms and mobile applications.


Dentons‘ data protection team includes experts from the areas compliance, IT, IP, corporate and employment law and routinely advises on international data exchange, the implementation of the GDPR legislation and compliance. In addition to the advice offering, clients are supported in crisis situations, such as data breaches. Christian Schefold has extensive experience in compliance and data protection as well as in group and corporate law.


Christian Schefold



Easyway Technologies



QVC, Inc.

Vivy GmbH (Allianz Group)

Volkswagen AG


  • Advice to Volkswagen AG on the update according to Directive (EU) 2019/1937 following the international introduction of a central whistleblower hotline in 91 jurisdictions and support in the update of the central business partner due diligence procedure in 107 jurisdictions.

  • Advising the digital health start-up Vivy on the global launch of an internet platform for medical services to insured persons. Advice on data protection law in relation to the division of responsibilities for personal data between insurance companies, platform operators and third-party service providers.

  • Advising the teleshopping broadcaster QVC on strategic data protection issues.

Greenberg Traurig Germany

Greenberg Traurig Germany closely cooperates with other practices and covers outsourcing, data security, fintech, medtech and e-health as well as, increasingly, transactions in the areas technology and IT and related data protection matters. Viola Bensinger‘s expertise encompasses clients’ representation in contentious matters and the support of German federal states in the preparation of legal opinions on the admissibility of cloud-related products under data protection law, among others.


Viola Bensinger

Weitere Kernanwälte:

Carsten Kociok


‘Great accessibility, reliable answers, high legal expertise.’

‘High expertise paired with pragmatism.’

‘Innovative solutions; straightforward; also “fight” against large monopolists; are negotiation artists and very well connected.’

‘The team has great expertise, gives very practical advice and communicates in a concise way that is easy for businesses to understand.’

‘They are incredibly responsive and easy to work with.’

‘Carsten Kociok: High level of expertise, availability, fast and reliable; understands our business needs.’

‘Carsten Kociok: Excellent expertise in data protection law; efficient and pragmatic. Very good cooperation with the in-house teams.’

‘Carsten Kociok has an excellent understanding of business needs and provides insightful advice based on guidelines, decisions and best market practices from data protection authorities.’


Epiq Systems Inc.

Bundesministerium für Verkehr und digitale Infrastruktur


Deutsches Rheuma-Forschungszentrum


Multi Corp.

Die Autobahn GmbH des Bundes

EDGE Technologies

Digital Turbine


  • Advice to Digital Turbine on the takeover of the ad-tech company Fyber, including review of the target company’s data protection structure and contractual safeguards.

  • Advice to GlobalLogic on the data protection compliant management of its company and a number of internal projects.

GSK Stockmann

GSK Stockmann‘s internationally-oriented IT and data protection team around Jörg Kahler and Katy Ritzmann primarily assists clients from the mobility, aviation and finance sectors and advises on technology-related transactions and data protection compliance, while also representing clients in contentious disputes. Data processing and blockchain were among the recent growth topics.


‘The entire GSK Stockmann team is reliable, fast and absolutely professional.’

‘They have worked well with us over the years and are always ready to find innovative solutions to complex problems.’

‘GSK’s ability to understand the commercial and operational issues of a large multinational client and provide practical, objective advice is what sets GSK apart.’

‘Jörg Kahler impressed us with his ability to manage our client relationships from abroad. He is responsive and always meets urgent deadlines.’


Affimed GmbH

Digimed GmbH

Laudamotion GmbH

Laudamotion GmbH

GLS Gemeinschaftsbank eG


Otto-von-Guericke-Universität Magdeburg


PSI Software AG



  • Advice to the HOWOGE group of companies as client in an outsourcing project regarding the entire IT infrastructure, in particular also on data protection issues.

  • Advising the Otto von Guericke University Magdeburg in the research project AURA – Autonomous Bike on the legal framework with regard to autonomously driving cargo bikes.

Lexton Rechtsanwälte

Lexton Rechtsanwälte mainly advises clients in the healthcare and media sectors, including social media, on medical billing software, general data protection issues and international data flows. A key client is Nintendo, which the team supports in numerous IT projects, the acquisition of cloud solutions and in connection with Saas projects, where Tilmann Lührig is the key contact. Kevin Max von Holleben heads the practice and offers longstanding experience in data protection law.

Weitere Kernanwälte:

Tilmann Lührig


‘Very quick response times, in-depth knowledge of the industry.’

‘Deep across-the-board expertise in a global context paired with a clear focus on advice and solutions – rare to find!’

‘Tilmann Lührig is an excellent lawyer and a shrewd negotiator. Very reliable and always available.’

‘Tilmann Lühring is pragmatic, clear and always approachable, really great.’


ARC GmbH & Co. KG

Basis Technologies Germany GmbH

eBay Kleinanzeigen GmbH

QAD Europe GmbH

Nintendo of Europe GmbH

Deutsche Gesellschaft für Lebensmittelsicherheit, Wasser- und Umwelthygiene mbH

J2C – Journey 2 Creation GmbH

Pares-IT GmbH & Co. KG

Scope SE & Co. KGaA

Stadler Deutschland GmbH

Torben, Lucie und die gelbe Gefahr GmbH (TLGG GmbH)

Trockland Management GmbH

Universal Music Entertainment GmbH

v. Rundstedt & Partner GmbH

The unbelievable Machine Company GmbH

Bundesrepublik Deutschland

Zuckerkommunikation GmbH

emtec solutions GmbH


  • Advice on data protection law to Universal Music Entertainment GmbH on the treatment of employee data and customer data in the global group of companies; Advice on the implementation of the judgment of the ECJ (Schrems II) in the group, especially in the US.

  • Advice on data protection law to TLGG GmbH on the effects of the ECJ decision Schrems II on the group relationship with the US parent company.

  • Advising the Cosmo Consult Group on the digitization of B2B business, including data protection.


In addition to traditional GDPR issues and clients' representation before the authorities, Oppenhoff is increasingly active in the areas health data, digitisation and the Internet of Things, where the group regularly cooperates with the digitisation team. Another growth area are matters pertaining to cybersecurity, including preventive checks. Jürgen Hartung and Marc Hilber head the team.


‘The team is very competent in this area and also provides proactive advice, for example on changes in the law and possible effects on the company.’

‘The particular strength of this team lies in working out pragmatic solutions that are adapted to the everyday reality of the company.’

‘Quick in response and therefore very reliable.’