PLANIT//LEGAL Rechtsanwaltsgesellschaft mbH acts as legal advisor, external data protection officer, and EU representative for clients on mandates relating to IT law, data protection, and legal tech. Bernhard Freund , Anna Roschek, Bernd Schmidt, and Sebastian Heep jointly lead the practice.

TEAL Rechtsanwälte PartG mbB supports national and international clients on data protection and IT law matters, including mandates involving AI and the EU’s Digital Decade initiative. The practice is co-led by Daniel Kaboth and Benjamin Spies.

Baker McKenzie continues to expand its IT and data protection practice, covering data protection and regulatory matters, digital content and platforms, artificial intelligence, cybersecurity, and related disputes with supervisory authorities, with particular expertise in the fintech, big data, automotive, healthcare, and telecommunications sectors. Team head Michael Schmidl is well versed within contentious and non-contentious information technology law, handling mandates related to the internet, data privacy and media law. He is supported by Florian Tannen, who focuses on digitalisation, cybersecurity, and the data economy, advising large companies on the market launch of digital products and services involving data processing. Patrick Wilkening is a key name in relation to complex IT-related contracts and projects.

DLA Piper supports clients in complex IT and data law related transactions and projects, handling data protection implementation and representing clients in proceedings against supervisory authorities. Key areas of focus include GDPR compliance, innovative business models, employee data protection, audits, data mapping, ePrivacy, and cybersecurity, as well as internal investigations, and global data management. Stefan Engels and Sylvia Ebersberger jointly lead the practice, with Engels specialising in intellectual property and online law, and Ebersberger handling transformation process and innovation-based projects. Verena Grentzenberg is a name to note in relation to advisory on new business models in the online and social media sectors.

Latham & Watkins LLP is well versed in GDPR implementation and defence, representing companies in regulatory and civil proceedings on GDPR violations, while also advising on the growing demand for legal advice on the development and use of artificial intelligence. Practice head Tim Wybitul represents clients in data protection proceedings, negotiations, and litigation with EU regulatory authorities, as well as in other technology and data-related disputes. He is supported by Isabelle Brams, who advises clients in penalty and compensation proceedings arising from potential data protection violations. Wolf-Tassilo Böhm is also a key member of the team.

Noerr sports a focus on growth in data protection, data law, AI, and digital platforms, offering comprehensive regulatory guidance to clients from a variety of industries. Daniel Rücker and Pascal Schumacher jointly lead the practice, with Rücker advising on the structuring of international data flows and the establishment of new data protection frameworks, while Schumacher supports clients in regulated industries such as telecommunications, financial services, and life sciences on data, AI, and tech projects, as well as cybersecurity. Sebastian Dienst is a name to note for data compliance governance, compliance by design, and data breach management.

Taylor Wessing has extensive experience advising on the development and implementation of data protection-compliant business models, implementing the EU Data Act, designing data security strategies and technical safeguards, and representing clients against data protection claims and regulatory enforcement. Team head Paul Voigt handles national and international data protection projects and SaaS contracts on both the provider and buyer side. Axel Freiherr von dem Bussche guides corporations through digital and global business transformations and represents clients in negotiations with supervisory authorities.

CMS manages data protection-compliant structuring of business models and both internal and external processes involving personal data, and advises on the legal implications of artificial intelligence, ensuring compliance with emerging AI regulations and guiding clients on responsible data use in AI-driven environments. Team leader Markus Häuser brings expertise in digital and data driven business models, digital regulation, and data protection. He is supported by Florian Dietrich, who advises leading digital platform providers on innovative online business models and online privacy, and Reemt Matthiesen, who specialises in international data transfers and the use of employee and customer data, with particular expertise in ensuring data protection compliance in the development of wearables and healthcare devices.

Luther Rechtsanwaltsgesellschaft mbH supports German and international corporations and start-ups in managing data in a legally compliant manner, with growing expertise in electronic patient records, patient portals, and the use of patient data for research in healthcare and prevention. Wulff-Axel Schmidt leads the practice, advising on on new media and data privacy protection, with a focus on implementation strategies for sourcing and protection law. Stefanie Hellmich provides comprehensive support with EU GDPR implementation and data protection compliance, while Michael Rath advises on data protection, IT security, and IT compliance requirements.

Under the leadership of Daniel Meßmer, the IT and Digital Business practice at SKW Schwarz continues to focus on mandates related to software, cloud, and outsourcing, data protection, cybersecurity, online platforms, and e-commerce, with particular emphasis on digital regulation, artificial intelligence, and cloud-related compliance. Meßmer specialises in implementing software and cloud-based business models and in drafting, negotiating, and interpreting related contracts, while Nikolaus Bertermann advises on AI projects and products, traditional and agile software development, and cloud computing within and outside the EU.

WilmerHale continues to represent clients in high-profile cases, including proceedings before the Court of Justice of the European Union, the European Data Protection Board, and national authorities, while providing guidance on the EU Data Act and NIS2 Directive. Martin Braun leads the practice and focuses on international data transfers, social networks, and outsourcing projects. He is supported by Hans-Georg Kamann, who is an expert on European regulation, including EU data protection law; and Vanessa Wettner, who handles complex data protection-related litigation mandates.

ADVANT Beiten supports clients in a wide range of IT and data protection matters, including compliance and audits, international data transfers, cybersecurity and data breaches, as well as the use of social media and big data. Andreas Lober acts as practice group leader and advises in the areas of technology, digitalisation and electronic entertainment, while Susanne Klein is strategically active in the introduction of new technologies, also in connection with possible data protection violations. They are supported by Lennart Kriebel, who advises national and international clients in the computer games sector and media industry on EU data strategy legislation, in particular the Data Act.

Fieldfisher offers advisory on technology and data law, covering artificial intelligence, cybersecurity, data breaches, and guidance on emerging regulatory requirements such as the NIS2 Directive and DORA. Felix Wittern and Stephan Zimprich co-lead the practice, with Wittern acting as Data Protection Officer for a large number of companies in Germany and at EU level, and Zimprich focusing on advising technology providers and online platforms on international data transfers, user preferences, and online data usage. Simon Assion joined the firm from Bird & Bird LLP in June 2025.

Heuking supports clients in implementing data protection requirements and establishing data security. Led by Hans Markus Wulf and Thomas Jansen, the practice advises on all aspects of corporate data protection, including handling data breaches, international data transfers, employee data, and cybersecurity. Wulf is well versed within complex implementation issues relating to new EU digital law, including the Data Act, DORA, NIS2 Directive, and the AI Act; while Michael Kuska supports large companies in the area of technology and data protection.

Hogan Lovells International LLP provides specialist advice on data protection and privacy in the finance, automotive, life sciences, and technology sectors, covering outsourcing contracts, digital health, secondary use of health data, AI-supported systems, cybersecurity, and cloud computing. Stefan Schuppert,  Martin Pflüger, Marcus Schreibauer, and Christian Tinnefeld jointly lead the team. Schuppert ensures new projects meet the demands of international privacy regulations; Pflüger advises on cross-border data transfers; Schreibauer represents clients before data protection authorities; and Tinnefeld specialises in digital projects and EU Data Act implementation.

Jones Day manages data protection and cybersecurity mandates across Germany and Europe, advising clients on EU’s digital strategy legislation, such as Data Act, AI Act, and NIS2 Directive, handling data breaches, and representing them in significant proceedings before data protection authorities. Practice head Undine von Diemar supports clients across all industry sectors on critical data protection matters, including incident responses, internal investigations, international data transfers, and global compliance projects. She is supported by Martin Lotz, who leverages his expertise in criminal law to manage cross-border compliance investigations and cybercrime cases.

Orrick, Herrington & Sutcliffe LLP supports global companies in complex and sensitive data and cybersecurity compliance issues, including security incident preparation, response, and regulatory investigations. Team head Christian Schröder is well versed within large-scale data protection and cybersecurity mandates, with particular focus on international data transfers, connected vehicles, and digital transformation projects. Daniel Ashkar is also a key member of the practice.

Pinsent Masons Rechtsanwälte Steuerberater Solicitors Partnerschaft mbB addresses rising inquiries on EU data regulation, including the AI Act, Data Act, and NIS2 Directive, as well as cloud and data centre projects, particularly SAP cloud services. Stephan Appt leads the practice, advising clients in the automotive sector on automated driving, vehicle data monetisation, and related digitalisation issues. He is supported by Florian von Baum, who supports German and international, particularly US-based, clients on digital and data regulation matters.

Reed Smith LLP offers comprehensive data protection, privacy, and cybersecurity legal services, assisting clients in achieving compliance with national and international regulations, including the EU and UK GDPR. Andreas Splittgerber and Thomas Fischl co-lead the practice, with Splittgerber representing US and EU technology companies and internet providers before data protection authorities and courts, and Fischl advising clients on ensuring that their data collection and use comply with German, EU, and ePrivacy laws.

SCHÜRMANN ROSENTHAL DREYER continues to strengthen its IT, data law, and data protection practice, representing companies nationwide in defending against administrative fines and damage claims, and advising on emerging technologies such as artificial intelligence. The Berlin-based practice is jointly led by Kathrin Schürmann, who supports clients in the introduction and development of new digital business models; Simone Rosenthal, who specialises in IT and licensing agreements; and Philipp Müller-Peltzer, who is well versed within assessment and development of data processing operations in regulated environments, particularly within the financial and insurance sectors.

White & Case LLP supports clients with increasingly complex data and cybersecurity challenges in regulatory compliance, finance, transactions, and litigation mandates. Detlev Gabel and Sylvia Lorenz jointly lead the practice, with Gabel handling European and German data law compliance and international data transfers, and Lorenz advising on the fast-evolving legal framework with respect to end-users and public authorities on digital platforms.

Covington & Burling LLP provides advice on data protection, privacy, IT, and cybersecurity, including guidance on GDPR compliance within both EU and international frameworks, as well as support during investigations and inspections conducted by data protection authorities. Lars Lensdorf and Moritz Hüsch co-lead the practice, with the Lensdorf handling digitalisation, cybersecurity, and data law mandates; and Hüsch focusing on complex sourcing and licensing agreements.

Eversheds Sutherland is well versed in the full spectrum of data law matters, ranging from GDPR and IT contracts to AI governance, as well as EU regulatory frameworks such as DORA and the Data Act. The team is co-led by Alexander Niethammer who advises on data protection and IT law aspects related to international projects and M&A transactions, and Nils Müller, who is well versed within both contentious and non-contentious aspects of IT, data law, and cybersecurity.

GvW Graf von Westphalen regularly supports clients with mandates involving digitalisation, data, and IT matters across diverse areas of law, with a particular focus on the automotive, public, finance, healthcare, and energy sectors. Under the leadership of Stephan Menzemer, the practice continues to advise on IT security law, especially in light of new EU and national legislation such as the NIS2 Directive and DORA.

Morrison Foerster advises clients at the intersection of data protection and labour law on whistleblowing, IT security, and related compliance systems, supporting the rollout of new technologies and ensuring compliance with data regulations. The group is also involved in large-scale German GDPR-related administrative fine mandates. Hanno Timner heads the practice and supports national and international enterprises on complex data protection projects.

Ashurst LLP‘s digital economy group has expanded in the financial services sector, advising on major IT contract adjustment projects in Germany and across European markets in the context of EU Digital Operational Resilience Act, and negotiating IT contracts in line with its requirements. Team head Andreas Mauroschat is well versed in outsourcing of data processing operations and international data transfer frameworks within corporate groups.

Clifford Chance particularly focuses on the use of AI for employee monitoring, the data protection structuring of whistleblower systems and related investigations, as well as handling information requests from public prosecutors to employers. Practice head Holger Lutz handles legal matters related to outsourcing as well as hardware and software projects, while Ines Keitel is noted for her expertise in individual and collective labour law, particularly employee representation, data privacy, and compliance.

Dentons supports national and international companies in critical situations such as cyberattacks or data protection incidents, representing them before supervisory authorities and assisting with internal investigations and immediate remedial measures. Team head Christian Schefold focuses on the development of compliance management systems and procedures for international data transfers. Jan Pohle joined the practice from DLA Piper in June 2025.

Greenberg Traurig Germany provides expert advice on mandates related to GDPR, e-privacy and cybersecurity, employee data protection, and international data transfers. Team leader Viola Bensinger is well versed in regulatory compliance, cybersecurity, disputes, and advising on data usage and commercialisation models.

GSK Stockmann continues to deepen its specialisation in IT and data protection law, with a focus on digital business models. Jörg Kahler and Katy Ritzmann jointly lead the practice, with Kahler focusing on digitalisation projects and transformations, and Ritzman specialising in high-tech, cybersecurity, and data protection.

Lexton Rechtsanwälte advises clients in the healthcare, media, and social media sectors on data protection matters related to customer and employee data, daily and project-related data flows, and the use of AI tools under data protection law. Team head Kevin Max von Holleben brings over twenty years of experience in handling data protection issues.

Lindenpartners advises on emerging technologies and digital business models in the data-driven financial industry. The practice is co-led by Moritz Indenhuck, who focuses on AI implementation in the financial sector, and Brigitta Varadinek, who recently supported a banking association in the introduction of an online payment system.

Oppenhoff supports clients in the insurance and healthcare sectors with enforcing data protection claims, implementing artificial intelligence, and addressing all cybersecurity-related matters. Jürgen Hartung and Marc Hilber co-lead the practice, with Hartung handling risk analyses and the structuring of internal compliance organisations; and Hilber advising on digitalisation, data privacy law, and cybersecurity.

Redeker Sellner Dahs supports clients on a wide range of IT security law matters, including digitalisation, AI compliance, and data protection law. Team head Cornelius Böllhoff represents companies and institutions against data protection supervisory authorities.