The ‘absolutely outstanding GDPR litigation practice’ at Baker McKenzie Rechtsanwälte LLP & Co KG represents a number of high-profile clients in disputes concerning the use and storage of customer and user data, appearing for them before the Austrian courts and Data Protection Authority in proceedings revolving around international data transfers. Described by one client as ‘hands-down the best GDPR litigator in Austria and beyond,’ practice head Lukas Feiler is well-versed in both contentious and non-contentious GDPR matters, platform regulation issues and challenges arising out of the integration of AI into clients’ operations. Beat König‘s practice encompasses both regulatory and civil data protection disputes.
Data privacy and data protection in Austria
Baker McKenzie Rechtsanwälte LLP & Co KG
Praxisleiter:
Lukas Feiler
Weitere Kernanwälte:
Beat König
Referenzen
‘The team is very responsive and provides a wide scope of expertise. They are prompt with responses. They also are able to quickly coordinate across jurisdictions to ensure comprehensive reviews.’
‘They give extremely relevant and practical guidance.’
‘Understands the client’s business needs.’
Kernmandanten
CRIF GmbH
GATX Rail Europe
STANDARD Verlagsgesellschaft
Mondi AG
Highlight-Mandate
- Represented Google in two proceedings before the Austrian Data Protection Authority regarding the analytics tool, Google Analytics.
- Represented Google in administrative proceedings before the Austrian Data Protection Authority related to the service Google Fonts, and in civil proceedings initiated by an Austrian attorney who searched the internet for websites of Austrian companies that use Google Fonts.
DORDA Rechtsanwälte GmbH
DORDA Rechtsanwälte GmbH‘s data protection practice offers expertise across a raft of critical issues, advising multinationals on GDPR compliance and representing clients that have suffered data breaches or are accused of mishandling customer data before the Data Protection Authority and the courts. Under the auspices of Axel Anderl, whose practice spans GDPR advice, IT law and outsourcing, the practice is also called upon to assist companies build up their cybersecurity protocols. Nino Tlapak co-heads the team alongside Anderl, specialising in IT security in addition to broader data protection issues. Co-head of the firm’s Digital Industries Group Alexandra Ciarnau combines expertise in tech regulation with expertise in setting up whistleblower hotlines and AI-related matters.
Praxisleiter:
Axel Anderl; Nino Tlapak
Weitere Kernanwälte:
Alexandra Ciarnau
Referenzen
‘GDPR, cyberattack support, IP – Axel Anderl and Nino Tlapak are THE experts in Austria for these issues. 24/7 availability, very fast, strong and clear advice.’
‘We’ve worked for and with many other attorneys, and Axel Anderl and Nino Tlapak are outstanding in their expertise as well as in their communications, very clear and concise but at the same time reachable and very sympathetic.’
‘We have had a great experience with this firm. The team is very well organized, has broad expertise and is very professional. I really appreciate the clarity of their responses, which go to the point and are very precise. We can always rely on the quality of their advice!’
Kernmandanten
Österreichische Post AG
Arval Austria GmbH
Arcadia Live GmbH
Palazzo Produktionen GmbH
BNP Paribas/Arval Austria GmbH
willhaben
Styria Media Group
“Die Presse” Verlags-Gesellschaft m.b.H. Co KG
oe24 GmbH
Kronehit Radio BetriebsgmbH
Forbes
UNIQA Group
VIG IT Digital Solutions GmbH/VIG – Vienna Insurance Group/ twinformatics
Erste Digital GmbH/Erste Group, Erste Bank
Allianz Elementar Versicherungs-Aktiengesellschaft
RWA Raiffeisen Ware Austria AG
LTY/MAYD Group GmbH, neoom
ÖBB Personenverkehr
One Mobility
Federal Ministry for Climate Action, Environment, Energy, Mobility, Innovation and Technology
Foodora
Angelini Pharma Österreich
Novartis Pharma Austria
bioMérieux Austria
Bayer Austria GmbH
Sandoz
Janssen-Cilag Pharma
A. Menarini Pharma
Xund Solutions
L’Oréal Österreich
Highlight-Mandate
- Assisted Österreichische Post AG with cybersecurity incident prevention and GDPR compliance.
- Advised Styria Media Group, Kronehit and others on the employment of AI tools as well as pay-or-ok models, including risk assessments.
Knyrim Trieb Rechtsanwälte OG
Knyrim Trieb Rechtsanwälte OG‘s expertise spans the spectrum of GDPR data handling matters, including advising companies hailing from the consumer goods and retail, luxury and automotive sectors on bringing their data handling systems into line with its requirements, in addition to assisting clients requiring data protection advice in relation to the implementation of new technologies. Heading the practice in tandem are founding partners Rainer Knyrim and Gerald Trieb, both of whom draw upon comprehensive experience of both overseeing data protection compliance programs and appearing for clients before the Austrian courts in data protection-related disputes. Lena Urban departed the firm in January 2024.
Praxisleiter:
Rainer Knyrim; Gerald Trieb
Referenzen
‘Rainer Knyrim is very professional, with exceptional data protection knowledge.’
‘Rainer Knyrim has excellent knowledge of IT and data protection laws as well as of the specifics of workers’ councils. He is therefore the best possible partner for our needs.’
‘Gerald Trieb provides clear and efficient answers and solutions. He also gives clear “no-go” decisons. This is much appreciated. His deep knowledge of jurisprudence in GDPR matters is impressive.’
Kernmandanten
European Crohn’s and Colitis Organisation – ECCO
Wienerberger AG
Boehringer Ingelheim RCV GmbH & Co KG
SWAROVSKI AG
REWE/Unser Ö-Bonus Club GmbH
Berufsförderungsinstitut Österreich BFI
ANDRITZ AG
FAIR GAMES GmbH
Stadtwerke Kitzbühel
KIA AUSTRIA GmbH
Österreichs Energie
Lenzing Aktiengesellschaft
Immofinanz AG
DSGVO-ZT GmbH
Österreichisches Siedlungswerk Gemeinnützige Wohnungsaktiengesellschaft
Lowell Inkasso Service GmbH
comic corporate migration center gmbh and RA Oberhammer
CG Car-Garantie Versicherungs-AG
Greiner AG
IdeasOnCanvas GmbH
LOOMIS ÖSTERREICH GMBH
Highlight-Mandate
- Assisted DSGVO-ZT, a GDPR consultancy firm of civil engineers, in achieving the first approval of GDPR certification criteria in Austria under Art. 42 GDPR.
- Advised Wienerberger AG on its employee exit, email and data access policies in addition to undertaking a data protection assessment across several countries.
- Advised the companies of the Swarovski Crystal Business on data protection compliance, including the implementation of cookies, online activities for customer relations, international data transfers and access requests from data subjects under GDPR.
Cerha Hempel
With a ‘deep understanding of data privacy law,’ Cerha Hempel advises public and private sector clients across a range of data protection challenges, frequently being called upon to advise on the data protection aspects of the rolling out of new apps or customer portals. The team also handles the data protection aspects of IT outsourcing and software contracts, while also appearing for clients before the courts and Data Protection Authority in the event that contentious proceedings are initiated. Practice head Hans Kristoferitsch combines expertise of both data protection and EU law to assist clients facing GDPR challenges. Armin Schwabl carries out data protection assessments and assists them in the event of data breaches, with Boris Treml is well versed in GDPR implementation and the development of data security measures.
Praxisleiter:
Hans Kristoferitsch
Weitere Kernanwälte:
Armin Schwabl; Boris Treml
Referenzen
‘Complex legal challenges are explained simply and understandably; the firm is easy to reach and takes the time to have a detailed conversation.’
‘Armin Schwabl always handles complex data protection cases of our office with outstanding advices and solutions. He listens carefully, recognises our concerns and acts proactively when necessary. In every case he handles, he also takes possible future effects into account and informs us about them in detail.’
‘The team is highly motivated and always responsive. They have assisted us in a number of projects and proceedings before the DPA and the advice was always hands-on and to the point. A particular strength lies in the ability to work together with our IT specialists.’
Kernmandanten
SPAR
Wiener Stadtwerke GmbH
City of Vienna
Hervis Sport- und Modegesellschaft m.b.H.
Via donau – Österreichische Wasserstraßen GmbH
Wien ENERGIE GmbH
Wiener Netze GmbH
Wiener Linien GmbH
Wiener Lokalbahnen GmbH
ASFINAG
NTS Netzwerk Telekom Service AG
CA Immobilien Anlagen AG
Institute of Science and Technology Austria
Österreichischen Fonds zur Dokumentation von religiös motiviertem politischen Extremismus
ÖRAG Österreichische Realitäten AG
COVID-19 Finanzierungsagentur des Bundes GmbH
Flughafen Wien AG
Land Vorarlberg
Isovolta AG
Fundermax GmbH
Danube Private University
Deutsche Vermögensberatung Bank Aktiengesellschaft
Highlight-Mandate
- Advised SPAR on the introduction of a new app targeting approximately 2m customers, carrying out a data protection impact assessment and drafting terms and conditions.
- Advised Wiener Stadtwerke GmbH and subsidiaries on a project introducing a Single-Sign-On mechanism and a centralised user account for approximately two million customers.
- Advised the City of Vienna on the redesign and merger of its communication platforms targeted towards 1.9m residents.
CMS Reich-Rohrwig Hainz Rechtsanwälte GmbH
CMS Reich-Rohrwig Hainz Rechtsanwälte GmbH specialises in ‘delivering practical and actionable advice’ to clients requiring GDPR support, advising them on implementation and ongoing compliance matters, while also appearing on their behalf before the Austrian courts and Data Protection Authority where civil or criminal violations are alleged. Johannes Juranek, who is both practice head and managing partner of the firm’s Austrian arm, is well versed in assisting technology and software sector clients ensure they are GDPR-compliant and represents them before the courts and in arbitration hearings. Christina Maria Schwaiger is called upon to draft clients’ data protection policies in line with GDPR, while also assisting clients ensure data protection compliance as they introduce AI systems into their operations.
Praxisleiter:
Johannes Juranek
Weitere Kernanwälte:
Christina Maria Schwaiger
Referenzen
‘With their legal expertise and a great understanding of business contexts, together with an excellent knowledge of their clients’ businesses, CMS offers outstanding advice.’
‘Very knowledgeable and responsive team.’
‘Top level experts and advisors that focus on delivering practical and actionable advice.’
Kernmandanten
REWE Group/Unser Ö-Bonus Club GmbH
Quality Austria
ALPLA
STURM ENERGIE GmbH
Universal Edition AG
Sindbad Chancenproduktions GmbH
Thermo Fisher Diagnostics GmbH
STURM MESSDIENSTE GmbH
Highlight-Mandate
- Represented Unser Ö Bonus Club before the Data Protection Authority and the Federal Administrative Court in relation to alleged violations of GDPR.
- Advised ALPLA on GDPR matters as they relate to managing group-wide contracts, including international transfers, HR tools, cybersecurity compliance and joint controllership matters.
- Provided comprehensive guidance to Quality Austria on GDPR compliance and implementing solutions for efficient digital marketing.
GEISTWERT
GEISTWERT’s data protection practice handles both contentious and non-contentious matters tied to GDPR, including those concerning international data transfers, while also advising clients on the data protection aspects of new customer portals, ensuring they meet the requisite standards under EU and Austrian law. The team, which consists of ‘phenomenal lawyer’ Juliane Messner, Max Mosing, Alexander Schnider, Rainer Schultes and Constantin Kletzer, acts for clients in regard to data processing and storage challenges and in conjunction with IT outsourcing and customer-facing projects. The practice is also able to advise clients in the event of a data breach, including handling the relevant liaisons with the Data Protection Authority and ensuing enforcement proceedings.
Praxisleiter:
Constantin Kletzer; Juliane Messner; Max Mosing; Alexander Schnider; Rainer Schultes
Referenzen
‘In data privacy and data protection matters, GEISTWERT is the go-to firm in Austria. Depending on the project, several GEISTWERT partners work on one data protection project, which works extremely well and raises the result to the next level.’
‘Juliane Messner is a phenomenal lawyer. She always manages to find the best solutions with ingenious ideas. Clients love her for it.’
‘GEISTWERT is one the best law firms in the field of e-commerce legal advice in Austria, and all its partners have an extremely good reputation. They – especially the “business brain” Juliane Messner – are always advising on the big picture, not bringing up legal problems, but business solutions based on rock-solid legal evaluation.’
Kernmandanten
Red Bull Media House
Red Bull
HGV – South Tyrolian Hotel Association
The Vienna Tourist Board
DAZN
DOUGLAS
IQVIA
Altstoff Recycling Austria AG (ARA)/Saubermacher AG
Baxter
Mayr-Melnhof
Blackshark.ai
LTS – South Tyrol Association of Tourism Organisations
Vet-webinar
ASFINAG
Highlight-Mandate
- Advised Red Bull Media House on international data transfer matters and regarding the launches of new services.
- Represented several clients before the Austrian Data Protection Authority and courts in proceedings initiated by NOYB regarding international data transfers.
- Advised Altstoff Recycling Austria AG regarding the data protection aspects of the implementation of a recycling system for cans and plastic bottles with an electronic deposit system.
Schoenherr (Schönherr Rechtsanwälte)
Schoenherr (Schönherr Rechtsanwälte)‘s data protection practice represents major clients in GDPR-based proceedings before the Austrian and European courts in addition to the Austrian Data Protection Authority, with further expertise in assisting clients in maintaining GDPR compliance, with this capability extending to the practice’s members acting as an outsourced data protection officers. Practice head Günther Leissler is called upon for advice regarding the setting up of cross-border databases in addition to ongoing compliance matters, while also taking the lead on both civil and criminal data protection litigation.
Praxisleiter:
Günther Leissler
Referenzen
‘Covers every imaginable legal aspect. Fast response times, very competent partners.’
‘The team is characterised by the possibility of accessing specialists from a wide range of fields. Particularly in the area of data protection, it is of great importance to come across people with legal training and a strong technical understanding. Schoenherr offers this.’
‘The team is characterised above all by the fact that when solving a problem, it does not try to find a dogmatic approach, but a pragmatic one, and then chooses that. In particular, the head of the data protection team, Günther Leissler, repeatedly demonstrates this ability.’
Kernmandanten
Österreichische Post AG
Vienna Insurance Group
Advent International Corporation
Deutsche Telekom
Highlight-Mandate
- Represented Österreichische Post AG in GDPR-related criminal proceedings in Austria.
Wolf Theiss Rechtsanwälte GmbH & Co KG
Wolf Theiss Rechtsanwälte GmbH & Co KG’s data protection practice straddles the divide between day-to-day compliance advice, including assisting clients with devising and implementing data protection and management systems, and contentious mandates, notably defending a number of clients facing GDPR breach fines. Under the guidance of Roland Marko, whose contentious practice covers privacy disputes in addition to the coordination of breach of GDPR defences, the firm can also support clients looking to set up whistleblowing systems. Paulina Pomorski, who is also admitted in New York, provides further data protection compliance and litigation capability, and is also well versed in overseeing the data protection and IT aspects of M&A.
Praxisleiter:
Roland Marko
Weitere Kernanwälte:
Paulina Pomorski
Referenzen
‘The team consists of various experts with different level of experience and know how. Especially the multinationalty of the team brings additional benefits as local expertise can be combined with international experience based on concrete cases handled by WT.’
‘WT has a unique selling point, especially in the area of IT and data protection law. The technical know-how and the commitment and networking of the partners in the area. You benefit from this from minute one.’
‘Understanding of the business and all its facets. In-depth knowledge of digital processes and trading businesses. Personal commitment.’
Kernmandanten
Österreichische Post
EOS Matrix
Hyundai
Meta Platforms
Peek & Cloppenburg
REWE International
UniCredit Bank
Highlight-Mandate
- Defended REWE Group against a multi-million Euro GDPR fine for alleged data protection violations in connection with Austria’s biggest customer loyalty programme.
- Advised a publicly owned infrastructure provider in Austria on the requirements arising from the NIS2 Directive, including its interaction with existing sector-specific regulations and in relation to the company’s supply chain.
- Advised an infrastructure provider on data governance issues, including questions of data ownership and mandatory access rights to machine data, in addition to the opening of large data sets to the public.
Binder Grösswang
With a client base consisting of both startups and multinationals, Binder Grösswang frequently assists with the data protection aspects of digitalisation projects, including the rollout of new customer apps, e-commerce platforms and online advertising campaigns. In addition, the practice is also able to represent clients before the Data Protection Authority, a key aspect of practice co-head Angelika Pallwein-Prettner, who also advises companies on the handling of employee data. Alongside her, Ivo Rungg‘s data protection work is geared towards the digital sector.
Praxisleiter:
Ivo Rungg; Angelika Pallwein-Prettner
Referenzen
‘We received a very competent answer in a short time. Complicated solutions were well discussed and coordinated with our interests and implemented.’
Kernmandanten
ByteDance
Société Générale
Jazz Pharmaceuticals
Renault Österreich
BNP Paribas
Vaya Fieberbrunn
HELLWEG Baumärkte
CCT Software Solutions
Österreichische Post
Stadt Wien
Austrian Federal Ministry of Finance
Buildtelligent
SF Filterdienst
GSK plc
AUDI
OBI Bau- und Heimwerkermärkte Systemzentrale GmbH
Starbucks Coffee Austria GmbH
VMG Versicherungsmakler GmbH QBC – Quartier Belvedere Central
BASF Österreich
Eni S.p.A.
American Express World Financial Center
EasyPark Austria GmbH
Harrys Home Holding AG
Highlight-Mandate
- Advised Audi in connection with data protection issues related to new driving technologies and its newly created MyAudi Portal.
- Advised Eni S.p.A. on data protection matters relating to the Eni Live App.
- Advised Société Générale on data protection matters in Austria.
DLA Piper Weiss-Tessbach Rechtsanwälte GmbH
DLA Piper Weiss-Tessbach Rechtsanwälte GmbH‘s data protection team ‘combines legal excellence and business drive’ to advise clients in the event of Data Protection Authority investigations concerning the handling of employee and customer data, including where data breaches and ransomware attacks have occurred. Heading the team is Sabine Fehringer, whose expertise encompasses technology transfer and IP licensing matters in addition to corporate transactions. Stefan Panic handles regulatory issues, including data breach notifications and subject access requests.
Praxisleiter:
Sabine Fehringer
Weitere Kernanwälte:
Stefan Panic
Referenzen
‘DLA Piper has a unique, business-driven approach – it combines legal excellence and business drive in an outstanding way.’
‘Sabine Fehringer: our favourite IPT lawyer – business-driven, highly experienced and really amazing to work with.’
Kernmandanten
Pfizer
Hutchison Drei Austria GmbH
Trans-Austria Gasleitung (TAG) GmbH
Anton Paar GmbH
LUBRIZOL FRANCE SAS
CCB Management Services GmbH (Coca Cola Hellenic)
Tiergesundheit Österreich
Highlight-Mandate
- Advised an Austria-based international company which suffered a data breach following a ransomware attack.
- Advised a telecommunications company in connection with a sector review by the Austrian Data Protection Authority.
- Advised an organisation on the data protection aspects of a program for animal product exports which required an exchange of certain data related to livestock and dairy producers.
E+H Rechtsanwälte GmbH
E+H Rechtsanwälte GmbH‘s data protection offering encompasses daily data handling challenges (including data transfers linked to corporate transactions) and litigation arising out of data breaches under the guidance of Andreas Zellhofer, who acts at the intersection of data protection and unfair competition law. Helmut Liebel, whose knowledge of data protection regulations is described as ‘nothing short of outstanding,’ assists clients facing issues concerning both data and IP matters, with Florian Sagmeister also straddling the divide between data protection and IP law.
Praxisleiter:
Andreas Zellhofer
Weitere Kernanwälte:
Helmut Liebel; Florian Sagmeister
Referenzen
‘I’ve had the pleasure of collaborating with Helmut Liebel on several complex data protection matters this year, and his expertise has been nothing short of outstanding. His in-depth knowledge of EU data protection regulations and their practical application has proven critical in navigating challenging legal landscapes.’
Kernmandanten
Microsoft
Wien Energie
Toyota
OMV
Honda
TeamBank
öGIG
Knauf
Stark Group
PAI Partners
Highlight-Mandate
- Advised Microsoft on the lawful use of Office 365 cloud computing services by Austrian business customers.
- Advised Toyota on the introduction of new smart and connected services for vehicles.
- Advised Stark Group on the data protection and transfer aspects of its acquisition of Schilowsky.
GRAF ISOLA
GRAF ISOLA‘s ‘truly outstanding’ data protection practice supports clients stemming from the public and private sectors, including energy and software industry corporates, on the handling of client data and the development of GDPR compliance and whistleblowing systems. Where the need arises, the ‘very impressive’ practice co-head Marija Križanac acts for clients before the courts and Data Protection Authority, while founding partner Ferdinand Graf offers IT law and litigation expertise, and is also a admitted in New York.
Praxisleiter:
Marija Križanac; Ferdinand Graf
Referenzen
‘The GRAF ISOLA team responsible for data protection is absolutely competent in dealing with very complex issues, responsive and client-oriented.’
‘Marija Križanac is a passionate person who delivers comprehensive support in the area of personal data protection. Due to her deep knowledge she always finds an effective solution. She also has good communication practices, is a reliable partner and always delivers results fast.’
‘GRAF ISOLA is a full-service firm for all our legal needs. They are very responsive, accessible and have a great hands-on mentality. An entrepreneurial, business-focused approach makes their advise beyond valuable.’
Kernmandanten
LUKOIL International GmbH/LUKOIL Group
VELUX A/S/VELUX Österreich GmbH/VKR Holding A/S
Open Society Foundations
Victorinox
therapie-info PSISYS GmbH
Logwin Group
JobRad GmbH
MEWA Textil-Service GmbH
EMTensor
Leggett&Platt Inc/Schukra Berndorf GmbH
kraftwerk | Agentur für neue Kommunikation GmbH
MyHomeRoast GmbH
AM Baugeräte und Handels GmbH
KOPFWERK Datensysteme Ges.m.b.H.
Ineltro Electronics GmbH
Cortical.io AG
DANUTEX GmbH
neckermann.at GmbH
MAG machines GmbH
CoPlanner GmbH
Drees & Sommer
Deluxe Corporation
RELX EMEA
Samariterbund
HILL Racingteam, e.V.
STATISTIK AUSTRIA (Bundesanstalt Statistik Österreich)
KTM Fahrrad GmbH
Highlight-Mandate
- Represented STATISTIK AUSTRIA in appeal proceedings before the Austrian Federal Administrative Court relating to undetermined questions regarding the interpretation of key GDPR principles.
- Advised LUKOIL on all aspects of data protection law.
- Advised cortical.io in the roll-out of a new SaaS solution in the field of natural language understanding.
KWR Karasek Wietrzyk Rechtsanwälte GmbH
With a practice spanning day-to-day compliance advice, including the holding of customer and employee data, to issues relating to the development of cookie strategies, KWR Karasek Wietrzyk Rechtsanwälte GmbH also assists with the data protection aspects of major IT projects. Where matters become contentious, practice co-head Anna Mertinz appears before the courts on matters tied to the handling of employee data, while also handling GDPR compliance for clients. Alongside her, Beatrice Blümel leverages her previous experience at the Data Protection Authority to advise on both GDPR compliance and litigation.
Praxisleiter:
Anna Mertinz; Barbara Kuchar
Weitere Kernanwälte:
Beatrice Blümel
Referenzen
‘Anna Mertinz always tries to make herself available, delivers on time and is a good connector to partner law firms in CEE.’
‘I am impressed by this practice’s commitment to providing quick and detailed, feedback on all our legal inquiries. What truly stands out is the team’s expertise and their ability to deliver tailored solutions that perfectly meet our needs.’
‘We frequently work together with Beatrice Blümel and Anna Mertinz – what stands out to me is their quick, detailed, and clear feedback on all our legal inquiries. This helps us to manage our daily business effectively.’
Kernmandanten
Austrian Limited E-Commerce GmbH
myneva Austria GmbH
Coca-Cola HBC Austria GmbH
Ryanair
Mister Spex
System 7 group
MAHLE Filtersysteme Austria GmbH
Familie & Beruf Management GmbH
Diversity Think Tank Consulting GmbH
Arbeitswelten Consulting
Luther Rechtsanwaltsgesellschaft mbH
De’ Longhi Kenwood GmbH
Edizon Innovation GmbH
Ivellio-Vellin IT Services
Willis Towers Watson Austria GmbH
Highlight-Mandate
- Advised Mister Spex in adapting its data protection documentation in accordance with Austrian law.
- Assisted a client regarding a new marketing campaign, where existing customers recommend the client’s products via a link provided by the client.
- Assisted a client with the development and implementation of the entire data protection and e-privacy concept including project management, audits and preparation of all documentation.
SAXINGER Rechtsanwalts GmbH
SAXINGER Rechtsanwalts GmbH frequently assists public bodies across a range of data protection challenges, with particular expertise in overseeing the data aspects of digitalisation projects, while also assisting with the data transfer aspects of M&A transactions. Heading the team together are Michael Pachinger, who is well versed in GDPR compliance matters and the handling of client data, and Philipp Leitner whose practice spans the divide between data protection and the burgeoning area of AI law.
Praxisleiter:
Michael Pachinger; Philipp Leitner
Referenzen
‘Michael Pachinger and his team have extensive understanding of our issues and advise us efficiently.’
‘They do a lot of work, and they are really perfect. They are always on time and every project is of a high-end quality. There is nothing to be critical of. The work quality is high end. They provided good communication, they were always on time, always correct and absolutely reachable.’
‘Michael Pachinger is professionally competent and very experienced in the field. Even in difficult situations he always finds suitable and practicable solutions. He is characterised by a high orientation towards service.’
Kernmandanten
Resch&Frisch Holding GmbH
MatchMaker Sports GmbH
Peneder Holding GmbH
Conrad Electronic
Heyrise
Ulla Popken GmbH & Co.KG.
Eiffage Énergie Systèmes
Kelag-Kärnter Elektrizitäts-Aktiengesellschaft
Highlight-Mandate
- Advised Eiffage Énergie Systèmes on the important Austrian data protection aspects of a high-profile cross-border acquisition also featuring Clifford Chance and Linklaters.
Taylor Wessing enwc Rechtsanwälte GmbH
Taylor Wessing enwc Rechtsanwälte GmbH‘s data protection advice is centred on risk mitigation, assisting clients in implementing data management and protection systems compliant with Austrian and EU law, with additional expertise in online payment systems and cloud computing. Practice head Andreas Schütz is often called upon in the event of IT service outages and cybersecurity challenges, with particular expertise in advising the IT, telecoms and food sectors. Christopher Bakier is active at the intersection of IT and data protection law.
Praxisleiter:
Andreas Schütz
Weitere Kernanwälte:
Christopher Bakier
Kernmandanten
The National Anti-Doping Agency Austria GmbH
HISCOX SA
EGR Vertriebs- und HandelsgesmbH/EGR T-Sales GmbH
Dassault Systemes Deutschland GmbH
XING (NEW WORK SE)/kununu New Work Austria XING kununu onlyfy GmbH
Broken Rules Interactive Media GmbH
DAIBAU GmbH
Nestlé Österreich GmbH
Nespresso Österreich GmbH & Co OHG
Vorwerk & Co KG
European Forum Alpbach
tenfold Software GmbH
VR Bank Niederbayern-Oberpfalz eG
Highlight-Mandate
- Represented The National Anti-Doping Agency Austria GmbH in sport and data protection-related proceedings before the ECJ.
- Advised a public body responsible for the administration and provision of health and social security services in a European country in connection with the implementation of a technical cloud and generative AI solution for application processes.
- Provided data protection and strategic advice to EGR Vertriebs- und HandelsgesmbH in the context of a wide-ranging security incident.
Eversheds Sutherland Rechtsanwälte GmbH
The Eversheds Sutherland Rechtsanwälte GmbH team is a ‘reliable, proactive partner’ across a range of data protection challenges, including the cross-border handling of customer data, GDPR and NIS2 compliance. Litigator Georg Röhsner heads the team, assisting clients both in preventing cybersecurity incidents, while also representing them when they do occur. Manuel Boka, who heads the firm’s AI taskforce, advises on compliance with Austrian and EU data protection regulations, with Michael Röhsner, who assists e-commerce clients in ensuring compliance with consumer protection regulations.
Praxisleiter:
Georg Röhsner
Weitere Kernanwälte:
Manuel Boka; Michael Röhsner
Referenzen
‘The individual lawyers in this law firm are well networked. The answers come quickly and are legally well researched. They play a pioneering role in new legal issues such as the NIS2 Directive.’
‘Michael Röhsner is a young up-and-coming lawyer who has excellent specialist knowledge of new legal frameworks e.g. the NIS2 Directive.’
‘The data privacy and data protection team is young, legally outstanding and very professional.’
Kernmandanten
MOL
nLIGHT
NOACK
ORF Enterprise
Sixt rent-a-car
WashTec
Esterhazy Group
Omicron electronics
Highlight-Mandate
- Advised a global consumer goods provider on the implementation of an AI-based HR tool.
- Advised a media company on the use of tracking technologies on their website in Austria.
- Advised a leading manufacturer of electronic devices on the applicability and impact of the EU Cyber Resilience Act on their products.
Herbst Kinsky Rechtsanwalte GmbH
Herbst Kinsky Rechtsanwalte GmbH provides clients with ‘insightful, tailored solutions’ to their data protection challenges, helping them draft data protection policies and ensure compliance with GDPR and other regulatory frameworks. Heading the team is Sonja Hebenstreit, whose data protection practice sits alongside her IP work, assists clients with the implementation of GDPR and the management of customer data in relation to the development of new apps and other customer portals.
Praxisleiter:
Sonja Hebenstreit
Referenzen
‘Herbst Kinsky’s Data Privacy and Data Protection team is characterised by its comprehensive legal advice in data protection matters, including representation before data protection authorities and courts.’
‘Very innovative team in data protection law, up to date, very practical.’
‘A young and very high spirited team! Herbst Kinsky offer insightful, tailored solutions that directly address the unique needs of each client. Potential clients should know that this team excels in handling complex cases with a high level of precision and creativity.’
Kernmandanten
Genera Printer GmbH
4U Hospitality GmbH
Schaumann & Partners
Biogena GmbH & Co KG
DoN SG BRANDS GmbH
invIOs/Apeiron Group
42 Vienna | education for digital excellence GmbH
Carployee GmbH
Next Research GmbH
CIRSE Cardiovascular and Interventional Radiological Society of Europe
Highlight-Mandate
- Advised Biogena on the introduction of its customer app and the design of its own central customer loyalty programme.
- Advised VAPIANO Austria in relation to the implementation of a customer loyalty programme.
- Appointed as CIRSE’s data protection officer and supported the association in implementing and maintaining data protection compliance.
Jank Weiler Operenyi
Jank Weiler Operenyi handles GDPR compliance matters for a number of multinationals and third sector clients, and is also able to carry out assessments of companies’ existing data protection structures, with the aim of identifying and counteracting weaknesses. Practice head Sascha Jung leads on multi-jurisdictional GDPR compliance checks and is also well versed in the data protection aspects of cloud computing and IT outsourcing projects.
Praxisleiter:
Sascha Jung
Weitere Kernanwälte:
Christian Kern
Referenzen
‘Our first address whenever a legal issue on data protection arises in Austria. They have outstanding legal skills and the ability to find common ground and viable solutions. The team we work with can deal with all our complex questions.’
‘Sascha Jung and Christian Kern: very flexible, pragmatic and solution-oriented team of experts in data protection law areas. There is no question about the team’s professional competence and highly appreciated pragmatism. Sascha and Christian have in-depth experience within their field. They enjoy what they do and the team works very well together.’
‘Very fast responders, super motivated, very knowledgeable, hands on, practical, enablers, aware of complex dynamics, fun to work with, when things are urgent they always deliver on time.’
Kernmandanten
IKEA Austria
CARITAS Vienna/CARITAS Austria
Austrian Federal Pension Fund
X4 Pharmaceuticals Inc.
ELK Fertighaus GmbH
Sage Germany GmbH
HeartBeat.bio AG
BUWOG Holding GmbH
Deloitte Austria
Generalsekretariat der österreichischen Bischofskonferenz
PUIG Deutschland GmbH
Sage GmbH
TwoNext GmbH & Alles Clara GmbH
Astara Mobility Austria GmbH
Leopold Museum Privatstiftung
Schlumberger GmbH
The SWATCH GROUP (Österreich)
Dorotheum GmbH & Co KG
MA48
RAIFFEISENLANDESBANK NIEDERÖSTERREICH- WIEN AG
UNIQA Österreich
Highlight-Mandate
- Advised IKEA Austria on complex GDPR matters, with a particular focus on international data transfers in the course of the global rollout of a new IT landscape and HR-related privacy matters.
- Appointed by CARITAS Vienna and CARITAS Austria as their external data protection officers.
- Prepared expert opinions on legal issues relating to data protection law and related IT law for the Federal Austrian Pension Insurance Institution.
KPMG Law - Buchberger Ettmayer Rechtsanwälte GmbH
January 2024 saw KPMG Law - Buchberger Ettmayer Rechtsanwälte GmbH strengthen its data protection practice with the hire of Knyrim Trieb Rechtsanwälte OG‘s Lena Urban, who assists clients in implementing AI into their operations and related data protection matters. Under the guidance of Karin Bruchbacher, the firm also assists with ongoing GDPR compliance and digitalisation projects.
Praxisleiter:
Karin Bruchbacher
Weitere Kernanwälte:
Lena Urban
Referenzen
‘KPMG Law’s data privacy and data protection practice always provides us with fitting solutions and understands how to make projects work. The possibility to combine extensive legal knowledge with excellent IT/technical knowledge and skills is unique.’
‘Karin Bruchbacher is our go-to IT and data protection lawyer. Excellent, hands-on and very much to the point. Her strategic thinking, combined with a pragmatic approach, sets her apart from others in the field.’
Kernmandanten
Microsoft Österreich GmbH
Salzburg AG für Energie, Verkehr und Telekommunikation
VEREIN FÜR KONSUMENTENINFORMATION
FINABRO GmbH
Barracuda Holding GmbH/CTS Eventim Austria GmbH
PEPCO Poland Sp. z o. o./PEPCO Austria GmbH
Austrian Reporting Services GmbH
Ycy GmbH
SANAG GmbH
AustriaCard Holdings AG
PORR AG
Wiener Familienbund
Highlight-Mandate
- Advised Microsoft Österreich GmbH on the roll-out of its Office 365 cloud computing services to numerous Austrian customers.
- Advised Salzburg AG für Energie, Verkehr und Telekommunikation on a project involving complex data protection and privacy questions.
- Advised Verein für Konsumenteninformation on data protection-related issues tied to a digitalisation project.
PHH Rechtsanwält:innen GmbH
PHH Rechtsanwält:innen GmbH‘s ‘dynamic and highly skilled’ data protection lawyers focus predominantly on supporting startups and SMEs in tackling data protection issues, including due diligence in the run-up to M&A transactions, and disputes before the Data Protection Authority. Practice head Stefanie Werinos advises clients on the management and protection of personal data, with Theresa Karall, who qualified in January 2024, assists clients with international data transfers, matters tied to employee data and GDPR compliance.
Praxisleiter:
Stefanie Werinos
Referenzen
‘Theresa Karall is incredibly diligent and quick to respond, consistently delivering great work even under tight deadlines.’
‘PHH’s data protection team is led by a team of dynamic and highly skilled lawyers known for their fresh perspectives and in-depth knowledge. A young and energetic team, they excel at navigating the rapidly changing data protection landscape and providing clients with accurate and timely advice.’
‘Stefanie Werinos and Theresa Karall are exceptional data protection advisers due to their deep expertise, proactive approach to evolving regulations and ability to provide clear, practical guidance that helps navigate complex legal landscapes efficiently. Working with them is truly a pleasure, and I highly recommend both for their expertise and professionalism.’
Highlight-Mandate
- Represented an Austrian healthcare provider in proceedings before the Austrian Data Protection Authority in relation to a data breach following a cyber attack.
- Drafted an agreement on separate controllership between the client, a packaging company and group companies.
- Advised a telecommunications company on the data protection aspects of a marketing campaign.