The ‘absolutely outstanding GDPR litigation practice’ at Baker McKenzie Rechtsanwälte LLP & Co KG represents a number of high-profile clients in disputes concerning the use and storage of customer and user data, appearing for them before the Austrian courts and Data Protection Authority in proceedings revolving around international data transfers. Described by one client as ‘hands-down the best GDPR litigator in Austria and beyond,’ practice head Lukas Feiler is well-versed in both contentious and non-contentious GDPR matters, platform regulation issues and challenges arising out of the integration of AI into clients’ operations. Beat König‘s practice encompasses both regulatory and civil data protection disputes.

DORDA Rechtsanwälte GmbH‘s data protection practice offers expertise across a raft of critical issues, advising multinationals on GDPR compliance and representing clients that have suffered data breaches or are accused of mishandling customer data before the Data Protection Authority and the courts. Under the auspices of Axel Anderl, whose practice spans GDPR advice, IT law and outsourcing, the practice is also called upon to assist companies build up their cybersecurity protocols. Nino Tlapak co-heads the team alongside Anderl, specialising in IT security in addition to broader data protection issues. Co-head of the firm’s Digital Industries Group Alexandra Ciarnau combines expertise in tech regulation with expertise in setting up whistleblower hotlines and AI-related matters.

Knyrim Trieb Rechtsanwälte OG‘s expertise spans the spectrum of GDPR data handling matters, including advising companies hailing from the consumer goods and retail, luxury and automotive sectors on bringing their data handling systems into line with its requirements, in addition to assisting clients requiring data protection advice in relation to the implementation of new technologies. Heading the practice in tandem are founding partners Rainer Knyrim and Gerald Trieb, both of whom draw upon comprehensive experience of both overseeing data protection compliance programs and appearing for clients before the Austrian courts in data protection-related disputes. Lena Urban departed the firm in January 2024.

With a ‘deep understanding of data privacy law,’ Cerha Hempel advises public and private sector clients across a range of data protection challenges, frequently being called upon to advise on the data protection aspects of the rolling out of new apps or customer portals. The team also handles the data protection aspects of IT outsourcing and software contracts, while also appearing for clients before the courts and Data Protection Authority in the event that contentious proceedings are initiated. Practice head Hans Kristoferitsch combines expertise of both data protection and EU law to assist clients facing GDPR challenges. Armin Schwabl carries out data protection assessments and assists them in the event of data breaches, with Boris Treml is well versed in GDPR implementation and the development of data security measures.

CMS Reich-Rohrwig Hainz Rechtsanwälte GmbH specialises in ‘delivering practical and actionable advice’ to clients requiring GDPR support, advising them on implementation and ongoing compliance matters, while also appearing on their behalf before the Austrian courts and Data Protection Authority where civil or criminal violations are alleged. Johannes Juranek, who is both practice head and managing partner of the firm’s Austrian arm, is well versed in assisting technology and software sector clients ensure they are GDPR-compliant and represents them before the courts and in arbitration hearings. Christina Maria Schwaiger is called upon to draft clients’ data protection policies in line with GDPR, while also assisting clients ensure data protection compliance as they introduce AI systems into their operations.

GEISTWERT’s data protection practice handles both contentious and non-contentious matters tied to GDPR, including those concerning international data transfers, while also advising clients on the data protection aspects of new customer portals, ensuring they meet the requisite standards under EU and Austrian law. The team, which consists of ‘phenomenal lawyer’ Juliane Messner, Max Mosing, Alexander Schnider, Rainer Schultes and Constantin Kletzer, acts for clients in regard to data processing and storage challenges and in conjunction with IT outsourcing and customer-facing projects. The practice is also able to advise clients in the event of a data breach, including handling the relevant liaisons with the Data Protection Authority and ensuing enforcement proceedings.

Schoenherr (Schönherr Rechtsanwälte)‘s data protection practice represents major clients in GDPR-based proceedings before the Austrian and European courts in addition to the Austrian Data Protection Authority, with further expertise in assisting clients in maintaining GDPR compliance, with this capability extending to the practice’s members acting as an outsourced data protection officers. Practice head Günther Leissler is called upon for advice regarding the setting up of cross-border databases in addition to ongoing compliance matters, while also taking the lead on both civil and criminal data protection litigation.

Wolf Theiss Rechtsanwälte GmbH & Co KG’s data protection practice straddles the divide between day-to-day compliance advice, including assisting clients with devising and implementing data protection and management systems, and contentious mandates, notably defending a number of clients facing GDPR breach fines. Under the guidance of Roland Marko, whose contentious practice covers privacy disputes in addition to the coordination of breach of GDPR defences, the firm can also support clients looking to set up whistleblowing systems. Paulina Pomorski, who is also admitted in New York, provides further data protection compliance and litigation capability, and is also well versed in overseeing the data protection and IT aspects of M&A.

With a client base consisting of both startups and multinationals, Binder Grösswang frequently assists with the data protection aspects of digitalisation projects, including the rollout of new customer apps, e-commerce platforms and online advertising campaigns. In addition, the practice is also able to represent clients before the Data Protection Authority, a key aspect of practice co-head Angelika Pallwein-Prettner, who also advises companies on the handling of employee data. Alongside her, Ivo Rungg‘s data protection work is geared towards the digital sector.

DLA Piper Weiss-Tessbach Rechtsanwälte GmbH‘s data protection team ‘combines legal excellence and business drive’ to advise clients in the event of Data Protection Authority investigations concerning the handling of employee and customer data, including where data breaches and ransomware attacks have occurred. Heading the team is Sabine Fehringer, whose expertise encompasses technology transfer and IP licensing matters in addition to corporate transactions. Stefan Panic handles regulatory issues, including data breach notifications and subject access requests.

E+H Rechtsanwälte GmbH‘s data protection offering encompasses daily data handling challenges (including data transfers linked to corporate transactions) and litigation arising out of data breaches under the guidance of Andreas Zellhofer, who acts at the intersection of data protection and unfair competition law. Helmut Liebel, whose knowledge of data protection regulations is described as ‘nothing short of outstanding,’ assists clients facing issues concerning both data and IP matters, with Florian Sagmeister also straddling the divide between data protection and IP law.

GRAF ISOLA‘s ‘truly outstanding’ data protection practice supports clients stemming from the public and private sectors, including energy and software industry corporates, on the handling of client data and the development of GDPR compliance and whistleblowing systems. Where the need arises, the ‘very impressive’ practice co-head Marija Križanac acts for clients before the courts and Data Protection Authority, while founding partner Ferdinand Graf offers IT law and litigation expertise, and is also a admitted in New York.

With a practice spanning day-to-day compliance advice, including the holding of customer and employee data, to issues relating to the development of cookie strategies, KWR Karasek Wietrzyk Rechtsanwälte GmbH also assists with the data protection aspects of major IT projects. Where matters become contentious, practice co-head Anna Mertinz appears before the courts on matters tied to the handling of employee data, while also handling GDPR compliance for clients. Alongside her, Beatrice Blümel leverages her previous experience at the Data Protection Authority to advise on both GDPR compliance and litigation.

SAXINGER Rechtsanwalts GmbH frequently assists public bodies across a range of data protection challenges, with particular expertise in overseeing the data aspects of digitalisation projects, while also assisting with the data transfer aspects of M&A transactions. Heading the team together are Michael Pachinger, who is well versed in GDPR compliance matters and the handling of client data, and Philipp Leitner whose practice spans the divide between data protection and the burgeoning area of AI law.

Taylor Wessing enwc Rechtsanwälte GmbH‘s data protection advice is centred on risk mitigation, assisting clients in implementing data management and protection systems compliant with Austrian and EU law, with additional expertise in online payment systems and cloud computing. Practice head Andreas Schütz is often called upon in the event of IT service outages and cybersecurity challenges, with particular expertise in advising the IT, telecoms and food sectors. Christopher Bakier is active at the intersection of IT and data protection law.

The Eversheds Sutherland Rechtsanwälte GmbH team is a ‘reliable, proactive partner’ across a range of data protection challenges, including the cross-border handling of customer data, GDPR and NIS2 compliance. Litigator Georg Röhsner heads the team, assisting clients both in preventing cybersecurity incidents, while also representing them when they do occur. Manuel Boka, who heads the firm’s AI taskforce, advises on compliance with Austrian and EU data protection regulations, with Michael Röhsner, who assists e-commerce clients in ensuring compliance with consumer protection regulations.

Herbst Kinsky Rechtsanwalte GmbH provides clients with ‘insightful, tailored solutions’ to their data protection challenges, helping them draft data protection policies and ensure compliance with GDPR and other regulatory frameworks. Heading the team is Sonja Hebenstreit, whose data protection practice sits alongside her IP work, assists clients with the implementation of GDPR and the management of customer data in relation to the development of new apps and other customer portals.

Jank Weiler Operenyi handles GDPR compliance matters for a number of multinationals and third sector clients, and is also able to carry out assessments of companies’ existing data protection structures, with the aim of identifying and counteracting weaknesses. Practice head Sascha Jung leads on multi-jurisdictional GDPR compliance checks and is also well versed in the data protection aspects of cloud computing and IT outsourcing projects.

January 2024 saw KPMG Law - Buchberger Ettmayer Rechtsanwälte GmbH strengthen its data protection practice with the hire of Knyrim Trieb Rechtsanwälte OG‘s Lena Urban, who assists clients in implementing AI into their operations and related data protection matters. Under the guidance of Karin Bruchbacher, the firm also assists with ongoing GDPR compliance and digitalisation projects.

PHH Rechtsanwält:innen GmbH‘s ‘dynamic and highly skilled’ data protection lawyers focus predominantly on supporting startups and SMEs in tackling data protection issues, including due diligence in the run-up to M&A transactions, and disputes before the Data Protection Authority. Practice head Stefanie Werinos advises clients on the management and protection of personal data, with Theresa Karall, who qualified in January 2024, assists clients with international data transfers, matters tied to employee data and GDPR compliance.