GDPR compliance, data protection, cybersecurity, IT contracts and technology law.
Filter by specialisation
Boutique firm specializing in IP and data protection
International firm with Dresden office
GDPR and data protection specialists
GDPR applies to any organisation that processes personal data of EU residents, regardless of where the organisation is based. A data protection lawyer can advise on compliance.
Fines can reach €20 million or 4% of global annual turnover (whichever is higher). A data protection lawyer can help implement compliant processes to minimise risk.
Browse our verified directory of law firms across Germany's major cities. All listed firms offer English-language legal services to expats and foreign nationals.
Find My Lawyer in 60 SecondsGermany applies GDPR (DSGVO) plus its own BDSG (Bundesdatenschutzgesetz). Germany has 16 state-level DPAs (Datenschutzbehörden) and the BfDI (federal). Maximum fines: €20M or 4% global turnover. Germany leads Europe in GDPR enforcement — LfDI BW fined Clearview AI €20M+ in 2021. A Datenschutzbeauftragter (DPO) is mandatory for most businesses processing personal data.
| Tier | Violations | Max fine | DSGVO article |
|---|---|---|---|
| Lower tier | DPO obligations, consent records, processor contracts | €10M / 2% turnover | Art. 83(4) |
| Upper tier | Basic principles, legal basis, data subject rights, transfers | €20M / 4% turnover | Art. 83(5) |
| Authority | Company | Fine | Violation type |
|---|---|---|---|
| BfDI | Deutsche Wohnen | €14.5M | Data retention failure |
| LfDI BW | AOK Baden-Württemberg | €1.24M | Marketing data misuse |
| DSK (Hamburg) | H&M | €35.3M | Illegal employee surveillance |
| BfDI | 1&1 Telecom | €9.55M | Inadequate caller authentication |
