IT and data protection law

HEUSSEN's classic core competences include IT and data protection law. Our team combines technical and commercial understanding, industry expertise and legal knowledge to deliver legally sound and practical solutions. Accordingly, we are recommended by leading publications such as the JUVE Handbook, LEGAL500, Leaders League and Best Lawyers.

  • Consultancy focus

    • Digital Business. From digital business models (e.g. platforms) to cloud computing ("Everything-as-a-Service") to classic software and hardware contracts, we support our clients in all matters of IT law with customised solutions.
    • New Tech. AI, blockchain, big data, metaverse or quantum technology - new tech is nothing new for us. We navigate our clients safely through a dynamic environment in order to exploit the opportunities of digitalisation.
    • Data Protection. Through our forward-looking and solution-oriented advice, we prevent data protection from becoming an obstacle. But we also stand by our clients in the event of data protection mishaps and contentious disputes.
  • Who we consult

    Our clients include national and international companies from the following industries, among others:

    • Software and IT (e.g. data centres, cloud services, AI, big data, blockchain, quantum computing)
    • Industry and mechanical engineering
    • Automotive
    • Financial services
    • Health care / life sciences
    • Energy
    • Construction and real estate management
  • Service spectrum

    Information technology law


    Digital Business

    • E-commerce
    • Platform-based business models and platform liability
    • Internet of Things (IIoT, Industry 4.0)
    • New communication channels (e.g. augmented reality, virtual reality and metaverse)
    • Super computing (e.g. quantum computing)
    • Artificial intelligence (e.g. GPT)
    • Blockchain (e.g. cryptocurrencies and NFT)
    • Smart Contracts
    • Intellectual Property for Digital Business


    Data protection and IT security law

    • Data protection on the internet (e.g. data protection declarations and cookie guidelines)
    • Data protection in online marketing
    • Data protection and data use contracts (e.g. order processing and joint controller contracts)
    • Employee data protection
    • Data protection guidelines
    • International data protection
    • Due Diligence, M&A Transactions
    • Data protection incidents and mishaps
    • Representation in data protection proceedings (e.g. administrative fine proceedings, claims for damages)
    • Data protection audits
    • Training (e.g. in-house training)


    Acting as an external data protection officer*.

    • Assumption of statutory duties (if necessary, with the involvement of external service providers)
    • Information and advice in all areas of data protection
    • Support in dealing with data subjects' rights (especially requests for information)
    • Cooperation with data protection supervisory authorities
    • Support and assistance in the implementation of a data protection management system


    *HEUSSEN Rechtsanwaltsgesellschaft mbH provides external data protection officers. External data protection officers act personally and independently. HEUSSEN Rechtsanwaltsgesellschaft mbH bears the personnel and material expenses associated with their work in return for a fee.