The Cybersecurity & Privacy Compass: A Global Guide to Constant Change

Contact

D:+49 211 3678 7269
E: [email protected]

Practice:

Technology & Innovation Sector
Cyber, Privacy & Data Innovation
Technology Transactions
Technology Companies Group
Automotive Technology & Mobility
Strategic Advisory & Government Enforcement (SAGE)

vCard

See full bio

Dr. Christian Schröder Partner

Düsseldorf

Christian helps clients consider the privacy and artificial intelligence implications of new technology, supports their compliance programs, and helps them stay ahead of enforcement trends. One particular focus of his work deals with internal data transfer agreements, external data transfers with external providers, and product launches that comply with international data protection standards, as well as privacy requirements for connected cars. Furthermore, Christian provides guidance on privacy and data protection considerations for developing, acquiring, using, licensing and selling technology, data and intellectual property, including M&A transactions and IP focused joint ventures. He supports companies on the set-up of webshops, outsourcings, license agreements, in cases of trademark or unfair and deceptive trade practice issues, as well as on hard and software license and information technology (IT) project agreements.

Christian maintains strong working relationships with German data protection authorities and EU regulatory authorities with jurisdiction over privacy and data security matters. He effectively defends companies in cybersecurity and privacy-related investigations initiated by EU regulatory authorities. He also engages with authorities on behalf of clients and helps clients avoid proceedings and possible litigation. When litigation can't be avoided, Christian vigorously defends his clients.

For companies facing global cybersecurity incidents, Christian helps with crisis mitigation, including counseling on notification requirements, coordinating media strategies, and representing clients before data protection authorities in related regulatory investigations.

Christian regularly contributes practical thought leadership to global privacy industry publications and German privacy books and journals. Christian authors the Chapter V (international data transfers) of Germany’s leading GDPR commentary Kühling/Buchner (4th ed.) and is co-author to the Corporate Privacy Handbook (Betrieblicher Datenschutz). As an active member of the Sedona Conference, Christian drives the development and understanding of cross border privacy. He also participates in, hosts and moderates speaking programs with fellow private practitioners, EU data protection authorities, and academics focused on privacy and data security. Legal 500 Germany named Christian one of the top 15 practitioners in 2023 and noted that he is "a pioneer in the legal field, a data protection guru." They also recognized Christian and Orrick as "truly global" and how that it is "vital as they require the various leaders of each region to participate and bring issues to the table as a forum".

Prior to working in private practice, Christian interned with the German Federal Data Protection Commissioner and www.epic.org.

The European Data Act: 5 Things Cloud Services Provider Should Know
The Data Act also sets out a series of information obligations to ensure that companies provide customers with the information necessary to switch, including:

Does the Data Act Apply to cloud service providers?

What do affected companies need to do to comply?

Should companies amend current agreements?

What about adapting technical aspects of the services?

What is the timeline for implementation? What are risks of non-compliance?

Read more

China Eases Requirements for Cross-Border Data Transfers

In this Essential Guide, part of Orrick’s Cybersecurity & Privacy Compass Series, we offer insights into the Cyberspace Administration of China's (CAC) new rules and requirements for cross-border data transfers.

Read more

European Data Act: Harmonized Rules on Fair Access to and Use of Data (January 2024)
In this guide, we answer pressing questions about the European Data Act, including what the Data Act covers, who is impacted, the law's objectives, rights and obligations created by the act, legislative status and recommended next steps for companies.

What are the objectives of the Data Act?

Who is impacted?

What rights and obligations are created under the Act?

What is the legislative status?

What are the action items?

Read more

Data Subject Access Requests – 5 Things Your Company Needs to Consider

Both the EU and UK GDPR grant data subjects rights in relation to their personal data. Article 15 gives data subjects the right to access their personal data and increasingly, data subjects are exercising this right by sending data subject access requests (“DSARs”) to companies.

In this guide, our team sets out 5 things to consider when responding to a DSAR to help ensure your company complies with its statutory obligations under EU and UK data protection laws.

Read more

The EU Data Act: Harmonized Rules on Fair Access to and Use of Data

The European Data Act is the proposed regulation in Europe (EU) for harmonised rules on fair access to and use of data Data Act). It is one of the key measures intended to make more data available for use by the private and public sector. The Data Act complements the Data Governance Regulation proposed in November 2020, which is the first deliverable under A European strategy for data. While the Data Governance Regulation creates the processes and structures to facilitate the sharing of data, the Data Act clarifies who can generate value from data and under which conditions.

In our essential guide, we answer pressing questions about the European Data Act, including what the Data Act is about, who is impacted and what the objectives are, the new right and obligations created by the act, the legislative status, and recommended next steps for companies.

Read more

Landmark Ruling: The Court of Justice of the European Union Rejects Strict Liability in the General Data Protection Regulation

In this Essential Guide, we will provide insight into the potential fines that companies may face for violating the General Data Protection Regulation ("GDPR"), specifically when infringements are deemed negligent or wilful, as outlined in the ruling by the European Court of Justice for the European Union ("CJEU").

Read more

The Cybersecurity & Privacy Compass: A Global Guide to Constant Change

The Cybersecurity & Privacy Compass is your global guide to constant cybersecurity and privacy change. In our essential guides, we provide everything you need to know about key regulations impacting global businesses.