The Team

We are experts in IT and data protection law.
Together with you, we will find the optimal solution for your problems.

Dr. Bernhard Freund, M.Comp.Sc., LL.M. (Wellington)

Lawyer, Certified IT Lawyer, certified Data Protection Officer (TÜV) and CIPP/E

Email: bernhard.freund@planit.legal
Phone: +49 (0) 40 609 44 190

More info
Certifications
  • Data protection officer (TÜV), certified by the TÜV Nord
  • Certified Information Privacy Professional/Europe (CIPP/E)
Membership
Presentations
  • Big Data and Privacy, Center for Business Law (CUR), Osnabrück 2017
  • IT Security Law (in Industry 4.0 and Internet of Things), Robert Bosch GmbH, Stuttgart 2017
  • Data Protection in the Dentist’s Surgery: Legal consequences of the increased interconnectedness [Datenschutz in der Zahnarztpraxis: Rechtliche Folgen der zunehmenden Vernetzung], Freier Verband Deutscher Zahnärzte e.V., Leipzig 2016
  • The Security of Digital Communication in the 21st Century – a Dialogue on Privacy and Data Protection Laws in the U.S. and Germany, German-American Jurists’ Association (DAJV e.V.), Berlin 2014
  • Damages for Violation of the Right of Personality: Legal Prerequisites and Avoidance Strategies (with a Focus on Video Surveillance and Mobbing) [Schmerzensgeld bei Verletzung von Persönlichkeitsrechten: Voraussetzungen und Vermeidungsstrategien (Schwerpunkte Videoüberwachung und Mobbing)], Symposium on Employees’ Privacy of the TÜV NORD Academy, Hamburg 2014
  • Bring Your Own Device (BYOD) – Legal Aspects [BYOD – Rechtliche Aspekte], Spring Summit of the Network User Group (BGNW), Lübeck 2013
  • Privacy after Snowden – Consequences of the NSA Scandal for Data Protection Law [Datenschutz nach Snowden – Datenschutzrechtliche Folgerungen aus dem NSA-Skandal], Palma de Mallorca 2013
  • Buying and Selling Data, Joint conference of the British-German Jurists‘ Association and the Deutsch-Britische Juristenvereinigung e.V., Aachen 2012
  • Internal Investigations and Privacy [Internal Investigations und Datenschutz], Workshop of the Federal Association of Inhouse Counsels (BUJ), Hamburg 2012
  • Facebook & Co. in Your Company [Facebook & Co. im Unternehmen], Hamburg 2012
  • Marketing 2.0 – a Journey into a Legal Vacuum? [Marketing 2.0 – Expedition in rechtsfreie Räume?], Hamburg 2012
  • Data Transfer to Third Countries – Model Clauses, Binding Corporate Rules, Safe Harbor [Datenübermittlung in Drittstaaten – Model Clauses, Binding Corporate Rules, Safe Harbor], Berlin, Hamburg and Stuttgart 2012
  • Facebook Friend Finder / IPv6 [Facebook Freundefinder / IPv6], Hamburg, Berlin, München and Stuttgart 2011
  • Using Defeasible Logic Programming for Argumentation-Based Decision Support in Private Law, Conference on Computational Models of Argument (COMMA 2010), Desenzano del Garda 2010
Publications
  • Commentary on GDPR articles relevant to the IT industry, in: Schuster/Grützmacher, IT Law Commentary [IT-Recht Kommentar], Otto Schmidt Verlag 2020
  • Controller-Processor Relationships [Auftragsverarbeitung], in: Intveen/Gennen/Karger, Handbook Software Law [Handbuch des Softwarerechts], Anwaltverlag 2018, joint publication with M. Grützmacher
  • After the Hard Fork – May the Crypto Exchange keep Bitcoin Cash? [Nach dem Hard Fork – Darf die Börse Bitcoin Cash behalten?], BTC-Echo, 8. August 2017
  • Perspektiven der Auftragsverarbeitung, ZD 2017, 14, joint publication with B. Schmidt
  • Guidance Notes: Health and Pharma Overview, Data Guidance 4/2016, joint publication with B. Schmidt
  • Specific Performance in the Law of Sales: History – Comparison – Unification [Erfüllungszwang im Kaufrecht, Geschichte – Vergleich – Vereinheitlichung, Schriften zum internationalen Recht], Schriften zum Internationalen Recht (SIR) Bd. 204, Duncker & Humblot 2015
  • IT Security Act, On the Draft Act against Cyber Attacks [IT-Sicherheitsgesetz, Zum neuen Entwurf eines Gesetzes gegen Cyber-Attacken], ITRB 2014, 256-260
  • The Nucleus of the Self-Responsibility of the Executive as a Limitation to the Right to Freedom of Information [Der Kernbereich exekutiver Eigenverantwortung als Schranke der Informationsfreiheit], DÖV 5/2012, 192-198 joint publication with C. Schnabel
  • On the Maximum Harmonization of European Data Protection Law by Directive 95/46/EC [Zur Frage der Vollharmonisierung des europäischen Datenschutzrechts durch die Richtlinie 95/46/EG], Anmerkung zu EuGH, Urt. v. 24.11.2011, C-468/10 u. C-469/10, CR 2012, 32-33
  • IPv6 – the End to Anonymity on the Internet? Technical Foundations and Legal Assessment of the New Internet Protocol (Bedeutet IPv6 das Ende der Anonymität im Internet? Technische Grundlagen und rechtliche Beurteilung des neuen Internet-Protokolls), MMR 2011, 495-499 joint publication with C. Schnabel
  • “And oh! I am glad that nobody knew…” – Self-Data-Protection when Using Telemedia Services [„Ach wie gut, dass niemand weiß…“ – Selbstdatenschutz bei der Nutzung von Telemedienangeboten], CR 2010, 718-721 joint publication with C. Schnabel
  • Can Bobby demand delivery? Towards a Knowledge-Based System in Private Law, Proceedings of the 24th Workshop on Constraint Logic Programming (WLP 2010) joint publication with C. Beierle, G. Kern-Isberner and M. Timm
  • Using Defeasible Logic Programming for Argumentation-Based Decision Support in Private Law, Proceedings of the Third International Conference on Computational Models of Argument (COMMA 2010) joint publication with C. Beierle, G. Kern-Isberner and M. Timm
  • On Mathematical Patterns in the Web of the Law Indicating a Quasi-Biological Evolution, Revue Juridique Polynésienne (RJP) 2007, 53-67

Bernhard is a founding partner of PLANIT // LEGAL. He advises on any data protection and IT law matters and is appointed as external Data Protection Officer by various companies. Clients value in particular the combination of his legal and technical experience.

Before founding PLANIT // LEGAL, Bernhard worked for the Hamburg Data Protection Authority (Hamburgischer Beauftragter für Datenschutz und Informationsfreiheit), as Lawyer for the Practice Group Technology, Media and Telecommunication in the Hamburg office of the international law firm CMS Hasche Sigle and as a software developer.

Bernhard studied law and computer science at the University of Bielefeld. After having accomplished his undergraduate studies and scientific research activities at the universities of Bielefeld and Torino, he completed his postgraduate studies in law (LL.M.) at the University of Wellington.

Bernhard was legal clerk (Rechtsreferendar) at the Hamburg Court of Appeal (Oberlandesgericht). During his legal clerkship he worked, inter alia, for international law firms and a public health insurance provider. During this time, he also finished his studies in computer science at the University of Hagen, majoring in artificial intelligence, with a thesis on knowledge-based systems.

Bernhard was Ph.D. student at the chair of Prof. Dr. Hans Schulte-Nölke, University of Osnabrück. He wrote his Ph.D. thesis on “Specific Performance in Sales Contracts” (Erfüllungszwang im Kaufrecht). Bernhard was associate professor (Lehrbeauftragter) for data protection law at the Hamburg University of Applied Sciences and currently is a trainer with the PLANIT // Academy.

Bernhard is fluent in German and English.

Dr. Bernd Schmidt, LL.M. (Auckland)

Lawyer, Certified IT Lawyer, certified Data Protection Officer (GDDcert.), and CIPP/E

Email: bernd.schmidt@planit.legal
Phone: +49 (0) 40 609 44 190

More info
Certifications
  • Data Protection Officer (GDDcert.)
  • Certified Information Privacy Professional/Europe (CIPP/E)
Membership
Presentations
  • Data Protection Regulation – Current Tasks for Your Compliance Organisation. Webinar Comparex Academy, 8 June 2017
  • Panel Discussion on Employment Data Protection 11th dtb / DGB Technologieforum, Berlin, 10 November 2016
  • CCTV – Data Protection vs. Retail Security? German Retail Security Network, Essen 19 October 2016
  • Legal Framework for Social Media and Mobile Marketing [Rechtliche Anforderungen bei Social Media und Mobile Marketing], Marketingfrühstück Marketing Club Hamburg, 4 July 2015
  • Consent Requirements for Tracking-Technologies in a German Legal Perspective [Einwilligungsvorbehalte für Tracking-Technologien im deutschen Recht], DSRI Herbstakademie in Göttingen, 10 September 2015
  • Outsourcing in the Insurance Sector [Outsourcing im Versicherungssektor], DSRI Herbstakademie 2013 in Berlin, 14 September 2013
  • Compliance – Management Obligations for Managing Legal Risks [Compliance – Die Vorstandspflicht zur Beherrschung von Rechtsrisiken], D-A-CH-Security in Bochum, 19 May 2009
Publications
  • Neuer Datenschutz: Gut vorbereitet auf die DSGVO 2018, eBook, Hamburg 2017
  • Einführung zum BDSG, in: Taeger/Gabel, Kommentar zum BDSG, 2. Aufl., Frankfurt a.M. 2013 zusammen mit Taeger
  • 1 Abs. 1 – 4 BDSG, in: Taeger/Gabel, Kommentar zum BDSG, 2. Aufl. Frankfurt a.M. 2013
  • Compliance in Kapitalgesellschaften, Baden Baden 2010
  • Überblick zum europäischen Datenschutzrecht, in: Specht-Riemenschneider / Werry / Werry, Datenrecht in der Digitalisierung, 1. Aufl. 2019, p. 63-92
  • Arbeitnehmerdatenschutz bei Unternehmenstransaktionen, in: Weth/Herberger/Wächter/Sorge, Daten- und Persönlichkeitsrechtsschutz im Arbeitsverhältnis, 2. Aufl. 2019, p. 608-61
  • Datenschutz-Organisation und -Dokumentation in der Anwaltskanzlei, NJW 2018, p. 1448
  • Perspektiven der Auftragsverarbeitung, ZD 2017, p. 14, joint publication with Freund
  • Datenschutzrechtliche Folgen des Brexit, in: Jusletter IT 22 September 2016, joint publication with Bischof
  • Guidance Notes: Employment, Data Guidance 6/2016, joint publication with Freund
  • Guidance Notes: Health and Pharma Overview, Data Guidance 4/2016, joint publication with Freund
  • Des Jägers Recht: Leitfaden zum rechtskonformen Wildkameraeinsatz, Wir Jagen 6/2016, S. 37
  • Dienstleister an fester Leine halten, Versicherungswirtschaft 2/2016, p. 22, joint publication with Bischof
  • Anforderungen an den Einsatz von Cookies, Browser-Fingerprinting und ähnlichen Techniken im deutschen Recht, K&R 2016, p. 86, joint publication with Babilon
  • Die Herausgabe von Datenträgern an nationale Ermittlungsbehörden, PinG 2014, p. 245
  • Strafrechtliche Risiken und Reformbedarf beim Outsourcing im Versicherungssektor, VersR 2014, p. 161
  • Risikomanagement und Compliance in der Genossenschaft, ZfgG 2013, p. 161, joint publication with Seegmüller
  • Aktenvortrag – Öffentliches Recht – Unterwegs mit dem Bierbike, JuS 2013, p. 547, joint publication with Herbord
  • Übermittlung personenbezogener Daten bei staatlichen Auskunftsbegehren, ZD 2012, p. 63
  • Arbeitnehmerdatenschutz in Norwegen, DuD 2012, p. 591
  • Einstweiliger gewerblicher Rechtsschutz durch Hamburger Gerichte, IPRB 2011, p. 261, joint publication with Baars
  • Die Zulässigkeit IT-gestützter Compliance- und Risikomanagementsysteme nach der BDSG-Novelle, DuD 2011, p. 88, joint publication with Jakob
  • IT-gestützte Compliance-Systeme und Datenschutzrecht, CR 2010, p. 540, joint publication with Heinson
  • Informationsmanagement und Compliance, in: Wissen und Wissensmanagement, Chancen in der Wirtschaftskrise, Oldenburg 2010, p. 217
  • Beschäftigtendatenschutz in § 32 BDSG, DuD 2010, p. 207
  • Datenschutzrechtliche Anforderungen und internationale Rechtspflichten zum Betrieb von Whistleblowing-Systemen, in: Governance – Entscheidungsfindung und -umsetzung innerhalb staatlicher und wirtschaftlicher Strukturen, Oldenburg 2009, p. 57-71
  • Arbeitnehmerdatenschutz gemäß § 32 BDSG – Eine Neuregelung (fast) ohne Veränderung der Rechtslage, RDV 2009, p. 193
  • Vertrauen ist gut, Compliance ist besser!, BB 2009, p. 1295

Bernd is a founding partner. He advises on any data protection and IT law matters and is assigned as Data Protection Officer for various companies. Clients value in particular his experience as external Data Protection Officer and his hands on advisory approach.
Before founding PLANIT // LEGAL, Bernd worked as Attorney at Law for the “Practice Group IT Commercial, Outsourcing” in the Munich office of Bird & Bird and as Attorney at Law and external Data Protection Officer in a boutique law firm for data protection law.

Bernd studied law at the Universities of Hannover, Lausanne and Münster. He made his postgraduate studies in commercial law (LL.M.) at the University of Auckland and his Ph.D. studies at the chair of Prof. Dr. Jürgen Taeger, University of Oldenburg. He wrote his Ph.D. thesis on “Compliance in Corporate Entities” (Compliance in Kapitalgesellschaften). During his Ph.D. studies Bernd was member of the German Research Foundation (Deutsche Forschungsgemeinschaft, DFG) graduate school “Trustsoft”.

Bernd was legal clerk (Rechtsreferendar) at the Bremen Court of Appeal (Oberlandesgericht). During his legal clerkship he worked, inter alia, for the Hamburg Data Protection Authority (Hamburgischer Beauftragter für Datenschutz und Informationsfreiheit) and the IT/IP groups of Taylor Wessing in Hamburg and Simonsen Advkatfirma in Oslo.

Bernd is member of the EuroPrivacy Certification Board of Experts and teaches at the PLANIT // ACADEMY.

Bernd is fluent in German, English and Norwegian.

Dr. Sebastian Heep

Lawyer

Email: sebastian.heep@planit.legal
Phone: +49 (0) 40 609 44 190

More info

Sebastian joined PLANIT//LEGAL as a partner in 2020. He advises on all questions of IT law as well as on commercial and data protection law. Clients value his pragmatic and solution-oriented consulting approach, which stems from his extensive experience in the corporate environment and his work as an attorney in an internationally operating law firm.

Before joining PLANIT//LEGAL, Sebastian was an in-house senior legal counsel in the legal department of Körber AG, the holding company of an international technology group. As “Head of Commercial Law” of the business unit Medipak Systems, Sebastian provided legal advice to domestic and foreign software and machine building companies, particularly in questions of software contract law and commercial law. Sebastian has also accompanied the set-up of an internal digital unit and advised Körber AG on M&A transactions. Before joining the legal department of Körber AG, Sebastian was an attorney and senior associate in the Hamburg office of CMS Hasche Sigle, specializing in IPR, commercial law and life science.

Sebastian studied law at the University of Konstanz. After the first state examination in law, he received his ph.D. under Prof. Dr. Jochen Glöckner, LL.M. on the subject of “Lauterkeitsrechtlicher Schutz vor Herkunftstäuschung (§ 4 Nr. 9 lit. a UWG) und Rufausbeutung (§ 4 Nr. 9 lit. b UWG) im Verhältnis zum Geschmacksmuster- und Kennzeichenrecht“ and was a research assistant at the Chair for German and European Private and Business Law of Prof. Dr. Jochen Glöckner, LL.M. .

Sebastian completed his legal clerkship at the Hanseatic Higher Regional Court in Hamburg, including stations at CMS Hasche Sigle in Hamburg and at the German Chamber of Commerce, Hong Kong.

Sebastian is fluent in German and English.

Dr. Anna-Kristina Roschek

Lawyer

Email: anna.roschek@planit.legal
Phone: +49 (0) 40 609 44 190

More info

Anna joined PLANIT//LEGAL as a partner in 2020. She advises on all questions of data protection and IT law with a focus on IT projects, IT commercial and data protection compliance. She is also appointed as external data protection officer for companies. Clients value her practical experience gained both from internal consulting in a Group environment and from external consulting.

Before joining PLANIT//LEGAL, Anna was Senior Legal Counsel at Körber AG, the holding company of an international technology group. In addition to providing legal advice to software and mechanical engineering companies in the logistics and pharmaceuticals sector, Anna has been responsible for setting up a group-wide data protection organization. She also providing comprehensive legal advice to the internal IT provider of the Körber Group on the centralization of IT, among other things within the scope of a global infrastructure project. Before joining the legal department of Körber AG, Anna was an attorney in the Hamburg office of Taylor Wessing in the Practice Area Corporate and the Industry Group Energy.

Anna studied law at the University of Hamburg. During her studies, she was a student assistant to Prof. Dr. Jan Kropholler at the Max Planck Institute for Foreign and International Private Law in Hamburg. After the first state examination in law, she did her ph.D. under Prof. Dr. Ulrich Magnus on the subject of “Enforceability declaration and enforcement of foreign titles in the European Union” and was at the same time a research assistant at the Max Planck Institute for Foreign and International Private Law.

Anna was legal clerk (Rechtsreferendar) at the Hamburg Court of Appeal (Oberlandesgericht). During her legal clerkship she worked, inter alia, at the District Court (Landgericht) of Hamburg in the Chamber for IPR, Competition and Patent Matters.

Anna is fluent in German and English.

Robin Schoss

Lawyer

Email: robin.schoss@planit.legal
Phone: +49 (0) 40 609 44 190

More info

Robin is Associate at PLANIT // LEGAL. He advises clients on all matters relating to Data Protection and IT Law. Clients particularly value his technical expertise and straightforward advisory approach.

After finishing his studies at the University of Hamburg, he began research on his PhD project on the legitimacy of state-actor public relations, under the supervision of Prof. Dr. Roland Broemel. During his studies, he also developed a successful event-management platform for student-run conferences.

He served as a law lerk at the Higher Regional Court of Hamburg, working, amongst others, at Google Germany, the IP/IT departments of Freshfields Bruckhaus Deringer and NEUWERK, as well as the Regional Court of Hamburg under supervision of Dr. Jan Tolkmitt (now a Justice at the German Supreme Court).

Robin Schoss speaks German and English.

Ruben-Alexander Hubert

Lawyer

Email: ruben-alexander.hubert@planit.legal
Phone: +49 (0) 40 609 44 190

More info

Ruben joined PLANIT // LEGAL in 2019. He supports the firms advisory services in data protection and IT law matters. Further, he develops legal-tech applications for PLANIT // LEGAL. Clients value in particular his understanding of and enthusiasm for software and information technology.

Ruben studied law at the Christian-Albrechts-University (CAU) in Kiel. He was legal clerk (Rechtsreferendar) at the Schleswig-Holstein Court of Appeal (Oberlandesgericht). During his legal clerkship he worked, inter alia, at the Regional Court of Lübeck (Landgericht) and in law firms specializing in IT and data protection law, in particular the IT department of Taylor Wessing in Hamburg.

In addition to his legal activities, he is involved in the development of web applications.

Ruben is fluent in German and English.