The Team

We are experts in IT and data protection law.
Together with you, we will find the optimal solution for your problems.

Dr. Bernhard Freund, M.Comp.Sc., LL.M. (Wellington)

Lawyer, Certified IT Lawyer and CIPP/E

Email: bernhard.freund@planit.legal
Phone: +49 (0) 40 609 44 190

More info
Certifications
  • Data protection officer (TÜV), certified by the TÜV Nord
  • Certified Information Privacy Professional/Europe (CIPP/E)
Membership
  • Hamburg Attorneys’ Association (Hamburger Anwaltverein e.V.)
  • German Attorneys’ Association (Deutscher Anwaltverein e.V.)
  • DAV Working Group on IT LAW (DAVIT – Arbeitsgemeinschaft IT-Recht im DAV)
  • Hamburg Society for Data Protection (Hamburger Datenschutzgesellschaft e.V.)
  • German Society for Law and Computer Science (Deutsche Gesellschaft für Recht und Informatik e.V.)
  • Society for Data Protection and Data Security (Gesellschaft für Datenschutz und Datensicherheit e.V.)
Presentations
  • Big Data and Privacy, Center for Business Law, Osnabrück 2017
  • IT Security Law (in Industry 4.0 and Internet of Things), Robert Bosch GmbH, Stuttgart 2017
  • Data Protection in the Dentist’s Surgery: Legal consequences of the increased interconnectedness [Datenschutz in der Zahnarztpraxis: Rechtliche Folgen der zunehmenden Vernetzung], Freier Verband Deutscher Zahnärzte e.V., Leipzig 2016
  • The Security of Digital Communication in the 21st Century – a Dialogue on Privacy and Data Protection Laws in the U.S. and Germany, German-American Jurists’ Association (DAJV e.V.), Berlin 2014
  • Damages for Violation of the Right of Personality: Legal Prerequisites and Avoidance Strategies (with a Focus on Video Surveillance and Mobbing) [Schmerzensgeld bei
  • Verletzung von Persönlichkeitsrechten: Voraussetzungen und Vermeidungsstrategien (Schwerpunkte Videoüberwachung und Mobbing)], Symposium on Employees’ Privacy of the TÜV NORD Academy, Hamburg 2014
  • Bring Your Own Device (BYOD) – Legal Aspects [BYOD – Rechtliche Aspekte], Spring Summit of the Network User Group (BGNW), Lübeck 2013
  • Privacy after Snowden – Consequences of the NSA Scandal for Data Protection Law [Datenschutz nach Snowden – Datenschutzrechtliche Folgerungen aus dem NSA-Skandal], Palma de Mallorca 2013
  • Buying and Selling Data, Joint conference of the British-German Jurists‘ Association and the Deutsch-Britische Juristenvereinigung e.V., Aachen 2012
  • Internal Investigations and Privacy [Internal Investigations und Datenschutz], BUJ-Workshop, Hamburg 2012
  • Facebook & Co. in Your Company [Facebook & Co. im Unternehmen], Hamburg 2012
  • Marketing 2.0 – a Journey into a Legal Vacuum? [Marketing 2.0 – Expedition in rechtsfreie Räume?], Hamburg 2012
  • Data Transfer to Third Countries – Model Clauses, Binding Corporate Rules, Safe Harbor [Datenübermittlung in Drittstaaten – Model Clauses, Binding Corporate Rules, Safe Harbor], Berlin, Hamburg und Stuttgart 2012
  • Facebook Friend Finder / IPv6 [Facebook Freundefinder / IPv6], Hamburg, Berlin, München und Stuttgart 2011
  • Using Defeasible Logic Programming for Argumentation-Based Decision Support in Private Law, Conference on Computational Models of Argument (COMMA 2010), Desenzano del Garda 2010
Publications
  • Specific Performance in the Law of Sales: History – Comparison – Unification [Erfüllungszwang im Kaufrecht, Geschichte – Vergleich – Vereinheitlichung, Schriften zum internationalen Recht], Bd. 204, Duncker & Humblot 2015
  • Perspektiven der Auftragsverarbeitung, ZD 2017, 14, joint publication with Schmidt
  • Guidance Notes: Health and Pharma Overview, Data Guidance 4/2016, joint publication with Schmidt
  • IT Security Act, On the Draft Act against Cyber Attacks [IT-Sicherheitsgesetz, Zum neuen Entwurf eines Gesetzes gegen Cyber-Attacken], ITRB 2014, 256-260
  • The Nucleus of the Self-Responsibility of the Executive as a Limitation to the Right to Freedom of Information [Der Kernbereich exekutiver Eigenverantwortung als Schranke der Informationsfreiheit], DÖV 5/2012, 192-198 joint publication with Schnabel
  • On the Maximum Harmonization of European Data Protection Law by Directive 95/46/EC [Zur Frage der Vollharmonisierung des europäischen Datenschutzrechts durch die Richtlinie 95/46/EG], Anmerkung zu EuGH, Urt. v. 24.11.2011, C-468/10 u. C-469/10, CR 2012, 32-33
  • IPv6 – the End to Anonymity on the Internet? Technical Foundations and Legal Assessment of the New Internet Protocol (Bedeutet IPv6 das Ende der Anonymität im Internet? Technische Grundlagen und rechtliche Beurteilung des neuen Internet-Protokolls), MMR 2011, 495-499 joint publication with Schnabel
  • “And oh! I am glad that nobody knew…” – Self-Data-Protection when Using Telemedia Services [„Ach wie gut, dass niemand weiß…“ – Selbstdatenschutz bei der Nutzung von Telemedienangeboten], CR 2010, 718-721 joint publication with Schnabel
  • Can Bobby demand delivery? Towards a Knowledge-Based System in Private Law, Proceedings of the 24th Workshop on Constraint Logic Programming (WLP 2010) joint publication with Beierle, Kern-Isberner and Timm
  • Using Defeasible Logic Programming for Argumentation-Based Decision Support in Private Law, Proceedings of the Third International Conference on Computational Models of Argument (COMMA 2010) joint publication with Beierle, Kern-Isberner and Timm
  • On Mathematical Patterns in the Web of the Law Indicating a Quasi-Biological Evolution, Revue Juridique Polynésienne (RJP) 2007, 53-67

Bernhard is a founding partner of PLANIT // LEGAL. He advises on any data protection and IT law matters and is appointed as external Data Protection Officer by various companies. Clients value in particular the combination of his legal and technical experience.

Before founding PLANIT // LEGAL, Bernhard worked for the Hamburg Data Protection Authority (Hamburgischer Beauftragter für Datenschutz und Informationsfreiheit), as Lawyer for the Practice Group Technology, Media and Telecommunication in the Hamburg office of the international law firm CMS Hasche Sigle and as Software Developer.

Bernhard studied law and computer science at the University of Bielefeld. After having accomplished his undergraduate studies and scientific research activities at the Universities of Bielefeld, he completed his postgraduate studies in law (LL.M.) at the University of Wellington.

Bernhard was legal clerk (Rechtsreferendar) at the Hamburg Court of Appeal (Oberlandesgericht). During his legal clerkship he worked, inter alia, for international law firms and a public health insurance provider. During this time, he also finished his studies in computer science at the University of Hagen, majoring in artificial intelligence, with a thesis on knowledge-based systems.

Bernhard was Ph.D. student at the chair of Prof. Dr. Hans Schulte-Nölke, University of Osnabrück. He wrote his Ph.D. thesis on “Specific Performance in Sales Contracts” (Erfüllungszwang im Kaufrecht). Bernhard was associate professor (Lehrbeauftragter) for data protection law at the Hamburg University of Applied Sciences and currently is a trainer with the PLANIT // Academy.

Bernhard is fluent in German and English.

Dr. Bernd Schmidt, LL.M. (Auckland)

Lawyer, certified Data Protection Officer (GDDcert.), and CIPP/E

Email: bernd.schmidt@planit.legal
Phone: +49 (0) 40 609 44 190

More info
Certifications
  • Data Protection Officer (GDDcert.)
  • Certified Information Privacy Professional/Europe (CIPP/E)
Membership
Presentations
  • Data Protection Regulation – Current Tasks for Your Compliance Organisation. Webinar Comparex Academy, 8 June 2017
  • Panel Discussion on Employment Data Protection 11th dtb / DGB Technologieforum, Berlin, 10 November 2016
  • CCTV – Data Protection vs. Retail Security? German Retail Security Network, Essen 19 October 2016
  • Legal Framework for Social Media and Mobile Marketing [Rechtliche Anforderungen bei Social Media und Mobile Marketing], Marketingfrühstück Marketing Club Hamburg, 4 July 2015
  • Consent Requirements for Tracking-Technologies in a German Legal Perspective [Einwilligungsvorbehalte für Tracking-Technologien im deutschen Recht], DSRI Herbstakademie in Göttingen, 10 September 2015
  • Outsourcing in the Insurance Sector [Outsourcing im Versicherungssektor], DSRI Herbstakademie 2013 in Berlin, 14 September 2013
  • Compliance – Management Obligations for Managing Legal Risks [Compliance – Die Vorstandspflicht zur Beherrschung von Rechtsrisiken], D-A-CH-Security in Bochum, 19 May 2009
Publications
  • Neuer Datenschutz: Gut vorbereitet auf die DSGVO 2018, eBook, Hamburg 2017
  • Einführung zum BDSG, in: Taeger/Gabel, Kommentar zum BDSG, 2. Aufl., Frankfurt a.M. 2013 zusammen mit Taeger
  • 1 Abs. 1 – 4 BDSG, in: Taeger/Gabel, Kommentar zum BDSG, 2. Aufl. Frankfurt a.M. 2013
  • Compliance in Kapitalgesellschaften, Baden Baden 2010
  • Überblick zum europäischen Datenschutzrecht, in: Specht-Riemenschneider / Werry / Werry, Datenrecht in der Digitalisierung, 1. Aufl. 2019, p. 63-92
  • Arbeitnehmerdatenschutz bei Unternehmenstransaktionen, in: Weth/Herberger/Wächter/Sorge, Daten- und Persönlichkeitsrechtsschutz im Arbeitsverhältnis, 2. Aufl. 2019, p. 608-61
  • Datenschutz-Organisation und -Dokumentation in der Anwaltskanzlei, NJW 2018, p. 1448
  • Perspektiven der Auftragsverarbeitung, ZD 2017, p. 14, joint publication with Freund
  • Datenschutzrechtliche Folgen des Brexit, in: Jusletter IT 22 September 2016, joint publication with Bischof
  • Guidance Notes: Employment, Data Guidance 6/2016, joint publication with Freund
  • Guidance Notes: Health and Pharma Overview, Data Guidance 4/2016, joint publication with Freund
  • Des Jägers Recht: Leitfaden zum rechtskonformen Wildkameraeinsatz, Wir Jagen 6/2016, S. 37
  • Dienstleister an fester Leine halten, Versicherungswirtschaft 2/2016, p. 22, joint publication with Bischof
  • Anforderungen an den Einsatz von Cookies, Browser-Fingerprinting und ähnlichen Techniken im deutschen Recht, K&R 2016, p. 86, joint publication with Babilon
  • Die Herausgabe von Datenträgern an nationale Ermittlungsbehörden, PinG 2014, p. 245
  • Strafrechtliche Risiken und Reformbedarf beim Outsourcing im Versicherungssektor, VersR 2014, p. 161
  • Risikomanagement und Compliance in der Genossenschaft, ZfgG 2013, p. 161, joint publication with Seegmüller
  • Aktenvortrag – Öffentliches Recht – Unterwegs mit dem Bierbike, JuS 2013, p. 547, joint publication with Herbord
  • Übermittlung personenbezogener Daten bei staatlichen Auskunftsbegehren, ZD 2012, p. 63
  • Arbeitnehmerdatenschutz in Norwegen, DuD 2012, p. 591
  • Einstweiliger gewerblicher Rechtsschutz durch Hamburger Gerichte, IPRB 2011, p. 261, joint publication with Baars
  • Die Zulässigkeit IT-gestützter Compliance- und Risikomanagementsysteme nach der BDSG-Novelle, DuD 2011, p. 88, joint publication with Jakob
  • IT-gestützte Compliance-Systeme und Datenschutzrecht, CR 2010, p. 540, joint publication with Heinson
  • Informationsmanagement und Compliance, in: Wissen und Wissensmanagement, Chancen in der Wirtschaftskrise, Oldenburg 2010, p. 217
  • Beschäftigtendatenschutz in § 32 BDSG, DuD 2010, p. 207
  • Datenschutzrechtliche Anforderungen und internationale Rechtspflichten zum Betrieb von Whistleblowing-Systemen, in: Governance – Entscheidungsfindung und -umsetzung innerhalb staatlicher und wirtschaftlicher Strukturen, Oldenburg 2009, p. 57-71
  • Arbeitnehmerdatenschutz gemäß § 32 BDSG – Eine Neuregelung (fast) ohne Veränderung der Rechtslage, RDV 2009, p. 193
  • Vertrauen ist gut, Compliance ist besser!, BB 2009, p. 1295

Bernd is a founding partner. He advises on any data protection and IT law matters and is assigned as Data Protection Officer for various companies. Clients value in particular his experience as external Data Protection Officer and his hands on advisory approach.
Before founding PLANIT // LEGAL, Bernd worked as Attorney at Law for the “Practice Group IT Commercial, Outsourcing” in the Munich office of Bird & Bird and as Attorney at Law and external Data Protection Officer in a boutique law firm for data protection law.

Bernd studied law at the Universities of Hannover, Lausanne and Münster. He made his postgraduate studies in commercial law (LL.M.) at the University of Auckland and his Ph.D. studies at the chair of Prof. Dr. Jürgen Taeger, University of Oldenburg. He wrote his Ph.D. thesis on “Compliance in Corporate Entities” (Compliance in Kapitalgesellschaften). During his Ph.D. studies Bernd was member of the German Research Foundation (Deutsche Forschungsgemeinschaft, DFG) graduate school “Trustsoft”.

Bernd was legal clerk (Rechtsreferendar) at the Bremen Court of Appeal (Oberlandesgericht). During his legal clerkship he worked, inter alia, for the Hamburg Data Protection Authority (Hamburgischer Beauftragter für Datenschutz und Informationsfreiheit) and the IT/IP groups of Taylor Wessing in Hamburg and Simonsen Advkatfirma in Oslo.

Bernd is member of the EuroPrivacy Certification Board of Experts and teaches at the PLANIT // ACADEMY.

Bernd is fluent in German, English and Norwegian.

Svenja Bottke, LL.B.

Business Lawyer (Wirtschaftsjuristin), Certified Data Protection Officer (TÜV)

Email: svenja.bottke@planit.legal
Phone: +49 (0) 40 609 44 190

More info

Svenja Bottke is Data Protection Consultant at PLANIT // LEGAL. She works for clients and supports them in all questions relating to data protection. Her main areas of activity are data protection training, assistance in setting up a data protection organisation, creation of data protection documents and the implementation of data protection compliance measures.

Prior to joining PLANIT // LEGAL, Svenja Bottke was a Business Lawyer in the marketing department of a leading international B2C sales service and fulfillment provider for consumer goods.

She studied business law at the Wismar University of Applied Sciences, where she graduated in 2016 with a degree in business law (LL.B.).

Svenja Bottke speaks German and English.