Dr. Christian Schröder

Partner

Düsseldorf

Dr. Christian Schröder is partner in our Düsseldorf Office and leads Orrick's Cyber, Privacy & Data Innovation Group in Europe. He collaborates with team members in the United States (U.S.), Europe (EU), and Asia to provide support to global clients. As a technology-focused partner, Christian advises on all sorts of “data” focused laws such as cybersecurity and privacy regulatory compliance, incident response, data licensing and data sharing requirements, AI, regulatory investigations and enforcement, as well as litigation.

Christian helps clients consider the privacy and artificial intelligence implications of new technology, supports their compliance programs, and helps them stay ahead of enforcement trends. One particular focus of his work deals with internal data transfer agreements, external data transfers with external providers, and product launches that comply with international data protection standards, as well as privacy requirements for connected cars. Furthermore, Christian provides guidance on privacy and data protection considerations for developing, acquiring, using, licensing and selling technology, data and intellectual property, including M&A transactions and IP focused joint ventures. He supports companies on the set-up of webshops, outsourcings, license agreements, in cases of trademark or unfair and deceptive trade practice issues, as well as on hard and software license and information technology (IT) project agreements.

 

Christian maintains strong working relationships with German data protection authorities and EU regulatory authorities with jurisdiction over privacy and data security matters. He effectively defends companies in cybersecurity and privacy-related investigations initiated by EU regulatory authorities. He also engages with authorities on behalf of clients and helps clients avoid proceedings and possible litigation. When litigation can't be avoided, Christian vigorously defends his clients.

 

For companies facing global cybersecurity incidents, Christian helps with crisis mitigation, including counseling on notification requirements, coordinating media strategies, and representing clients before data protection authorities in related regulatory investigations.

 

Christian regularly contributes practical thought leadership to global privacy industry publications and German privacy books and journals. Christian authors the Chapter V (international data transfers) of Germany’s leading GDPR commentary Kühling/Buchner (4th ed.) and is co-author to the Corporate Privacy Handbook (Betrieblicher Datenschutz). As an active member of the Sedona Conference, Christian drives the development and understanding of cross border privacy. He also participates in, hosts and moderates speaking programs with fellow private practitioners, EU data protection authorities, and academics focused on privacy and data security. Legal 500 Germany named Christian one of the top 15 practitioners in 2023 and noted that he is "a pioneer in the legal field, a data protection guru." They also recognized Christian and Orrick as "truly global" and how that it is "vital as they require the various leaders of each region to participate and bring issues to the table as a forum".

 

Prior to working in private practice, Christian interned with the German Federal Data Protection Commissioner and www.epic.org.

  • Recent Engagements:

    Data Privacy / Cybersecurity

    • Privacy compliance and IT agreement: Advising a growing smart SaaS provider on its IT agreement and privacy compliance in long and complex bidding process with large German customer
      (contract volume 15 MEUR)
    • GDPR Compliance Programs: Advising various mid to large sized multinational companies on GDPR compliance, understanding international data flows, drafting data sharing agreements, setting up compliance structure and privacy-by-design programs, assisting with Privacy Impact Assessments, and revising data privacy policies. Some of these clients are among the worldwide leading technology companies.
    • Data Processing Agreements: Representing market leading Cloud providers in negotiations of data processing agreements with large customers.
    • Connected Cars: Advising global tech companies and car manufacturers on data privacy implications with Connected Cars and on international data transfers.
    • IoT: Advising leading real estate company on smart home project, advising leading tool manufacturer on implementing IoT and related cloud services for its customers.
    • International Data Transfer Mechanisms: Developing and implementing enterprise-wide compliance programs, including (online) customer and employee privacy policies, cookie compliance, terms of service, and end user licensing agreements relating to core privacy and related consumer-protection issues.
    • International Investigation: Advising a leading vendor on internal investigation of a leading public organization involving various jurisdictions.
    • Employee Monitoring and Works Council Agreements: Advising several global companies in connection with the implementation of employee monitoring schemes and cross-border data flows, international transfer (both intra-group transfers and third-party transfers) of employee data from countries outside of Europe to a service provider in Europe (and vice versa) and, developing a global HR data privacy approach; drafting and representing clients in works council agreements relating to the implementation and use of IT applications.
    • Representation before Supervisory Authorities: Representing a global event organizer in supervisory procedures regarding data privacy matters.
    • Vendor Data Processing Agreements: Advising several global tech companies on tailored data processing agreements which include cloud services with various sub-processors.
    • Data Privacy and E-Commerce: Advising several international companies on data privacy and e-commerce law matters, inter alia on using personal data for direct marketing, and collecting and using personal data in the online environment.
    • Travel and Ed-Tech Data Privacy: Advising leading travel and Ed-Tech companies on data privacy issues specific to their businesses.
    • Advising Tech Start-ups on Data Privacy: Advising numerous mid-sized start-ups from the U.S. and Germany regarding IT and data privacy matters, i.e. to develop marketable products and services that align with consumer privacy and data protection principles. Also, drafting privacy policies, terms and conditions, and vendor contracts, as well as evaluating cutting-edge and disruptive technologies and businesses on privacy compliance and consumer protection concepts.
    • Cybersecurity and Data Breach Incident Plans: Counseling major computer software companies on Cybersecurity and incident plans.
    • Strategic Cloud Computing Advice: Providing strategic advice to key cloud computing market players in relation to data protection and information security issues.
    • Post-M&A Integration Issues: Integrating a German affiliate into the group's internal data sharing/access schemes and, in this context, conducting challenging negotiations with IT providers and the affiliate's works council (Betriebsrat).

    Information Technology

    • IT Licensing: Advising leading U.S. software manufacturer and Cloud services providers on their EU and German software licensing terms & conditions and regularly conducting negotiations with their customers.
    • Software Joint Venture: Advising a leading German market platform on a Joint Venture with a software manufacturer.

    Unfair Trade and IP

    • Unfair Trade Practices Litigation: Representing several software and e-commerce companies in unfair competition litigation, e.g. regarding unfair advertising and breach of consumer protection regulations.
    • Trademark Prosecution and Litigation: Advising various small to large national and international companies on trademark prosecution and litigation.

    M&A Technology/Joint Venture Transactions

    Other

    • Christian assists several representative clients, including Flexera Software, Microsoft, NVIDIA, Mouser Electronics, TTI, and SIG Combibloc.