Jan Spittka is a Partner in the Düsseldorf office with extensive experience in contentious and non-contentious data privacy and cybersecurity advice for clients.
Jan is a Partner in the Data Protection & Privacy team in our Düsseldorf office since July 2021. He is among Germany’s leading data privacy and cybersecurity lawyers and advises clients on contentious and non-contentious data-related issues.
Jan supports clients on all aspects of German and European law relating to privacy and data protection, cybersecurity and information technology. He has a special focus on complex data-related issues like introduction of new technologies, international data transfers, cloud computing projects, processing of health and other sensitive data, ePrivacy and data breach handling. Jan has been involved in a significant number of leading data and cyber breach cases, internal investigations, supervisory authority investigations and fining procedures as well as GDPR litigation cases. A particular and long-term focus of his work is advising on privacy and data protection as well as IT security requirements in the insurance sector.
Jan is also (co-) author of more than 50 publications on data privacy and cybersecurity and contributor to one of the standard commentaries on the GDPR and the German Federal Data Protection Act. He also wrote the first comprehensive chapter on the impact of the GDPR and German cybersecurity legislation on the insurance sector.
In 2022, Jan has been awarded “Lawyer of the Year” for data security & privacy law by Handelsblatt in cooperation with Best Lawyers® and included in the 2022 edition of WirtschaftsWoche’s selection of Germany’s top lawyers in data protection law. Furthermore he has been selected a winner in the privacy & data protection category at IFLR’s 2021 EMEA Rising Stars Awards.
“Top Lawyer” for Data Protection & Security
WirtschaftsWoche 2022
“Lawyer of the Year” for Data Security & Privacy
Handelsblatt/Best Lawyers® 2022
Experience
Defending a German telecommunication service provider in a multi-million Euro GDPR fining procedure
Defending a German telecommunication service and utility provider against comprehensive data subject access request
Coordination of defence against data protection authorities throughout the EU in global data reach and ransomware attack
Defending German car manufacturer against GDPR data erasure claims by former employee
Coordination of comprehensive GDPR compliance project for German car manufacturer
Coordination of global ePrivacy project for German car manufacturer
Assisting German car manufacturer with optimization of data breach detection and notification organization
Assisting global insurance company with data breach handling notification
Defending global insurance company in data protection authority investigation
GDPR localization project for Germany for a globally operating bank