Skip to content

Dr Ulrich Baumgartner



Dr Ulrich Baumgartner



Dr Ulrich Baumgartner heads the German Data Protection Practice as partner from Allen & Overy’s Munich office. He has been providing clients with specialist advice on German and European data protection law, as well as cloud-related and IT law, for more than 16 years.

The Handelsblatt Research Institute and German periodical WirtschaftsWoche recently named him as one of the most esteemed data protection lawyers in Germany, with German law magazine JUVE describing him as an “extremely in-demand adviser” in early 2020. In the latest survey of more than 800 in house lawyers conducted by the Federal Association of In House Lawyers (Bundesverband der Unternehmensjuristen; BUJ) in the context of its "Law Firm Monitor" (“Kanzleimonitor”), Ulrich Baumgartner ranked among the top three most frequently recommended experts for data protection law. Having completed numerous long-term assignments in the legal departments of various clients, he also understands in-house perspective.

Ulrich Baumgartner advises companies not only in respect of GDPR compliance, but also supports them in using data to generate profit and to implement data-driven business models in a legally compliant manner. He also has many years of experience in working with data protection authorities and defending his clients in investigative and administrative fine proceedings.

Ulrich Baumgartner frequently publishes on the latest issues concerning data-protection law and holds regular presentations within the framework of the BUJ's "Digital Legal Counsel" course, at the C.H.Beck Akademie and at numerous other events. He is author of the first comprehensive handbook on legal questions relating to mobile apps, and co-author of various reference volumes on data protection law, including the leading German commentary on the GDPR edited by Ehmann/Selmayr. As Country Leader of the International Association of Privacy Professionals (IAPP), he manages their activities in Germany. Ulrich Baumgartner is a Certified Information Privacy Professional (CIPP-EU/GDPR) and conducts CIPP/E certification training sessions on behalf of IAPP.

News & insights

Publications: 25 SEPTEMBER 2020

Covid–19 coronavirus update: an overview of European Commission State aid decisions (updated 25 Sept 2020)

Under State aid rules, UK and EEA Member State governments may not generally provide selective assistance to businesses without prior approval from the European Commission (EC). This includes…

Read more
Computer hardware

Publications: 29 MAY 2020

Active user consent is required, while previously practiced opt-out mechanisms are unlawful

On 28 May 2020, the German Federal Court of Justice (Bundesgerichtshof; BGH) issued its decision in the Planet49 case that had previously been referred to and decided on by the Court of Justice of the…

Read more

Publications: 18 MARCH 2020

Digital transformation

Digital transformation, built on IT cornerstones of cloud, mobile, social and big data, is affecting all industries. 

Read more

Publications: 28 JANUARY 2020

Data monetisation: checklist of the key contractual considerations

Many businesses are contracting with a range of data and AI providers to deliver their data monetisation strategies. But do you have a playbook for these contractual arrangements? Are your contracts…

Read more



Data Protection





Allen & Overy LLP
Maximilianstraße 35
80539 Munich

View office →

Published work

Books and Book Contributions (Selections)

  • "General Data Protection Regulation (GDPR)" ("Datenschutz-Grundverordnung: DS-GVO"), Ehmann / Selmayr, C.H.Beck-Verlag 2nd edition 2018 (Commentary on Articles 25, 35 and 36 GDPR)
  • "Apps and Law" ("Apps und Recht"), Ulrich Baumgartner/Konstantin Ewald, C.H.Beck-Verlag, 2nd edition 2016
  • "Protecting data and personality rights in work relationships" ("Daten- und Persönlichkeitsschutz im Arbeitsverhältnis"), Practical handbook for employee data protection
  • Weth/Herberger/Wächter/Sorge, C.H.BECK.-Verlag, 2nd edition 2019 (Chapter on "Telephone, internet and e-mail use, including private use" ("Telefon-, Internet- und E-Mail-Nutzung, einschließlich Privatnutzung")
  • "The new General Data Protection Regulation; Practical Handbook" ("Die neue Datenschutz-Grundverordnung – Praxishandbuch"), Eds.: Moos/Schefzig/Arning, De Gruyter Verlag, 2018 (Chapter on protecting staff data))
  • "Contracts on data use and data protection" ("Datennutzungs- und Datenschutzverträge"), Eds.: Moos, Dr. Otto Schmidt Verlag, 2nd edition 2018 (Chapter on social media monitoring agreements) 

Journals (Selections)

  • "The in-house data protection officer – best practices and unanswered questions" ("Der betriebliche Datenschutzbeauftragte - Best Practices und offene Fragen"), ZD 2019
  • "German Act to Strengthen Fair Competition" ("Gesetz zur Stärkung des fairen Wettbewerbs"), MMR, 2018
  • "Issuing warnings on breaches of GDPR" ("Abmahnungen von DS-GVO Verstößen"), ZD 2018
  • "Data protection by design and by default – What companies need to bear in mind in the context of the GDPR" ("Datenschutz durch Technikgestaltung und datenschutzfreundliche Voreinstellungen – Was Unternehmen jetzt nach der DS-GVO beachten müssen"), ZD 2017
  • "Using pseudonyms under the GDPR" ("Pseudonymisierung in der DS-GVO"), Datenschutz PRAXIS 4/2017
  • "Guidelines or legally binding rules? Information issued by data protection authorities" ("Guidelines oder rechtlich verbindliche Regeln? Orientierungshilfen der Datenschutzbehörden"), Datenschutz PRAXIS 1/2017"The General Data Protection Regulation impacts business models" ("Die Datenschutz-Grundverordnung greift in Geschäftsmodelle ein"), Immobilien Zeitung 26.05.2017, issue no. 21/2017 

Presentations (Selections)

  • "Online Marketing and Law" ("Online Marketing und Recht"); BeckAkademie seminars, Frankfurt, 17 December 2019
  • "EU GDPR Best Practices" ("Best Practice EU-DSGVO"), BeckAkademie seminars, Munich, 4 December 2019
  • "Moderation of a panel comprising representatives of regulatory bodies" ("Moderation eines Panels mit Vertretern von Aufsichtsbehörden"), IAPP Europe Data Protection Congress 2019, Brussels, 19 November 2019
  • "BUJ certified Digital Legal Counsel" ("BUJ certified Digital Legal Counsel"), diruj Deutsches Institut für Rechtsabteilungen und Unternehmensjuristen GmbH (German Institute for Legal Departments and In-house Counsel), Berlin, 15 November 2019
  • "Cloud Computing", BeckAkademie seminars, Frankfurt am Main, 14 November 2019
  • "EU GDPR Best Practices" ("Best Practice EU-DSGVO"), BeckAkademie seminars, Hamburg, 8 November 2019
  • "IAPP CIPP/E training", IAPP (International Association of Privacy Professionals), Munich, 14 October 2019
  • "EU GDPR Best Practices" ("Best Practice EU-DSGVO"), BeckAkademie seminars, Frankfurt am Main, 9 July 2019
  • "EU GDPR Best Practices" ("Best Practice EU-DSGVO"), BeckAkademie seminars, Berlin, 31 May 2019
  • "EU GDPR Best Practices" ("Best Practice EU-DSGVO"), BeckAkademie seminars, Cologne, 19 April 2019
  • "Cloud Computing", BeckAkademie seminars, Munich, 2 April 2019
  • "Online Marketing and Law" ("Online Marketing und Recht"); BeckAkademie seminars, Munich, 28 March 2019
  • "IAPP CIPP/E training", IAPP (International Association of Privacy Professionals), Munich, 18 March 2019
  • "EU GDPR Best Practices" ("Best Practice EU-DSGVO"), BeckAkademie seminars, Munich, 26 February 2019
  • "EU General Data Protection Regulation (GDPR) advanced training on practical implementation – Regulatory authority guidelines" ("Vertiefung EU-Datenschutzgrundverordnung (DS-GVO) Umsetzung in der Praxis - Leitlinien der Aufsichtsbehörden"), BeckAkademie seminars, Cologne, 11 December 2018