For operators of critical infrastructures, such as energy suppliers, but also cloud providers, it is imminently clear that IT security also has a legal component. But also for other providers, such as SaaS (Software as a Service), online shops and web portals, it is important that the focus is not only on the technical aspects of IT security and the threat of cybercrime, but also on possible legal consequences and the corresponding risk minimisation.

As a law firm specialising in data protection, IT law and IT security law, Piltz Legal advises and accompanies you both in the analysis, drafting of appropriate security measures and contractual texts and in legal disputes. Moreover, with the corresponding technical and content-related understanding.

Our view is directed in three directions.

Firstly, the regulations vis-à-vis your customers, from the offer to the contracts, data protection declarations to service level agreements and software contracts.

On the other hand, your internal regulations, for example corresponding company guidelines, confidentiality agreements and contracts with subcontractors and IT partners.

And last but not least, legal risk minimisation against attacks by unauthorised third parties and precautions in the event of possible damage.

Our goal: to identify risk factors from a legal perspective and with an understanding of technology and to contribute in the best possible way to safeguarding your business.

  • Review of existing contracts, legal texts and regulations
  • Advice and support for projects
  • Contract offers and customer contracts
  • Support in the creation of IT security guidelines
  • Legal assessment of the legal security requirements applicable to you
  • Internal processing of security breaches
  • Examination of possible reporting obligations to authorities

Your Piltz Legal contacts

Business Lawyer, Counsel
Philipp Quiel, LL.M.
Business Lawyer, Counsel
Philipp Quiel, LL.M.
Lawyer, Senior Associate
Johannes Zwerschke, LL.M.
Lawyer, Senior Associate
Johannes Zwerschke, LL.M.


Advocate General at the CJEU: Concerning the appropriateness of technical and organisational measures and compensation for non-material damages in the event of a hacker attack

Advocate General at the Court of Justice of the European Union (CJEU), Giovanni Pitruzzella, published his opinion in case C-340/21 on 27. April 2023 regarding the conditions for compensation for non-material damages and the burden of proof for the appropriateness of technical organizational measures (TOMs) under Art. 32 GDPR in connection with a hacker attack.

Further expansion of competence in the field of IT security law consulting at Piltz Legal

As part of our consulting strategy, we at Piltz Legal are continuously expanding our expertise in the area of IT security law. When advising our clients, it is important for us not only to provide specialist legal know-how, but also to be able to speak the language of IT.

Awarded once again by the magazine "WirtschaftsWoche"

We are very pleased about the award of the "WirtschaftsWoche" once again.