Contemporary legal advice combines sound specialist knowledge, responsiveness, constant consultation with the client and traditionally good legal craftsmanship - all this characterises Piltz Legal. We are active in the increasingly complex areas of digitisation and data protection law as well as in traditional, in particular international, contract, commercial and business law. IT security is a topic for you? For us too, from a legal point of view.

What does this mean for you? Precise advice and support on individual topics and a portfolio of options for your complex everyday business. We correspond in German, English and Spanish.

Data Protection

GDPR, ePrivacy, BDSG or TTDSG - we support you in fulfilling data protection obligations and find solutions with you.

IT Security

We advise you on the implementation of legal requirements for the protection of company information and (personal) data.

Procurement and
sales of goods,
Supply chains

UN Sales Law/CISG, Incoterms and foreign trade contracts keep us constantly busy.

IT Law

What do you have to pay attention to when using cloud service providers or outsourcing your IT? We support you in IT legal issues.

Law of the

Both the "Internet of Things" and the sale of "digital goods" are familiar legal terrain for us and part of our advisory spectrum.

Commercial and
Distribution Law

Cross-border contracts pose challenges not familiar from national transactions.


We support you in administrative law proceedings and represent your interests towards authorities. Our focus here is on data protection proceedings.

International dispute resolution, arbitration

Promising international prosecution requires prudent preliminary considerations.

Commercial Agent-

Distributors and commercial agents are internationally particularly protected business partners.


The Legal 500 Germany: Dr. Carlo Piltz as leading name in data protection 2024

Once again Dr. Carlo Piltz is included among the leading names in the field of data protection in the latest edition of the Legal 500 Germany.

ECJ ruling on VIN and general aspects of the term 'personal data'

The consequences of the ECJ's decision in Case C-319/22 (also referred to as the ‘Scania case’) of November 9, 2023 will certainly be discussed in the data protection scene for a long time to come. It is already visible that the judgment creates big waves in the automotive industry and related sectors, but also in the data protection community in general. However, it seems doubtable whether this is justified or whether essentially the same aspects as before the decision must be taken into account when clarifying the question of the existence of personal data. In the exact case dealt with by the ECJ, it will first be decided by the Regional Court of Cologne whether the VIN is indeed personal data for vehicle manufacturers and independent operators. The ECJ ruling itself does not yet provide a direct and unambiguous answer

Advocate General at the CJEU: Concerning the appropriateness of technical and organisational measures and compensation for non-material damages in the event of a hacker attack

Advocate General at the Court of Justice of the European Union (CJEU), Giovanni Pitruzzella, published his opinion in case C-340/21 on 27. April 2023 regarding the conditions for compensation for non-material damages and the burden of proof for the appropriateness of technical organizational measures (TOMs) under Art. 32 GDPR in connection with a hacker attack.