Dr. Christian Schröder



Read full biography at www.orrick.com

Dr. Christian Schröder heads Orrick's IP/IT & Data Privacy Practice Group in Germany in Orrick’s Düsseldorf Office. Christian advises medium sized (Mittelstand) companies to large multinationals on IP, Unfair and Deceptive Trade Practices, E-Commerce, IT and Data Privacy/Data Protection.

Christian provides IP/IT advice in M&A transactions and advises on IP focused joint ventures. He supports companies on the set-up of webshops, outsourcings, license agreements, in cases of trademark or unfair and deceptive trade practice issues as well as on hard and software license and IT project agreements.

As a core member of Orrick's global Cybersecurity and Data Privacy team, Christian has a special focus on data privacy/data protection matters. In particular, Christian advises on a risk-based approach to privacy, on implementing databases and new software applications, in particular, cloud based solutions. He advises on data privacy contracts, internal data privacy policies, binding corporate rules, user agreements on BYOD, whistleblowing schemes, e-discovery, security breaches, and intra-group data sharing on a national and international basis. He also regularly defends companies against unfair access to their know-how by competitors and against unfair poaching of customers and employees.

Recent Engagements:

Data Privacy / Cybersecurity

  • GDPR Compliance Programs: Advising various mid to large sized multinational companies on GDPR compliance, understanding international data flows, drafting data sharing agreements, setting up compliance structure and privacy-by-design programs, assisting with Privacy Impact Assessments, and revising data privacy policies. Some of these clients are among the worldwide leading technology companies.

  • Connected Cars: Advising global tech companies and car manufacturers on data privacy implications with Connected Cars.

  • International Data Transfer Mechanisms: Developing and implementing enterprise-wide compliance programs, including (online) customer and employee privacy policies, cookie compliance, terms of service, and end user licensing agreements relating to core privacy and related consumer-protection issues.

  • Employee Monitoring and Works Council Agreements: Advising several global companies in connection with the implementation of employee monitoring schemes and cross-border data flows, international transfer (both intra-group transfers and third-party transfers) of employee data from countries outside of Europe to a service provider in Europe (and vice versa) and, developing a global HR data privacy approach; drafting and representing clients in works council agreements relating to the implementation and use of IT applications.

  • Representation before Supervisory Authorities: Representing a global event organizer in supervisory procedures regarding data privacy matters.

  • Vendor Data Processing Agreements: Advising several global tech companies on tailored data processing agreements which include cloud services with various sub-processors.

  • Data Privacy and E-Commerce: Advising several international companies on data privacy and e-commerce law matters, inter alia on using personal data for direct marketing, and collecting and using personal data in the online environment.

  • Travel and Ed-Tech Data Privacy: Advising leading travel and Ed-Tech companies on data privacy issues specific to their businesses.

  • Advising Tech Start-ups on Data Privacy: Advising numerous mid-sized start-ups from the U.S. and Germany regarding IT and data privacy matters, i.e. to develop marketable products and services that align with consumer privacy and data protection principles. Also, drafting privacy policies, terms and conditions, and vendor contracts, as well as evaluating cutting-edge and disruptive technologies and businesses on privacy compliance and consumer protection concepts.

  • Connected Cars: Advising a car manufacturer on connected cars and international data transfers.

  • Cybersecurity and Data Breach Incident Plans: Counseling major computer software companies on Cybersecurity and incident plans.

  • Strategic Cloud Computing Advice: Providing strategic advice to key cloud computing market players in relation to data protection and information security issues.

  • Post-M&A Integration Issues: Integrating a German affiliate into the group's internal data sharing/access schemes and, in this context, conducting challenging negotiations with IT providers and the affiliate's works council (Betriebsrat).

Information Technology

  • IT Licensing: Advising a leading U.S. software manufacturer on its EU and German software licensing terms & conditions and regularly conducting negotiations with its customers.

  • IT Licensing: Advising a U.S. cloud software provider on its German licensing terms & conditions.

  • Software Joint Venture: Advising a leading German market platform on a Joint Venture with a software manufacturer.

Unfair Trade and IP

  • Unfair Trade Practices Litigation: Representing several software and e-commerce companies in unfair competition litigation, e.g. regarding unfair advertising and breach of consumer protection regulations.

  • Trademark Prosecution and Litigation: Advising various small to large national and international companies on trademark prosecution and litigation.

M&A Technology/Joint Venture Transactions


  • Christian assisted several representative clients, including Flexera Software, Microsoft, NVIDIA, Sensata Technologies, and SIG Combibloc.

Posts by: Christian Schröder

Be Prepared Update on EU Employment Data Privacy Laws

Global companies face stricter rules on employee data privacy, in particular when using social media and internal monitoring tools. It also now becomes clearer that many EU Member States will use the opening clause of Art. 88 General Data Protection Regulation (“GDPR”) to re-implement their “old” data privacy laws.

  1. Use of Social Media And Employee Analysis Tools Under GDPR

Recently, the Article 29 Working Party (“WP29”), the expert group of European data protection authorities, published its opinion on the upcoming changes relating to data privacy at the work place. It explains what employers should do for ensuring compliance with the GDPR and provides guidelines for the use of information found on social media platforms – such as Facebook or LinkedIn and for electronic monitoring of employees. READ MORE