Why bytelaw

Need a lawyer who speaks the language of technology? Our law firm combines legal expertise with in-depth technical understanding. We offer tailored solutions for legal challenges in the digital world – your partner for law and technology in Germany and worldwide.

Need a lawyer who speaks the language of technology? Our law firm combines legal expertise with in-depth technical understanding. We offer tailored solutions for legal challenges in the digital world – your partner for law and technology in Germany and worldwide.

Data Protection Officer

We are pleased to offer our assistance as an external data protection officer, ensuring the efficient fulfillment of your data protection obligations and providing utmost protection for your company.

Data Protection

We can provide professional assistance as your external data protection officer, efficiently fulfilling your data protection obligations and safeguarding your company in the best possible way.

IT-Contracts

We are pleased to provide reliable assistance in advising and drafting IT contracts, to establish a legally secure foundation for your business relationships.

Breach Counsel

We offer reliable 24/7 support for IT security incidents ("Incident Response") such as data breaches and ransomware attacks, as well as provide guidance on risk assessment and communication with authorities, insurance companies, and customers.

Cybercrime

As experts in IT criminal law, we represent your interests as victims or defenders of data-related crimes, including phishing attacks. We also support existing defense teams with our technical expertise.

IT-Forensic

ByteLaw assists you in the legal assessment of IT forensic incidents, particularly from the perspective of criminal and civil law.

IT Regulation

We support you with our expertise in the implementation of NIS-2, DORA, the Cyber Resilience Act and in questions relating to BAIT and VAIT.

Artificial Intelligence

We provide consultation on the implementation of AI technologies and support you in meeting ethical and regulatory requirements.

Employee Data Protection

We support you with our expertise in negotiating works agreements, implementing modern tools for the HR department (e.g., active sourcing), drafting employee policies and training your staff.

Data Protection Officer

We are pleased to offer our assistance as an external data protection officer, ensuring the efficient fulfillment of your data protection obligations and providing utmost protection for your company.

Data Protection

We can provide professional assistance as your external data protection officer, efficiently fulfilling your data protection obligations and safeguarding your company in the best possible way.

IT-Contracts

We are pleased to provide reliable assistance in advising and drafting IT contracts, to establish a legally secure foundation for your business relationships.

Breach Counsel

We offer reliable 24/7 support for IT security incidents ("Incident Response") such as data breaches and ransomware attacks, as well as provide guidance on risk assessment and communication with authorities, insurance companies, and customers.

Cybercrime

As experts in IT criminal law, we represent your interests as victims or defenders of data-related crimes, including phishing attacks. We also support existing defense teams with our technical expertise.

IT-Forensic

ByteLaw assists you in the legal assessment of IT forensic incidents, particularly from the perspective of criminal and civil law.

IT-Regulation

Unleash the full potential of emerging technologies like blockchain with our expertise and personalized consultation to optimize your business processes.

Artificial Intelligence

We provide consultation on the implementation of AI technologies and support you in meeting ethical and regulatory requirements.

Employee Data Protection

We support you with our expertise in negotiating works agreements, implementing modern tools for the HR department (e.g., active sourcing), drafting employee policies and training your staff.

News

The Law Firm

ByteLaw is an internationally operating law firm combining renowned IT and data protection experts. Our lawyers provide legal excellence together with technical expertise to provide you with comprehensive guidance. We efficiently leverage our extensive legal and industrial experience to your advantage. Our clients range from international corporations to public and medium-sized clients, as well as startups.

ByteLaw is an internationally operating law firm combining renowned IT and data protection experts.
Our lawyers provide legal excellence together with technical expertise to provide you with comprehensive guidance.
We efficiently leverage our extensive legal and industrial experience to your advantage.
Our clients range from international corporations to public and medium-sized clients, as well as startups.

ByteLaw is an internationally operating law firm combining renowned IT and data protection experts.
Our lawyers provide legal excellence together with technical expertise to provide you with comprehensive guidance.
We efficiently leverage our extensive legal and industrial experience to your advantage.
Our clients range from international corporations to public and medium-sized clients, as well as startups.

The Team

Bernhard Veeck

My name is Bernhard Veeck, I am Attorney at Law and Partner at ByteLaw. Since 2005, I have been advising national and international companies in the fields of IT, electronics, software, logistics and media, from medium-sized businesses to international corporations.

My work includes representing companies in negotiations, in court, vis-à-vis regulatory authorities and the press. One focus of my work is on the diverse issues related to the implementation of new technologies in the context of digitalization as well as technology regulation and media and copyright law.

My activities range from drafting contracts and reviewing product compliance to representing clients in and out of court when defending industrial property rights to their products.

Another focus of my work is data protection law. As a certified data protection officer since 2010, I advise national and international companies, authorities and associations on regulatory obligations and the introduction of new technologies. In doing so, I also consider all issues within the scope of co-determination law. I have acquired my technical expertise in this field through several years of work in an international IT and telecommunications company in Germany and abroad.

In the area of data protection law, I also regularly advise and represent clients in IT security incidents and data breaches. My advice includes dealing with reporting obligations, authorities, media and affected parties, as well as representation in proceedings for damages or administrative offenses.

As a further focus of my work, I have also conducted mass proceedings on several occasions in damage claims proceedings due to data protection breaches involving legaltech companies.

As a speaker, lecturer, and seminar leader, I have been active in IT and media companies, public authorities, and further specialized and higher education institutions over the past 15 years. I am co-author of a commentary on data protection law as well as various specialist publications and interview partners.

Within the Working Group for Intellectual Property and Media Law of the German Bar Association DAV e.V., I chair the Frankfurt regional group and am one of the founding members of the Frankfurt Data Protection Circle.

Puplications:
● Der EuGH zum relativen Personenbezug – Eine richtungsweisende Entscheidung mit einer Inkonsequenz,  Veeck, Stepanova, LL.M. (Berkeley), DATENSCHUTZ-BERATER, 12/2023, S.300 ff.
● Abtretbarkeit des immateriellen Schadensersatzanspruchs aus Art. 82 Abs. 1 DS-GVO, Bernhard Veeck, Olga Stepanova, ZD – Zeitschrift für Datenschutz, 6/2023, S. 317 ff.
● Datenschutzverstöße (Schadenberechnung nach der DS-GVO), in: StichwortKommentar Schadenrecht, Jochen Link, Ass. jur. Rüdiger Balke und Frank Pardey, Nomos-Verlag, 1. Aufl. 2023

Olga Stepanova

My name is Olga Stepanova, I am Attorney at Law and Partner at ByteLaw. As a specialist in information technology law and a specialist in intellectual property law, I advise in data protection, IT law and all legal issues related to digitalization.

With extensive expertise in IT contract law, including software development and software transfer agreements, as well as regarding data protection issues arising out of the General Data Protection Regulation, I assist companies with data protection compliance and advise on app development, particularly in the banking, tech and healthcare sectors.

My clients are international corporations, traditional medium-sized companies, public-sector clients and non-profit organizations.

In addition to my work as a lawyer, I am an expert examiner at the German Accreditation Body (DAkkS) for various standards. I audit accredited bodies on behalf of the Federal Republic of Germany in the areas of anti-corruption management systems (ISO 37001), compliance management systems (ISO 37301), IT service management (ISO 20000), quality management systems (ISO 9001) and business continuity management systems (ISO 22301).

I completed my studies at the Westphalian Wilhelms University in Münster and my legal clerkship at the District Court in Dortmund, which I completed in 2016 with the second state law exam. In 2022, I obtained a master’s degree at the University of California, Berkeley, with the additional qualification “Law and Tech Certificate”.

Before co-founding ByteLaw, I was a practice group leader at WINHELLER and also worked for Arnecke Sibeth. In the field of data protection law, I was named “Lawyer of the Year” in 2021 and 2022 by the business newspaper Handelsblatt and the US publisher Best Lawyers.

Publications:

● Abtretbarkeit des immateriellen Schadensersatzansprüchen aus Art. 82 Abs. 1 DS-GVO, Bernhard Veeck, Olga Stepanova, ZD – Zeitschrift für Datenschutz, 6/2023, p. 317 et seq.

● Fining Practice of CNIL and German Supervisory Authorities, Olga Stepanova and Florian Groothuis, DuD – Datenschutz und Datensicherheit – Springer Verlag, 295-298 (2023).

● Digitization projects in the association, Nomos Verlagsgesellschaft, SpoPrax 2023, 46 – Jan. 23, 2023.

● Data Protection in Insolvency Proceedings, Olga Stepanova and Amélia Munchetty Chendriah, AnwZert HaGesR, 1/2023, note 2.

● Datenschutzverstoß (Schadenberechnung nach der DS-GVO), in: StichwortKommentar Schadenrecht, Jochen Link, Ass. jur. Rüdiger Balke und Frank Pardey, Nomos-Verlag, 1. ed. 2023

● The Privacy, Data Protection and Cybersecurity Law Review – Chapter 13 – Germany, Olga Stepanova and Patricia Jechel, Law Business Research, pp. 204-212, 9th ed. 2022.

● Comment on the Decision of the Wiesbaden Administrative Court: Gratwanderung zwischen Datenschutz- und Insolvenzrecht, Olga Stepanova and Patricia Jechel, RDi – Recht digital, 9/2022, pp. 408ff.

● Corporate law classification of decentralized autonomous organizations (DAO), Olga Stepanova, AnwZert HaGesR, juris/DeutscheAnwaltAkademie, 17/2022, note 1.

● “Fruit of the poisonous tree” doctrine in data protection?, Jörn Erbguth and Olga Stepanova, ZD – Zeitschrift für Datenschutz, 5/2022, pp. 249ff.

● The Privacy, Data Protection and Cybersecurity Law Review – Chapter 11 – Germany, Olga Stepanova and Patricia Jechel, Law Business Research, pp. 173-181, 8th ed. 2021.

● Fines under the GDPR – Association Liability or Legal Entity Liability?, Olga Stepanova, AnwZert HaGesR, juris/DeutscheAnwaltAkademie, 20/2021, p. 7ff.

● Data Protection Law Requirements for a Shareholder’s Right to Information, Olga Stepanova, AnwZert HaGesR, juris/DeutscheAnwaltAkademie,18/2021, p. 4ff.

● § 140-148 AO E. Data Protection; Legal Forms for Nonprofit Organizations – Association Annex Data Protection, Olga Stepanova, in: Gesamtes Gemeinnützigkeitsrecht, Stefan Winheller, Stefan Geibel und Monika Jachmann-Michel, Nomos-Verlag, 2nd ed. 2020.

● Data Localization Principle in Russia – Obstacle to Free Data Exchange with the EU?, Olga Stepanova and Florian Groothuis, ZD – Zeitschrift für Datenschutz, 6/2020, pp. 291ff.

● The Privacy, Data Protection and Cybersecurity Law Review – Chapter 13 – Germany, Olga Stepanova and Julius Feldmann, Law Business Research, pp. 195-205, 7th ed. 2020.

● General Meetings – new challenges due to the GDPR, Olga Stepanova, AnwZert HaGesR, juris/DeutscheAnwaltAkademie, 10/2020, note 2.

● Data Unions: A Solution to the Consent Dilemma?, Jörn Erbguth, Olga Stepanova and Andreas Diehl, Legal Revolutionary, 18.05.2020, pp. 145ff.

● Crowdlending, consumer protection and tokens: The “savedroid” case as a missed opportunity for judicial further development of the law, Olga Stepanova, Recht innovativ, 01/2020, p. 18ff.

● DIN SPEC 4997 – Privacy by Blockchain Design: A standardized procedure for the processing of personal data using blockchain technology, Beuth Verlag, 04/2020.

● Data Protection Law Influences in M&A Transactions, Olga Stepanova, AnwZert HaGesR, juris/DeutscheAnwaltAkademie, 1/2020, note 2.

● The Privacy, Data Protection and Cybersecurity Law Review – Chapter 12 – Germany, Olga Stepanova and Florian Groothuis, Law Business Research, pp. 180-188, 6th edition 2019.

● Right of withdrawal when trading cryptocurrencies, Benjamin Kirschbaum and Olga Stepanova, BKR – Zeitschrift für Bank- und Kapitalmarktrecht, 6/2019, p. 286ff.

● The Privacy, Data Protection and Cybersecurity Law Review – Chapter 11 – Germany, Olga Stepanova, Law Business Research, pp. 146-153, 5th edition 2018.

Dirk Koch

My name is Dirk Koch, I am Attorney at Law and Partner at ByteLaw.  I work in the areas of IT security and data protection. My particular expertise lies in the combination of technical knowledge and legal competence, which enables me to act as a translator between these two worlds.

In addition to my legal training, I hold a technical qualification, rare as a lawyer, as a Certified Ethical Hacker (CEHv11). This certification allows me to thoroughly and accurately analyze IT security issues and potential data breaches from a technical perspective, which I incorporate into the legal assessment.

In addition to the Ethical Hacker certification, I am also qualified as a certified data protection expert (CIPP/E). This has given me an in-depth understanding of European data protection laws and practices. I am able to apply this knowledge to practical IT security issues and support companies in both their compliance work and contracting.

My legal career began at Goethe University in Frankfurt am Main, where I studied law. After my legal clerkship in Wiesbaden, I obtained my second state law exam and admission to the bar in Frankfurt am Main in 2017. Currently, I am also a lecturer at the University of Bamberg, where I pass on my knowledge and experience in the field of IT security and data protection to the next generation of lawyers.

My experience also extends to management and crisis management. As co-founder and managing director of Feuer Software GmbH, I developed entrepreneurial thinking and gained a realistic view of the challenges and risks in the IT industry. My work as deputy city fire chief in the Eschborn volunteer fire department has given me crisis management skills and helps me make quick decisions in difficult situations.

I leverage this blend of legal and technical expertise, combined with my management experience and crisis management skills, as a Breach Counselor. I navigate complex IT security and privacy issues, translate technical matters into legal context, and effectively assist organizations in addressing security breaches. My knowledge is also put to use in the area of criminal law when representing victims.

I am available to assist you with your legal concerns in the area of IT security, data protection and cyber security.

Patricia Jechel

My name is Patricia Jechel and I am an Attorney at Law at ByteLaw. My focus is on IT and Data Protection Law. In the realm of E-commerce, I assist platform operators, marketplaces, and online shops in adhering to legal requirements such as information obligations and creating necessary legal texts. Additionally, I support companies in examining and drafting General Terms and Conditions, IT contracts, and data protection-related agreements.

My qualification as a TÜV-certified external data protection officer benefits companies, as I provide guidance to medium-sized enterprises and start-ups on building a data protection concept. I offer advisory services and address data protection-related queries during the development of new projects or the implementation of new programs.

Furthermore, I also offer counsel in the field of Intellectual Property. The development and protection of trademarks as well as the drafting of licensing agreements are central to my practice.

I studied law at Johann Wolfgang Goethe University in Frankfurt am Main. Subsequently, I completed my legal clerkship at the Wiesbaden District Court. Simultaneously, I worked as a research assistant in the field of Industrial Property Rights at Brehm & v. Moers law firm, based in Frankfurt am Main. Afterwards, I worked as an Attorney at Law for several years at an internationally oriented medium-sized law firm in Frankfurt.

• The Privacy, Data Protection and Cybersecurity Law Review – Chapter 13 – Germany, Olga Stepanova und Patricia Jechel, Law Business Research, S. 204–212, 9. Auflage 2022

• Anmerkung zur Entscheidung des VG Wiesbaden: Gratwanderung zwischen Datenschutz- und Insolvenzrecht, Olga Stepanova und Patricia Jechel, RDi – Recht digital, 9/2022, S. 408ff.

• The Privacy, Data Protection and Cybersecurity Law Review – Chapter 11 – Germany, Olga Stepanova und Patricia Jechel, Law Business Research, S. 173–181, 8. Auflage 2021

Florian Groothuis

My name is Florian Groothuis and I am an Attorney at Law at ByteLaw. My practice focuses on advising companies in all areas of IT law, particularly in German and European data protection law, as well as with disruptive technologies.

As a TÜV-certified external data protection officer with extensive experience, I guide clients in the examination and implementation of necessary data protection documentation. In the private and public health sectors, I also provide advice on the compliant handling of health data, particularly in the field of research. With my emphasis on labor law, I assist companies with all matters concerning employee data protection and support them in creating employee policies and works agreements. Another area of consultancy, encompassing various fields, is assessing the data protection compliance of applications based on new technologies such as blockchain or artificial intelligence.

During my master’s studies in IT law, I advised start-ups in the field of e-commerce, particularly in implementing national and European consumer protection regulations, as well as ensuring legally sound General Terms and Conditions. As a legal contact, I accompany companies throughout IT projects and create and review IT-related contractual agreements, including software development contracts.

I studied law at Justus Liebig University Giessen and am currently working on my Ph.D. on a comparative data protection topic dealing with the purpose limitation principle. After completing my master’s studies in IT law at the University of Tartu in Estonia, I completed my legal clerkship at the Frankfurt am Main District Court. During my studies and legal clerkship, I worked as a research assistant in the field of IT law at mid-sized law firms in Frankfurt am Main and Tallinn.

Publications:

  • CNIL and German supervisory authorities’ fine practices, Stepanova/Groothuis, DuD 2023, pp. 295 – 298
  • Digitalization projects in associations, Stepanova/Groothuis, SpoPrax 2023, pp. 46 – 50
  • Data localization principle in Russia, Stepanova/Groothuis, ZD 2020, pp. 291 – 295
  • The long and winding road of digital distribution. Or: why the ECJ’s UsedSoft decision is of no use to keysellers, Lober/Klein/Groothuis, IELR 7/2018, pp. 44 – 51