Fieldfisher Rechtsanwälte GmbH & Co KG‘s data protection team, led by Philipp Reinisch, continued on its growth trajectory with the arrival in November 2024 of Veronika Wolfbauer, with the team assisting clients in ensuring compliance with GDPR, the DSA and other Austrian and European regulations, in addition to guiding them through their responses to data breaches.

ZEITPULSE Rechtsanwälte GmbH was founded in March 2025, with Thomas Schwab, formerly of ScherbaumSeebacher Rechtsanwälte GmbH, overseeing its nascent data protection team, which assists clients looking to devise and implement GDPR-compliant data protection plans, and also accompanies them through proceedings initiated by the Data Protection Authority.

Baker McKenzie Rechtsanwälte LLP & Co KG is the first port of call for a number of major multinationals across a range of industries, including social media and search engines, when facing data-related challenges. The practice’s members are regulars before the Austrian DPA and courts up to the ECJ on matters stemming from international data transfers and the use of cookies and other data collection methods. Lukas Feiler, who heads the group, leads for clients facing proceedings before courts and regulators, in addition to advising on data protection frameworks including GDPR and other cybersecurity issues. Beat König is also noted for his expertise in data-related disputes, while also assisting clients looking to implement AI systems into their operations.

DORDA Rechtsanwälte GmbH‘s data protection lawyers are frequently appointed data protection officers by their clients, helping them to maintain compliance with a raft of Austrian and European legislation, including the likes of GDPR, NIS2 and DORA, while also marshalling defences for clients accused by the DPA of not handling data correctly. Axel Anderl is particularly well versed in assisting clients with the data protection aspects of IT out- and cloudsourcing matters, also providing expertise on broader cyber-security matters, including NIS2 requirements. Anderl heads the team alongside Nino Tlapak, who is frequently consulted by finance and pharmaceutical clients. Alexandra Ciarnau, who was made counsel in February 2025, covers the data issues that arise in relation to IT and digitalisation projects.

‘Always up to date with new legal developments in the field of data privacy,’ Knyrim Trieb Rechtsanwälte OG is well positioned to advise clients on Austrian and European data protection regulations, in particular GDPR, where the team is frequently tasked with helping clients gain Art. 43 accreditation. Founding partners Rainer Knyrim and Gerald Trieb offer considerable expertise in devising and implementing data protection programmes compliant with GDPR, NIS2, in addition to liaising with the DPA on behalf of its clients.

Wolf Theiss Rechtsanwälte GmbH & Co KG's clients task it with defending their handling of client and customer data before Austria's data protection authority and courts, including cases stemming from alleged GDPR breaches and those occurring in the wake of cyber-security incidents. Practice head Roland Marko takes the lead on such claims, in addition to overseeing mass claim defences in the wake of data breaches. Paulina Pomorski handles a mixed contentious and advisory caseload, notably overseeing data-related internal investigations for her clients, with Johannes Sekanina assisting clients with the implementation of data protection systems.

Cerha Hempel is well versed in assisting clients with the data protection of wider IT projects, including customer apps and the implementation of cloud computing systems, as well as day-to-day data processing matters, in addition to defending its clients’ interests before the Austrian DPA and courts. Heading up the team is Hans Kristoferitsch, whose expertise spans international data transfers, targeted advertising and IT outsourcing issues, while Armin Schwabl frequently carries out data protection impact assessments and supports clients in the event of data breaches. Boris Treml‘s specialisation is in ensuring the GDPR compliance of IT projects.

CMS Reich-Rohrwig Hainz Rechtsanwälte GmbH‘s data protection team is adept at ensuring clients maintain GDPR compliance, in addition to supporting new entrants into the Austrian market bring their data management and protection systems into line with Austrian and European regulations. Practice head Johannes Juranek ‘provides high-quality advice’ on all aspects of GDPR, including in relation to cross-border projects, and is also able to act for clients facing DPA enforcement proceedings. Christina Maria Schwaiger departed the firm in September 2025.

GEISTWERT assists its clients with the cross-border data transfers, helping them to ensure these maintain compliance with Austrian and European regulations, while also leveraging the firm’s IP expertise to take on projects taking place at the intersection of intellectual property and data protection. Beyond its advisory work, the firm is also able to handle proceedings arising out of data transfers, where regulators allege failures to adhere to the appropriate standards. Handling these matters is the firm’s all-partner team, which includes Juliane Messner, Max Mosing, Constantin Kletzer, Alexander Schnider and Rainer Schultes.

Clients facing data-related litigation before the Austrian DPA and courts instruct Schoenherr (Schönherr Rechtsanwälte), including in matters tied to the retention and processing of customer data, with further expertise in ensuring GDPR compliance across companies' pan-European operations and in relation to the rollout of new products. Günther Leissler spearheads the firm's efforts, overseeing clients' cross-border data protection matters, notably advising on the implementation of new database and telecoms systems, in addition to handling GDPR litigation. Janos Böszörmenyi combines expertise in data protection, telecoms and gambling law.

Binder Grösswang assists its clients in staying current with Austrian and European data protection regulations, in addition to helping companies, ranging from start-ups to major players in a variety of industries, enter the Austrian market and bring their data protection strategies into compliance with local requirements. Heading up the team in tandem are Ivo Rungg, a specialist in data matters as they relate to online advertising and the broader e-commerce sector, and Angelika Pallwein-Prettner, a compliance expert with a particular specialism on issues at the intersection of data protection and employment law.

March 2026 saw bpv Hügel strengthen its data protection with the hires of Sabine Fehringer and Stefan Panic, both formerly of DLA Piper Weiss-Tessbach Rechtsanwälte GmbH. Fehringer is noted for her expertise in the data protection aspects of IP/IT transactions, while Panic is called upon for assistance in DPA-initiated proceedings. They join a team led by Sonja Dürager, who guides clients through the implementation of data protection measures and appears for them before the DPA.

In addition to supporting clients in maintaining up-to-date data protection systems, E+H Rechtsanwälte GmbH guides clients through DPA and court proceedings following data breaches and, with the January 2025 arrival of KPMG Law - Buchberger Ettmayer Rechtsanwälte GmbH‘s Hannah Kercz, expanded its capabilities at the interface of data protection and AI. Andreas Zellhofer continues to lead the team, with a practice spanning data protection and IP enforcement. Helmut Liebel is able to assist clients with the data protection challenges linked to IT projects.

Eversheds Sutherland Rechtsanwälte GmbH is noted for its expertise in assisting clients set up and maintain compliant data collection and processing systems, including cookies, and is also well versed in guiding employers through the handling of employees’ data, in addition to advising them in relation to their cyber-security systems. ‘Excellent data protection lawyer’ Michael Röhsner heads up the team, offering expertise on cyber-security regulations including DORA and NIS2, and supporting clients in the event of data breaches.

GRAF ISOLA's data protection team 'always delivers' for clients looking to update their existing data protection systems and adequately manage customer data, and is also tasked with appearing for clients before the DPA and courts where proceedings are brought following data breaches. Heading the team is 'reliable partner' Marija Križanac, whose practice spans both GDPR implementation and data protection litigation at all levels of the Austrian court system, and Ferdinand Graf.

A number of notable pharmaceutical and life sciences companies come to Herbst Kinsky Rechtsanwalte GmbH for advice in relation to their GDPR compliance programmes, as well as on requirements under the Data Act and DSA, among others. Sonja Hebenstreit leads the firm’s data protection offering and is frequently appointed as an external data protection officer, in addition to overseeing clients’ implementation of new data protection and customer data retention systems. Maximilian Kröpfl acts for clients before the DPA and civil courts, and is active at the interface between data protection and AI.

KWR Karasek Wietrzyk Rechtsanwälte GmbH oversees GDPR and broader data protection compliance matters for several clients active across Europe and further afield, with particular expertise in assisting such groups manage employee data. The team is led jointly by Anna Mertinz and Barbara Kuchar. Mertinz is an expert in employment-related data matters, both on a day-to-day data management basis, including contentious matters, and in relation to cross-border projects and transactions, with Kuchar taking the lead on data protection matters with an IP angle.

SAXINGER Rechtsanwalts GmbH is particularly adept at advising start-ups on the implementation of data protection regimes that comply with Austrian and European regulatory regimes, and is also well placed to assist clients that are increasingly utilising AI on the burgeoning data regulations governing its use. The core team includes, Gregor Haidenthaler, a GDPR and IT law expert; Michael Pachinger, who provides further GDPR advice and is also well versed in related IP matters; and Philipp Leitner, who handles matters at the intersection between data protection and AI law.

Taylor Wessing enwc Rechtsanwälte GmbH offers combined advisory and litigious data protection services, helping clients to ensure that their data management programmes remain compliant with Austrian and European guidelines, in addition to representing them in court in the event of data incidents. Andreas Schütz heads up the firm's Austrian and wider CEE data protection group, appearing in cases before the senior Austrian courts and the ECJ, with Christopher Bakier excelling in matters that link data protection and IT regulatory law.

PHH Rechtsanwält:innen GmbH's data protection team is geared towards supporting early stage companies set up data protection structures that comply with Austria and the EU's frameworks, in addition to carrying out the data aspects of due diligence procedures in corporate transactions. Steering the firm's efforts on this front is Stefanie Werinos, who has expertise in advising public health and transport clients on their management of data, with Theresa Karall handling issues tied to international data transfers, the management of employee data, and contentious proceedings; Karall qualified as a certified data protection officer in August 2025.