Stefan Hessel
Attorney-at-law | LL.M.
Head of Digital Business
Master of Laws (Information Technology and Law)
Certified Data Protection Officer (TÜV®)
Certified ISMS Security Officer according to ISO/IEC 27001 (ICO)
Certified ISMS Auditor according to ISO/IEC 27001 (ICO)
Expertise
- Advises and assists clients on complex issues in the field of data protection, cyber security and IT law
- Act as an external data protection officer
- Expert in the field of cyber security and data protection law (e.g. as an expert witness on the law on autonomous driving in the Bundestag)
- Technical and legal analysis of attacks on IT systems and the impact of cyber attacks
- Speaker and lecturer on issues at the interface of IT security and law, e.g. at the German University of Administrative Sciences Speyer
Career
- Studied law at Saarland University
- Master of Laws (LL.M.) in “Information Technology and Law” at Saarland University
- Worked as research employee e.g. at the CISPA Helmholtz Center for Information Security and Saarland University’s Institute of Legal Informatics
- Self-employed activity as data protection officer
- Member of the Board and Treasurer of Deutscher EDV-Gerichtstag e.V.
- Currently: dissertation on legal questions in the field of IT and data protection law
Current projects (extract)
- Data protection support for the use of Microsoft 365 by companies and public authorities
- Support and implementation of data protection requirements for new business models
- Expansion of legal capabilities for dealing with cyberattacks in companies (legal incident response)
Publications (selection)
- Cybersicherheit als Risiko und Governance-Pflicht (trans. „Cybersecurity as a risk and governance obligation“) ($), Zeitschrift für Corporate Governance, starting p. 11
- Umsetzung der NIS-2-Richtlinie in Deutschland – Mehr Cybersicherheit für Unternehmen (trans. "Implementation of the NIS 2 Directive in Germany – Greater cyber security for businesses") (with Moritz Schneider) ($), beck-online, 05.01.2026
- Zwischen Cloud und Kontrolle - Datenschutz und digitale Souveränität bei Microsoft 365 (trans. "Between the cloud and control – data protection and digital sovereignty with Microsoft 365") (with Christina Ziegler-Kiefer and Moritz Schneider), Kommunikation & Recht 12/2025, starting p. 755
- Perspektive: Souveräne US-Clouds für Europa? (trans. „Perspective: Sovereign US clouds for Europe?") (with Moritz Schneider) ($), iX Magazin, 25.08.2025, starting p. 10
- Cybersicherheit für Hochrisiko-KI-Systeme (trans. "Cybersecurity for high-risk AI systems") (with Luka Prgomet) ($), ZfPC 2025, starting p. 106
- Datenschutz und Cybersicherheit von medizinischen Produkten (trans. „Data protection and cybersecurity for medical products“) (with Christina Ziegler-Kiefer and Jeanne Dillschneider), DuD – Datenschutz und Datensicherheit, 03/2025, starting p. 181
- Cyber Resilience Act – von der Theorie zur Praxis (trans. „Cyber Resilience Act – from theory to practice“) (with Christina Ziegler-Kiefer and Annika Mischler) ($), Phi Haftpflicht international – Recht & Versicherung, 02/2025, starting p. 66
- Kurswechsel im Digitalrecht (trans. „Change of course in digital law“) , NJW Aktuell – Neue Juristische Wochenschrift, issue 2025/10, 27.02.2025
- Cybersecurity Compliance ($), in: Marly, Jochen (Begr.), Bomhard, David/Schreiber, Kristina (Ed.), Praxishandbuch Softwarerecht, 8. edition, Muenchen 2024
- Beck’scher online commentary Produktrecht (trans. "Product law“) ($), (Ed.) Reusch, Philipp/Kipker, Dennis-Kenji, Muenchen, 2. Ed. 2025, §§ 1, 4, 9, 12, 14, 17 – 19, 23, 37 FuAG (with Matthias Flieger)
Award
- 2025: Recognised as a leading lawyer in data protection in Kanzleimonitor.de 2025/2026
- 2025: Recognised by Handelsblatt in the category ‘Germany's best lawyers – Ones to Watch’ in the field of data protection law
- 2025: Recognised by Best Lawyers, LLC. ‘Best Lawyers: Ones to Watch in Germany (2026 Edition)’ in the field of ‘Data Security and Privacy Law’
- 2024: Recognised by WirtschaftsWoche as one of the ‘most renowned lawyers’ for IT