Stefan Hessel

Attorney-at-law | LL.M.
Head of Digital Business

Master of Laws (Information Technology and Law)
Certified Data Protection Officer (TÜV®)
Certified ISMS Security Officer according to ISO/IEC 27001 (ICO)
Certified ISMS Auditor according to ISO/IEC 27001 (ICO)

Expertise

Advises and assists clients on complex issues in the field of data protection, cyber security and IT law
Act as an external data protection officer
Expert in the field of cyber security and data protection law (e.g. as an expert witness on the law on autonomous driving in the Bundestag)
Technical and legal analysis of attacks on IT systems and the impact of cyber attacks
Speaker and lecturer on issues at the interface of IT security and law, e.g. at the German University of Administrative Sciences Speyer

Career

Studied law at Saarland University
Master of Laws (LL.M.) in “Information Technology and Law” at Saarland University
Worked as research employee e.g. at the CISPA Helmholtz Center for Information Security and Saarland University’s Institute of Legal Informatics
Self-employed activity as data protection officer
Member of the Board and Treasurer of Deutscher EDV-Gerichtstag e.V.
Currently: dissertation on legal questions in the field of IT and data protection law

Current projects (extract)

Data protection support for the use of Microsoft 365 by companies and public authorities
Support and implementation of data protection requirements for new business models
Expansion of legal capabilities for dealing with cyberattacks in companies (legal incident response)

Latest Events

AI Cybersecurity

05/2025

Cybersecurity Data protection

Digital Products and the European Market

Philipp Reusch Christina Kiefer

LocationWebinar

Date16.07.2025

AI AI-Act

04/2025

Cybersecurity Data protection

Navigating the EU AI Act across the Supply Chain

Philipp Reusch Christina Kiefer

LocationWebinar

Date28.05.2025

Latest News

AI AI-Act

01/2025

Cybersecurity Data protection

AI expertise in accordance with the EU AI Act

Stefan Hessel Christina Kiefer

data access Data Act

12/2024

Cybersecurity Data protection

Data Act: New requirements for networked products and services

Stefan Hessel Christina Kiefer

AI Microsoft

08/2024

Cybersecurity Data protection

Use services like Microsoft Copilot and Azure AI in compliance with the law

Stefan Hessel Christoph Callewaert Jeanne Dillschneider

Article (co authors Potel, K; Töpper H.; Vietze, L.) in 'DuD - Datenschutz und Datensicherheit', Vol. 47, 2023, beginning on p. 440: "Datenschutz bei Hinweisgebersystemen", publisher: Springer Gabler: Wiesbaden
Article (co author Christina Kiefer) in 'RDi - Recht digital', Issue 6/2023, p. 282: "Der Abschlussbericht der Datenschutzkonferenz zu Microsoft 365 – eine kritische Bewertung", publisher: C.H. Beck oHG: Munich
Article (co author Moritz Schneider) in 'NVwZ - Neue Zeitschrift für Verwaltungsrecht', Issue 10/2023, p. 717: "Produktwarnungen durch das Bundesamt für Sicherheit in der Informationstechnik", publisher: C.H. Beck oHG: Munich
Article (co author Christoph Callewaert) in 'Digital sicher in eine nachhaltige Zukunft - Tagungsband zum BSI-Kongress 2023', beginning on p. 189: "Die geplante EU-Verordnung für einen Cyber Resilience Act – Worauf müssen sich Unternehmen einstellen?", publisher: SecuMedia Verlags-GmbH: Ingelheim
Article in 'ZdiW - Zeitschrift für das Recht der digitalen Wirtschaft', Issue 2, February/2023, beginning on p. 57, "»Scraping« und die DSGVO", publisher: Wolters Kluwe Germany
Commentary on §§ 8b, 8c BSIG sowie der §§ 165-169 TKG in 'Recht der Informationssicherheit', 2023, publisher: C.H. Beck: Munich
Article (co author Christoph Callewaert) in 'K&R - Kommunikation & Recht', vol. 25, December 2022, beginning on p. 789: "Der Cyber Resilience Act der EU-Kommission", publisher: dfv Mediengruppe: Frankfurt a. M.
Article (co author Christoph Callewaert) in 'LogR - Logistik & Recht', Vol. 1, December 2022, beginning on p. 52: "Datenschutzkonformes GPS-Tracking in der Logistik – Ein Leitfaden für die Praxis", publisher: dfv Mediengruppe: Frankfurt a. M.
Article (co author Christoph Callewaert) in 'Der Betrieb', Issue 44/2022, beginning on p. 2589: "Das aktuelle und zukünftige Cybersicherheitsrecht der EU – Die wesentlichen Pflichten für Unternehmen und deren praktische Umsetzung", publisher: Fachmedien Otto Schmidt KG: Düsseldorf
Article (co authors Leffer, L.; Potel, K.) in 'ZD - Zeitschrift für Datenschutz', Issue 10/2022, p. 537: "Datengetriebene Geschäftsmodelle", publisher: C.H.BECK oHG: Munich
Article (co author Maximilian Leicht) in 'DuD - Datenschutz und Datensicherheit', 05/2022, beginning on p. 305: "Datenschutzrechtliche Verantwortlichkeit in der Forschung - Zum Spannungsverhältnis zwischen der Forschungsfreiheit und der DSGVO", publisher: Springer Fachmedien Wiesbaden GmbH: Wiesbaden

Award

2024: Recognised by WirtschaftsWoche as one of the ‘most renowned lawyers’ for IT

back to team site

Ste­fan Hessel

Attorney-at-law | LL.M.Head of Digital Business

Exper­ti­se

Care­er

Cur­rent pro­jects (extra­ct)

Latest Events

Digi­tal Pro­ducts and the Euro­pean Market

Navi­ga­ting the EU AI Act across the Sup­p­ly Chain

Latest News

AI exper­ti­se in accordance with the EU AI Act

Data Act: New requi­re­ments for net­work­ed pro­ducts and services

Use ser­vices like Micro­soft Copi­lot and Azu­re AI in com­pli­ance with the law

Publications (selection)

Award

Stay up-to-date

Stefan Hessel

Attorney-at-law | LL.M.
Head of Digital Business

Expertise

Career

Current projects (extract)

Digital Products and the European Market

Navigating the EU AI Act across the Supply Chain

AI expertise in accordance with the EU AI Act

Data Act: New requirements for networked products and services

Use services like Microsoft Copilot and Azure AI in compliance with the law