Dr Stefanie Hellmich, LL.M.

Dr Stefanie Hellmich specialises in IT and data protection law and the protection of industrial property rights. She advises companies on questions of law related to digitalisation and helps them draft and negotiate contractual and business terms and conditions. In the area of FinTech, this includes, in particular, providing advice on outsourcing projects, cooperation agreements and platforms. In the area of data protection law, Stefanie Hellmich provides comprehensive assistance with implementing the EU General Data Protection Regulation and with data protection compliance issues, including international data transfers.

IP & Copyright Law
Data Protection Law
IT Law
Blockchain & FinTech
Data Protection, Antitrust & Compliance
Digital Infrastructure

Dr Stefanie Hellmich finished her degree at the University of Bielefeld (Germany) in 1994, completed a “Master de Derecho de la Unión Europea” degree at Carlos III University in Madrid (Spain) in 1995, and was admitted to the German Bar in 1998. After working at Deutsche Morgan Grenfell in Sydney (Australia) and at Garrigues Andersen in Madrid, she joined Luther’s predecessor firm in 1998 and has remained with the firm ever since.

• Chambers FinTech Guide 2024: Ranking in "Legal", Band 4 (first ranking in 2021, "She is easy to work with, sticks to deadlines and is pragmatic in her approach.")
• The Legal 500 Germany 2024: Award "Leading Name" in the category "Information Technology - Data Protection" (first award in 2022, first mention in 2021) as well as recommendation in the category "Banking and Finance Law - Fintech" (first mention in 2021, "Very knowledgeable and an expert in the FinTech sector. Always available, even though she is very busy.") and mention in "City Focus - Frankfurt" 
• The Legal 500 Germany 2021: "Next Generation Name" award in the category "Information Technology - Data Protection"
• Best Lawyers 2023: Recommendation in "Data Security and Privacy Law" (first recommendation in 2021) and "Information Technology Law"

• Providing data protection advice to a fibre optic network provider on contracts regarding the development, management and operation of a network, the distribution of Internet service provider connection contracts and network connection contracts
• Drafting terms and conditions for end customers and cooperation partners and outsourcing contracts on behalf of an open banking deposit platform
• Providing ongoing data protection and IT law advice to an online bank in connection with transactions to transfer the deposit and leasing businesses
• Drafting Software-as-a-Service terms and conditions for e-vouchers on behalf of a trading platform
• Drafting Software-as-a-Service terms and conditions on behalf of a provider of hardware-agnostic surgical software
• Advising an internationally operating building material trading company on the introduction of SAP S/4HANA
• Advising an internationally operating steel trading company on the introduction of the new EU standard contractual clauses from June 2021
• Designing the data exchange relationships with OEMs and advising on a hyper ledger-based data exchange project on behalf of an internationally operating data analytics services provider
• Drafting predictive maintenance Software-as-a-Service terms and conditions as part of an Industry 4.0 project
• Providing legal assistance with a data protection impact assessment for a telematics product for a truck fleet
• Advising on the data protection aspects of internal investigations in cases of suspected corruption on behalf of an internationally operating manufacturing company
• Drafting terms and conditions for the use of streaming services on behalf of a German credit institution

• 31.03.2022: Germany: New Ordinance on automated and autonomous vehicles
• 20.01.2022: DS-GVO Bußgelder in der Praxis: Wer muss den Rückgriff fürchten?
• 07.12.2020: EU-Empfehlungen nach 'Schrems II' - Wie lässt sich der inter­na­tio­nale Daten­transfer retten?
• 30.07.2020: First-aid kit for “Schrems II” compliance
• 03.02.2020: Die neuen EBA-Guidelines
• 03.01.2017: DACB GDPR Liability Study
• 09.11.2015: Rechtliche Ansätze zur Steuerung von Markenkommunikation in neuen Medien in Zeiten von Medienkonvergenz und Big Data
• 02.11.2015: Datenschutz bei mobilen Bezahlsystemen
• 01.10.2007: Domains im Agenturgeschäft nach der "grundke.de" Entscheidung
• 01.01.2007: Rechtssicherheit bei der Übermittlung von Fluggastdaten in die USA
• 01.01.2007: "Whistleblowing" – Einführung von Ethik- und Antikorruptionsrichtlinien und Reportingstrukturen
• 01.01.2006: Data Protection in the European Union and other Selected Countries
• 01.12.2004: Leitfaden IT-Recht
• 18.05.2004: Defining the role of the European Data Protection Officer
• 01.01.2002: Location Based Services - Datenschutzrechtliche Anforderungen
• 01.07.2001: Nuevos productos, servicios y canales de distribución: El comercio electrónico en Alemania
• 01.02.2000: Rechtliche Probleme von Online-Auktionen
• 01.10.1999: Überwachung in der Telekommunikation, Haftung und Risiken nach dem neuesten Entwurf einer TKÜV

• Federal Cartel Office launches sector inquiry on messenger services - the next step to a "Super Consumer Protection Authority" in the digital world?
• Strong customer authentication via apps - who takes responsibility for personal data?
• Working from home in times of corona - data privacy requirements

She is a member of the German Association of Law and Informatics (Deutsche Gesellschaft für Recht und Informatik e.V. – DGRI), a co-author of the data protection law commentary Taeger/Gabel, DSGVO BDSG, and frequently publishes articles and gives lectures on topics related to IT and data protection law, for example, on mobile payment systems, usage of AI, data analytics and Big Data in the financial industry, outsourcing in the banking sector, and the implementation of the requirements stipulated in the EU General Data Protection Regulation and the proposed ePrivacy Regulation.

• 25.07.2023: Das Hinweisgeberschutzgesetz aus arbeits- und datenschutzrechtlicher Sicht – Was ist zu tun?“
• 10.11.2022: unyer Webinar I 360 Degree Marketing – Avoiding the Pitfalls
• 21.05.2019: Video Ident und eSigning im Dschungel von eIDAS und DSGVO - Rechtssicher digitale Verträge abschließen, 2. Bankensymposium Digitalisierung & Recht 2019
• 14.11.2018: "Mitarbeiter und ihre Rechte als Betroffene", BVAU- Roadshow "Datenschutz am Arbeitsplatz"
• 12.11.2018: Cloud Strategie und DSGVO - Compliance Herausforderungen, Management Circle Konferenz "Zukunft der Banken"
• 16.10.2018: "Mitarbeiter und ihre Rechte als Betroffene", BVAU- Roadshow "Datenschutz am Arbeitsplatz"
• 18.04.2018: KI, Data Analytics, Big Data und Robo Advice - was gilt es aus rechtlicher Sicht zu beachten?, Management Circle Konferenz "Künstliche Intelligenz in der Finanzbranche", 18. und 19. April Frankfurt am Main
• 21.03.2018: Sind Sie bereit für die EU-DSGVO?, Arbeitsrechtsfrühstück Frankfurt
• 14.03.2018: Sind Sie bereit für die EU-DSGVO?, Arbeitsrechtsfrühstück Frankfurt
• 29.01.2016: Luther FinTech Gespräche im House of Finance, Institute for Law and Finance:
• 11.09.2015: Datenschutz bei Zahlungsdiensteanbietern und mobilen Bezahlsystemen (Mobile Payment), DSRI-Herbstakademie 2015
• 22.05.2014: Data Protection – Challenges for Electronic Communication in Transatlantic Business, Institute for Law and Finance: Joint Conference of ABA and DAJV
• 22.10.2013: IT-Recht kompakt, Management Circle Intensiv-Seminar
• 12.07.2013: IT-Recht kompakt, Management Circle Intensiv-Seminar
• 12.07.2013: IT-Recht kompakt, Management Circle Intensiv-Seminar
• 09.12.2010: Social Web – was ist wirklich dran?, RED Corner
• 18.10.2009: Das neue Datenschutzrecht im Arbeitsverhältnis, Unternehmensgespräch zum Datenschutz