Robert Niedermeier


Robert Niedermeier

Attorney-at-law CIPP/E CIPT CIPM

Since 1990, Robert Niedermeier has been working as an attorney-at-law, a counsellor and an external data protection officer. He works on issues of legal, technical and organizational matters with respect to data protection and IT security. As a member of the board of directors of the European Institute for Computer Anti-Virus Research (EICAR) he debates with the IT security industry on current legal issues as an interface role for information technology.

Projects / Track Record

  • Since 1991 external data protection officer, company data protection officer in medium and large-sized corporations, especially IT, software, healthcare, music industry, postal service and logistics
  • Practices as a data protection officer in Sweden, France, The Netherlands, Austria, Switzerland and Germany
  • Processor-BCRs for Europe
  • Data protection official at a German energy company
  • Data protection official at a German energy company
  • Data protection official at a publishing company
  • Regulation of liability for IT security in an airline company
  • Global deployment of homogeneous IT security structures (content security information manual)
  • Developing and implementing an IT data security concept for an airport
  • Data protection counsellor for a TV network

Professional organizations

  • The German Association for Data Protection and Data Security (
  • IAPP-International Association of Privacy Professionals
  • Eicar – European Institute for Computer Anti-Virus Research (
  • Trusted Contact Europe Strategic Defense Alliance SL (Military IT-Security)

Professional qualification

  • CIPT Certified International Privacy Professional / Information Technology
  • CIPP/E Certified International Privacy Professional / Europe
  • CIPM Certified International Privacy Manager
  • Attorney-at-Law; Key aspects: Data Protection and Data Security, Cyberlaw
  • Data Protection Officer at the DPAs of Sweden, France, The Netherlands, Austria, Switzerland, UK and Germany
Area of work | Expertise

Practice areas

  • Data privacy, data and information security
  • Information technology projects
  • E- and M-Commerce
  • IT and multimedia law
  • Cybercrime / computer criminal law

Technical knowledge

  • 20 years of experience in all operating systems (MS-DOS, UNIX, Apple, Android, Windows, IBM and corresponding computer languages)
  • Developing and implementing IT security concepts
  • Project supervisor for IT projects
  • Emergency management for IT projects
  • Emergency center for computer virus cases


German, English, French

Professional education

  • 1985-1990 Completion of law school at the University of Munich
  • 1991   Bar Exam, Attorney-at-Law, Munich

Professional experience

  • 1990 Traineeship with the representative of the German Industry and Trade, Washington D.C., USA
  • 1991 – 1998 Schiessl Schrank & Peter Law Firm, Munich, Germany, Attorney-at-Law
  • 1998 – July 2000 Heuking Kühn Lüer Heussen Wojtek Law Firm, Munich, Germany, Partner, Attorney-at-Law w since August 2000 Heussen Law Firm (former PricewaterhouseCoopers Veltins Law Firm), Of Counsel (???), Attorney-at-Law


See Google under ”RA Robert Niedermeier“ for numerous presentations and publications

  • Publisher and author of “IT Contracts on CD-Rom” (“EDV-Verträge auf CD-Rom”), “100 IT Framework Contracts” (”100 EDV-Musterverträge“), 2001
  • “Asset Tracking – explosive data protection topic” (”Asset Tracking – datenschutzrechtlicher Zündstoff“), Computer und Recht, 4/ 2002
  • “Actions against Attacks on the Company Network” (“Maßnahmen gegen Angriffe auf das Unternehmensnetzwerk“), Protect News 1/ 2002
  • “Application Service Providing and Data Protection” (“Application Service Providing und Datenschutz“), Recht der Datenverarbeitung, 5/ 2001
  • “The Homogeneous IT Security Structure” (“Die “Homogene Datenschutzzelle”), Recht der Datenverarbeitung, Issue 2/ 2001
  • “There are strict rules for e-mail scanning” (“Fürs E-Mail-Scanning gelten strenge Regeln“), Network World, März 2001

  • “Copyrights infringement through links“ (“Urheberrechtsverstoß durch Links“), Computerpartner 35/01
  • “Only tame cookies allowed” (“Nur zahme Cookies sind erlaubt”), Computer Reseller News 12, März 2001
  • “Cloning of operating systems and its legal issues” (“Rechtsprobleme beim Cloning von Betriebssystemen”), Computer Reseller News 11, März 2001
  • Application Hosting, Computer Reseller News, Heft 11/2000
  • “Cybercourt: Arbitration and Mediation procedures online“ (“Cybercourt: Schieds- und Schlichtungsverfahren im Internet”), Kommunikation & Recht, Heft 9, September 2000
  • ”Data Mining, Target Group Analysis“ (“Data-Mining: Zielgruppenanalyse”), E-Business Magazin, Edition 01/2000
  • “Legal questions on the cloning of operating systems“ (“Rechtsfragen zum Clonen von Betriebssystemen”), Computer & Recht, Issue 12/1999



  • Legal Aspects of Content Scanning, VIST, Neustadt
  • Consumer Data and Profiles, Data Protection Aspects, BAW (Bayerische Akademie für Werbung), Munich
  • IT Outsourcing, 2 Day Seminar, Euroforum, Bad Homburg
  • IT Risk Management and Legal Act for Control and Transparency in Companies, Euroforum Seminar, Munich
  • The SAP Project Contract, Euroforum Seminar, Munich


  • Computer Viruses: Legal Questions and Criminal Liability, EuroForum Conference, Munich
  • Computer Viruses and Product Liability, EICAR-Conference 2002, Berlin
  • European Cybercrime Initiative, Telecoms Crime-Conference, London, England
  • Data Protection for E-Mail and Internet Usage in Companies, Frankfurt am Main


  • Data Protection for Electronic Marketing, BAW (Bayerische Akademie für Werbung), Munich
  • Data Protection in the Internet Security Zone, Viccon, Karlsruhe
  • Anti-Hacking, Management-Forum Conference, Frankfurt am Main/Munich
  • Revision of the German Federal Data Protection Act, international Framework Conditions, VIST, Neustadt
  • How to implement a ”Dynamic IT Security and Privacy Manual“, EICAR-Conference 2001, Munich
  • ASP – Application Service Providing, Euroforum Deutschland GmbH, Munich

IT Projects

  • Developing and implementing data protection structures/manuals (Content Security Information Manual) for a German energy company, for a multinational bank
  • Developing and implementing a dynamic data protection and IT security manual (DDPM) for a multinational software company, for a multinational life insurance company, for a big hospital, for a multinational publishing company, for an international online-company in the field of online medicine (Norway, Switzerland, Eastern Europe)

Practice in detail

  • Structuring and rollout of data protection in companies
  • Development IT security concepts
  • Implementing IT security structure manuals (ITSSM)

Other projects

  • Member of the board of directors for United Systems AG
  • Member of the board of directors for EICAR (European Institute for Computer Anti-Virus Research)
  • Chairman of the Task Force (EICAR) for European Cybercrime Initiative
  • German Society for Law and IT (DGRI)
  • Eco e.V. E-Commerce Union
  • German IT Court Day e.V.
  • GDD German Society for Data Protection and Data Security e.V.

Start typing and press Enter to search