Tim Faulhaber


Tim Faulhaber


Tim Faulhaber is specialized in answering legal questions with respect to the IT industry and high-tech sector. He operated as a freelancer in the IT sector for many years and has well-founded technical know-how. Attorney-at-law Faulhaber is a registered external data protection officer in the high-tech industry and regularly participates at IT events and conferences as a speaker.

Projects / Track Record

  • Assessment of an e-mail archiving solution for an internet host and a premium sports club with respect to audit proof archiving
  • Assessment of a conversation-recording solution for a software company within the scope of legal valid purposes
  • Creation of an IT security concept for a ground control centre in the satellite industry
  • Creation of an overall IT security concept for a distant selling merchant (online, internet and other telemedia and telecommunication channels)
  • Creation of an IT security handbook for various IT-related companies
  • Dynamic data protection manual created for Europe’s largest heart- and diabetes centre in the course of its KTQ-certification (German cooperation for transparency and quality in health care)
  • Substitute to the data protection officer of the German affiliate of an international pharmaceutical enterprise
  • Evaluation of data transfers, data protection consulting services in the course of the integration of an international hardware and software enterprise with an internationally leading software enterprise. Support to the external data protection officer
  • Data protection consulting services regarding the data privacy compliant design of IT systems; creating data privacy evaluations for the workers council and management
  • Data protection consulting for a cloud project in the energy industry
  • Creation of licensing agreements, general terms and conditions and framework contracts for a company in the software industry
  • Data privacy training of all employees of an international hardware and software enterprise at all its German locations
  • Data privacy training of the IT personnel of a supreme court
  • Data privacy training of the management and the employees of a professional association with public authority
  • Data privacy and IT security seminars and events, training of data protection officers and the head of IT

Professional organizations

  • Bayrische Datanschutz Gesellschaft – Bavarian Data Protection Society (founding Member)
  • Deutscher Anwaltsverein – German Lawyers Association

Professional qualification

  • Attorney-at-Law; Key aspects: Data Protection and Data Security, IT-Security Law, Cyberlaw, Data Protection Officer
  • Data Protection Officer at the DPA of Germany
Area of work | Expertise

Fields of Activity

  • IT security
  • Data privacy
  • Legal management and guidance of IT projects
  • E- and M-Commerce
  • IT and multimedia law

Technical Experience

  • 15 years of professional experience in all common operating systems (MS-DOS / Linux / Windows / OS/2)
  • Design and implementation of networking concepts
  • Independent IT consultant


German, English, French

Professional education

  • Legal studies at the Ludwig-Maximilian University, Munich (LMU)
  • In-service trainee at the Higher Regional Court of Munich
  • 2007 admission to the bar

Professional Experience

  • Since 2007 consultant for IT law and data protection
  • Since 2007 freelance work for attorney-at-law Robert Niedermeier, Heussen Law Firm, Munich
  • Since 2007 cooperation with the law firm Emrich, Schötz und Partner GbR – Anwälte und Steuerberater
  • Since 2007 independent attorney-at-law in Munich with focus on IT and data privacy law and IT security and IT compliance consultation services


  • KES 5/2009, “Our obligation – Information Security also requires quality management“ (“In der Pflicht – Auch die Informations-Sicherheit (ISi) braucht ein Qualitätsmanagement”)
  • IT Security Act 10/2008 “Responsibilities in the case of Managed Security Services” (“Verantwortlichkeiten bei Managed Security Services“)
  • LANLine 2/2008, (Use of E-Mails in Creative Enterprises“, (“E-Mail-Einsatz in Kreativunternehmen“)

  • 2007 all-about-security.de, “Guide to the Criminal Law Amendment Act for the Fight against Computer Crime“, (“Leitfaden zum Strafrechts-Änderungs-Gesetz zur Bekämpfung der Computer-Kriminalität“)
  • Solutions for Business 2/2013, “Legal Pitfalls in the Concept: “Bring Your Own Device” (”Rechtliche Fallstricke beim Konzept ”Bring Your Own Device“”)
  • Guideline for pro-active IT security 7/2013
Conferences | Seminars


  • Management Forum Starnberg 2007
  • Managed Security Forum 2008 – Euroforum
  • Virus Information Security Conference (VIST)
  • IT-Security Congress – ”IT-Secuta“
  • Information Security Conference 2010
  • Keynote on the CRM Forum – IT & Business Stuttgart, October 2013
  • Midrange Events 2012 and 2013
  • LanLine Techforum 2012 and 2013
  • Special day at the 2nd VDI Expert Conference ”Industrial IT Security 2014“ –
  • 1st IT Security Day at the DLR Forum, Institute of Space Propulsion, Lampoldshausen on 08.10.2014


  • 2008 Lecture for lawyers for the revision safe archiving of e-mails within the scope of electronic court and administration mailboxes. (EGVP)
  • Various seminars on current topics of IT security, data privacy, IT compliance and IT law; cooperation with CBT-Training and Consulting in Munich (for a detailed overview please visit http://www.cbt-training.de/Seminare/Informationssicherheit-Security-Recht-DS.html

Start typing and press Enter to search