Dr. Matthias Lachenmann

Attorney at law, Partner

Dr. Matthias Lachenmann has been a partner at BHO Legal since April 2019. He specializes in advising on technology and data protection law, in particular with a focus on international group data protection, employee data protection and industry 4.0. Due to his industry focus on digital business/marketing, fashion and manufacturing companies, he primarily advises on data protection aspects such as IoT, AI, autonomous systems and DSGVO implementation and enforcement. His clients are international corporations (in Fortune 500 and Fortune 2000), German medium-sized companies with a global focus and data-driven SMEs.

Dr. Lachenmann was admitted to the bar in 2011 and previously worked for the Bonn-based employment and data protection law boutique Pauly & Partner and as data protection officer (UDISzert) at DPA Drewes Privacy Advice GmbH. He studied law in Augsburg, completed his training in Frankfurt a.M. and Milan and received his doctorate under Prof. Dr. Jürgen Taeger at the University of Oldenburg on “Data Transmission within the Group”. He regularly lectures on data protection law at (inter)national conferences and training courses, e.g. at the CodeBlue conference in Tokyo 2019. He is also a lecturer in the training of data protection officers at UDIS gGmbH and in the training of specialist lawyers for IT and labour law at the publishing house Dr. Otto Schmidt. He publishes continuously on data protection and is known nationwide as the editor of the “Formularhandbuch Datenschutzrecht” (form manual on data protection law) at the publishing house C.H. Beck.


  • 2015
    Doctor iuris (summa cum laude)
  • 2011
    Degree in German Law (2nd State Exam), Wiesbaden, Germany
  • 2008
    Degree in German Law (1st State Exam) , University of Augsburg, Germany

Work experience:

  • Present
    Attorney-at-law and Partner at BHO Legal and Data Protection Officer (UDISzert)
  • 2015 - 2019
    Attorney-at-law at law at Pauly & Partner and Data Protection Officer (UDISzert)
  • 2011 - 2015
    Self emlployed attorney at law and PhD


  • German
  • English
  • Italian

Publications (selection):

• Formularhandbuch Datenschutzrecht, 3rd edition, C. H. Beck 2018 (with Ansgar Koreng; planned for 2020).
• Formularhandbuch Datenschutzrecht Law, 2nd edition, C. H. Beck 2018 (with Ansgar Koreng).
• Formularhandbuch Datenschutzrecht, C. H. Beck 2015 (with Ansgar Koreng).
• Data transmission within the group, dissertation, 2016, OlWIR Verlag.
Book contributions
• Chapter in: Koreng/Lachenmann (Ed.), Formularhandbuch Datenschutzrecht, 2. aufl. 2018, C. H. Beck: 1st “Accountability”; 2nd “Informationspflichten bei Erhebung von personenbezogenen Daten” (Data Protection Declarations); 3rd Comparison and Guideline for Contract Data Processing (with Sebastian Schwiering); 4th Edition (in German); 3rd Edition (in German) “Confidentiality agreement for service contracts” (with Jörg Jaenichen/Sebastian Schwiering); 5th “Joint data controller”; 6th “Video surveillance on company premises”; 7th “Advertisement mailing/newsletter” (with Frederike Rehker).
• Chapter in: Besgen/Prinz (ed.), Handbuch Internet.Arbeitsrecht, 4th edition 2018: 1. Beschäftigtendatenschutz.
• Chapter in: Koreng/Lachenmann (Ed.), Formularhandbuch Datenschutzrecht, C. H. Beck 2015: 1. “Confidentiality Agreement / NDA” (with Jörg Jaenichen); 2. “Contract data processing in the company”; 3. “Video surveillance on company premises”; 4. “Data protection information and consents”; 5. “Data protection in e-commerce and TMG”.
• Chapter in: Solmecke/Taeger/Feldmann (ed.), Mobile Apps – Rechtsfragen und rechtliche Rahmenbedingungen, De Gruyter 2013 (see external information page): 1. “Involved persons and contractual relationships”; 2. “App developer contracts” (with Christian Solmecke); 3. “End customer contracts”.
Technical essays
• Statement of the German data protection supervisory authorities on Internet tracking, ZD-Aktuell 06643 (with Diana Ettig).
• Brexit and data protection: immediate measures for companies, ZD-Aktuell 2019, 06442 (with Kevin Leibold).
• Inspection catalogues of the supervisory authorities for the implementation of the DSGVO specifications, ZD-Aktuell 2019, 06419 (with Kevin Leibold).
• The data protection rights of employees according to the DSGVO, AE 2018, Issue 3.
• Bodycams: Use by private security services, in: Taeger (Ed.), Conference Proceedings Herbstakademie 2018 = DuD 2018, p. 777.
• BGH: Inadmissibility of a dashcam in road traffic, ZD-Aktuell 2018, 06137 (with Olga Schulz).
• The new regulation of employee data protection by the Basic Data Protection Ordinance, AE 2018, 1.
• Use of Bodycams by police officers – Legal requirements and technical measures for the use of miniature cameras, NVwZ 2017, 1424.
• New requirements for video surveillance – A critical examination of the new regulations on video surveillance in the DSGVO and the BDSG n. F., ZD 2017, 407.
• Smart Groups – Smart Transfers! – Group data transmission in the Basic Data Protection Regulation, in: Taeger (ed.), conference proceedings DSRI Autumn Academy 2016, OlWIR-Verlag 2016.
• The End of the Rule of Law Due to the Spatial Affair of the Secret Services – Conference Proceedings Assistant Conference on Public Law, Nomos Verlag 2015, p. 95 = DÖV 2016, p. 501-511.
• No right of co-determination with camera dummies, NZA 2015, pp. 591-595 (with Markus Lang).
• Mobile Apps: Development and retail contracts, ITRB 2015, p. 99-100.
• Die Zulässigkeit von Videoüberwachung – eine Systematisierung der aktuellen BGH-Rechtsprechung, in: Taeger, Jürgen (Ed.), Big Data & Co – Conference Proceedings DSRI Autumn Academy 2014, p. 391-406 (available at Beck Online under p. 395).
• VG Ansbach: Privacy inadmissibility of Dash-Cams, ZD-Aktuell 2014, 04300 (with Sebastian Schwiering).
• Data protection law (in)permissibility of the operation of video cameras in passenger cars, NZV 2014, pp. 291-297 (with Sebastian Schwiering).
• Collection of personal data when accessing websites, ZD 2014, p. 133 (with Oliver Stiemerling).
• Illegal offer of a stream converter – but no general inadmissibility, MMR-Aktuell 2013, 352345 = MMR 1/2014, p. VIII (with Fabian Janisch).
• Development contracts for mobile apps – Formulation proposals for contract design, ITRB 2013, pp. 190-195.
• Conversion of music video streams into audio files – An analysis from the perspective of German copyright law, MMR 2013, pp. 213-216 (with Fabian Janisch).
Judgement notes
• Commentary on BVerwG, judgment of 27.03.2019 – 6 C 2.18 – Video surveillance in the medical practice, ZD 2019.
• Commentary on OLG Frankfurt a.M., judgment of 17.12.2015 – 6 U 30/15 – Consent to advertising, MMR 2016, 245.
• Commentary on AG Nienburg, judgement of 20.1.2015 – 4 Ds 155/14 – Criminal law usability of Dashcam recordings, CR 2015, pp. 402-403 (with Sebastian Schwiering).
• Commentary on ECJ, Judgment of 11.12.2014 – C-212/13 – Interpretation of private and personal activities, ZD 2015, pp. 79-80.
• Summary and commentary on OVG Lüneburg, judgment of 29.9.2014 – Ref. 11 LC 114/13 – Video surveillance in office buildings, ITRB 2014, pp. 273-274.
• Commentary on OLG Düsseldorf, judgment of 5.12.2013 – I-5 U 135/12 – Compensation claim for termination of contract for work and services, MMR 2014, 521-525.
• Comment to LG Hamburg, Resolution of 25.4.2013 – 310 O 144/13 – JDownloader2, CR 2013, p. 547-548 (with Fabian Janisch).
• Commentary on LG Frankfurt, judgment of 6.6.2013 – Ref. 2-24 O 246/12 – AppStore-AGB (Samsung), K&R 2013, p. 505-506.
Short texts
• Data transfers between the EU and Japan: an introduction to the EU’s adequacy decision on Japan, Linkedin Blog, https://www.linkedin.com/pulse/data-transfers-between-eu-japan-introduction-eus-lachenmann/
• One year DSGVO – a first balance, SuS 2019.
• Data protection in purchasing: Experiences with the DSGVO, Newsdienst MBI – Einkäufer im Markt, 2019.
• The first birthday of the DSGVO – experiences in purchasing, CEBRA.biz 03_19.
• The new age of data protection has begun – experiences and recommendations for the DSGVO, AgrB (Agrarbetrieb) 2018, p. 344 (with Wolfgang Walchner).
• New data protection rules secure individual personality rights, Umwelt Aktuell 2018, p. 29 (with Markus Giese).
• Uniform European regulation of fundraising? – On the permissibility of advertising measures according to the EU-DSGVO, SuS 2016, pp. 36-37.
• Data protection: Time to act – The new data protection law requires a rethinking of foundations and associations, SuS 2016, pp. 32-33.
• Mobile Apps: Development and retail contracts, ITRB 2015, p. 99-100.