Looking for IT law expertise?
You are right here.

I support you in analyzing, designing and implementing your IT products, IT projects, IT contracts and digital transformation.

Here you will find an overview in English. You are welcome to use Google Translate to read all pages in another language.

Norman Baeuerle

Accredited Advocate
Wirtschaftsjurist (University Bayreuth) 

  • Highly specialized in IT law for companies
  • Interdisciplinary network of IT experts – we speak a common language
  • Certified knowledge and many years of experience in data protection and information security management and as an accredited evaluator for an european privacy seal
  • Over 10 years‘ experience as an external data protection officer
  • National and international clients of all sizes
  • Managing partner of a data protection consulting company

Certifications & Accreditations

  • Certified data protection officer (GDDcert. EU)
  • Accredited EuroPriSe Legal Expert (2014 to 2023): Evaluator of IT products and IT-based services for the data protection seal of approval, later „pre-evaluator“ (Maturity Assessment).
  • Recognized T.I.S.P. trainer of the IT Security Association Germany (TeleTrusT): modules IT security law, business aspects of IT security and awareness
  • Certified Information Privacy Technologist (CIPT, iapp)
  • Information security officer based on ISO 27001 & BSIIT basic protection with TÜV Rheinland-certified qualification
  • COBIT Practitioner (ISACA)

Lectures & Seminars

  • Trainer for prospective information security officers (since 2015)
  • Trainer for prospective TeleTrusT Information Security Professionals (T.I.S.P.) (since 2019)
  • Lecturer for IT law at the Berlin International University of Applied Sciences (2020 to 2023)
  • Lecturer for digital trnsformation law at the DHBW Lörrach (since 2024)


  • Spokesman of the Working Group for IT Law of the Berlin Bar Association (2014 to 2018)
  • IT Law Working Group in the German Bar Association (davit)
  • International Association of Privacy Professionals (iapp)
  • German-American Lawyers’ Association (DAJV)

I support your company regarding IT law.

Legal areas:

  • IT law: data protection law, information security law, data compliance, digital transformation, AI
  • Ancillary legal areas: Industrial property rights and IT employment law

Privacy by Design

Take technical and legal requirements for your products, services and applications into account right from the development stage.

Data Protection Law

Identify and appropriately address company-specific data protection requirements.

Information Security Law

Recognize and classify safety obligations in a timely manner, for example in healthcare and for KRITIS operators.

IT contract design

Taking into account the dynamics and particular risks of information technologies.

IT-Outsourcing & Cloud Computing

to identify risks and treat them in good time.

Website and online store check

Identifies legal violations and makes recommendations to minimize risks.

Please contact me for a free initial consultation where we discuss how I can support you.

info@datenundrecht.com | +49 7621 585853-0

Contact details

Rechtsanwalt Norman Bäuerle
Pestalozzistr. 29
79540 Lörrach

Telefon: +49 7621 585853-0
E-Mail: info@datenundrecht.com


Rechtsanwalt Norman Bäuerle
Pestalozzistr. 29
79540 Lörrach

Phone: +49 7621 585853-0
E-mail: info@datenundrecht.com

VAT ID No.: DE 294 509 526

I am admitted as a lawyer in the Federal Republic of Germany and a member of the Freiburg Bar Association.

Professional regulations, which can be found on the website of the Federal Chamber of Lawyers, among others:

  • Federal Lawyers‘ Act (BRAO)
  • Professional Code of Conduct for Lawyers (BORA)
  • Law on the remuneration of lawyers (RVG)
  • Specialist lawyer regulations (FAO)

My professional liability insurer as a lawyer:

R+V Allgemeine Versicherung AG
Raiffeisenplatz 1
65189 Wiesbaden

Territorial scope: Activities in the member states of the EU

EU platform for out-of-court online dispute resolution: http://ec.europa.eu/consumers/odr/ 

Privacy notice

Below you will find information

  • on the processing of your personal data when you visit this website and
  • your rights as a data subject,

as provided for under the General Data Protection Regulation (GDPR), among others. The text of the GDPR can be found on the European Union website linked here.

If you do not know what certain terms such as „personal data“ and „controller“ mean, you can find definitions in Article 4 GDPR.

Please do not hesitate to contact me if you have any questions (info@datenundrecht.com).

Controller and processor

The controller responsible for data processing on this website is Norman Bäuerle (info@datenundrecht.com). Further contact details can be found in the imprint.

As web hoster, IONOS SE processes the data on my behalf and in accordance with my instructions for the purposes stated below. The requirements of Art. 28 GDPR are fulfilled.

Data processing

No cookies or other technologies that store data on your end device are used.

Data is not transferred to countries outside the European Union (EU).

Processing of usage data

The following data is collected from website visitors

  • Referrer (previously visited website)
  • Requested website or file
  • Browser type and browser version
  • Operating system used
  • Type of device used
  • Time of access
  • IP address in anonymised form

The visitor’s IP address is transmitted when the page is accessed, anonymised directly after collection and processed without personal reference only to determine the location of access.

The data is collected on the basis of the following legitimate interests (Art. 6 para. 1 lit. f GDPR)

  • Ensuring the security and stability of the website
  • Statistical evaluation
  • Technical optimisation of the website

The data is stored for 8 weeks.

Processing of communication data

If you contact me as part of an existing contractual relationship or contact me in advance for information about my range of services, the data and information you provide will be processed for the purpose of processing and responding to your enquiry in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR (legal basis). In addition, to protect my legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR to answer the enquiry properly.

The data you enter in the contact form will remain with me until the purpose for data processing no longer applies (e.g. after your enquiry has been processed). Mandatory legal provisions – in particular retention periods – may lead to a longer storage period.

Your rights

You can request the following from me:

  • Information about your data processed by me (Art. 15 GDPR)
  • the immediate correction of incorrect data or the completion of your data stored by me (Art. 16 GDPR)
  • the erasure of your data stored by me (Art. 17 GDPR)
  • the restriction of the processing of your data if the accuracy of the data is disputed by you or the processing is unlawful (Art. 18 GDPR)
  • to receive your data that you have provided to us in a structured, commonly used and machine-readable format or to have it transmitted to another controller („data portability“)
  • to object to the processing if the processing is based on Art. 6 para. 1 sentence 1 lit. f GDPR (Art. 21 GDPR)
  • revoke consent to data processing at any time with effect for the future (Art. 7 para. 3 GDPR)
  • complain to a data protection supervisory authority about the processing of your personal data (Art. 77 GDPR), for example to the data protection supervisory authority responsible for me: The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (contact information)