Partner
Anna Cardillo
Anna is a trusted advisor to companies and public authorities on data protection and information security law. She is specialized in strategic advice, conflict resolution and digital transformation, earning recognition as a Top Lawyer for Data Protection Law by Wirtschaftswoche in 2023 and 2024.
Partner
Anna Cardillo
Anna is a trusted advisor to companies and public authorities on data protection and information security law. She is specialized in strategic advice, conflict resolution and digital transformation, earning recognition as a Top Lawyer for Data Protection Law by Wirtschaftswoche in 2023 and 2024.
Additional Qualification
- Business Coach
- Data Protection Auditor
- Data Protection Officer
- Consultant for Data Protection Management Systems
Vita (short)
- Studies of Laws at the University of Hamburg, Germany, completed with the first state examination (Erstes Staatsexamen)
- Member of the management board of a Hamburg-based property developer
- Legal clerkship in Hamburg
- Admission to the bar since 2003 as a lawyer and practicing since then
- Managing partner of PrivCom Datenschutz GmbH in Hamburg
- Certificate in Specialist Lawyer Course in Information Technology Law
- In 2018, founding of Anna Cardillo Management Consulting in Berlin, which provides external data protection officers and external data protection managers, supports the implementation of data protection management systems, coaches and trains data protection officers, conducts data protection audits and organises data protection training courses
Focus
- Anna has been advising companies and public authorities on data protection and information security law since 2006. Her focus is on strategic advice. Anna specialises in resolving conflicts and supporting the implementation and enforcement of digital processes. Clients benefit from Anna’s leadership experience, business orientation and additional training as a business coach. She is a regular speaker, podcast and interview guest and publishes in legal journals, commentaries and handbooks, particularly on topics at the intersection of information security and data protection. She is also a lecturer at the University of Bamberg as the Chair of Privacy and Security in Information Systems. Anna advises clients in German, English and Turkish.
- In 2023 and 2024, Anna, along with other colleagues, was awarded the title of Top Lawyer for Data Protection Law 2023 and 2024 by a leading German weekly Business news magazine (“Wirtschaftswoche”).
Publications (excerpt)
- 2024
-
in: Auer-Reinsdorff/Conrad (Hrsg.), C.H. Beck Verlag, Handbuch IT- und Datenschutzrecht, 4. ed., in the process of publication (publication in German language; co-authorship)
- 2024
-
Data protection control of suppliers |ISO/IEC 27001-certificate – errors and chances, in: Sowa (ed.), Springer Fachmedien, IT-Prüfung, Datenschutzmanagement und KI-Audit. Neue Ansätze für die Arbeit der IT-Revision, in the process of publication (publication in German language; co-authorship)
- 2024
-
SDM-cube for lawyers, DuD 2024, im Erscheinen (publication in German language; co-authorship with Martin Rost)
- 2023
-
Coordinated investigation on position and tasks of DPOs, Datenschutz-Berater, 2023, 142-145 (publication in German language; co-authorship with Guido Hansch, Wolfgang Lehna and Heiko Markus Roth)
- 2021
-
ISO/IEC 27001 certificate: How can porcessors score with controllers?, Datenschutz-Berater 2021, 38-41 (publication in German language; co-authorship with Andreas Bethke)
- 2021
-
ICO fine against Marriott: PCI DSS and still not safe?, Datenschutz-Berater, 2021, 104-107 (publication in German language; co-authorship with Manuel Atug)
- 2021
-
The „non-negotiable“ main body of ISO/IEC 27001 and ist meaning for data protection, Datenschutz-Berater 2020, 273-276 (publication in German language; co-authorship with Andreas Bethke)
- 2020
-
ISO/IEC 27001 certificate: Sufficien guarantees of the processorwithin the meaning of Art. 28 para. 1 of the GDPR?, Datenschutz-Berater 2020, 200-202 (publication in German language)
- 2017
-
Guidelines 10010 for the structured data protection management, VdS Schadenverhütung GmbH, 2017, Verlag (publication in German language; co-authorship)
Talks (excerpt)
- 2024
-
14th NRW IT Law Day: AI, Data Law, and Interactions with GDPR, organized by the Cologne Lawyers’ Association
- 2024
-
Data Protection Conference Düsseldorf (Data Protection Advisor) 2024: Security? Absent! How Data Processors Fail to Provide Proof
- 2024
-
German Lawyers’ Day: Employee Data Protection and International Data Transfers in Corporations
- 2024
-
BvD Autumn Conference: Legitimacy of Logging – A Look at Data Protection in IT
- 2023
-
12th Frankfurt IT Law Day: Information Protection Act and the implications for data protection law
Podcasts / Interviews
- 2023
-
Stiftung Datenschutz: Webinar Datenschutz am Mittag, 23.5.2023: “Spannungsfall(e) Datenschutzbeauftragte” – Anna Cardillo und Daniela Will, available under: https://stiftungdatenschutz.org/veranstaltungen/unsere-veranstaltungen-detailansicht/spannungsfall-datenschutzbeauftragte-388
- 2023
-
Michael Rohrlich und Marc OIliver Thoma, 12.05.2023: Im Interview Anna Cardillo, available under: https://www.youtube.com/watch?v=afofNLacOqY
- 2021
-
Heise Online: Podcast Auslegungssache, Folge 33, 26.2.2021: “Datenschutz leben lernen” – Datenschutzauditorin Anna Cardillo hilft Organisationen, DSGVO-Anforderungen umzusetzen. Sie sagt, beim Datenschutzmanagement stinkt der Fisch oft vom Kopf, available under: https://www.heise.de/hintergrund/Auslegungssache-33-Datenschutz-leben-lernen-5069736.html
- 2020
-
Datenschutz-Guru: Podcast 14.9.2020: “ISO 27001 als Freifahrtschein für Auftragsverarbeiter” – Im Gespräch mit Rechtsanwältin Anna Cardillo, available under: https://podcasts.apple.com/us/podcast/iso-27001-als-freifahrtschein-f%C3%BCr-auftragsverarbeiter/id1034321062?i=1000491147023
Lectureship
University of Bamberg, at the Chair of Privacy and Security in Information Systems (Data Protection Module)