Anna Cardillo

Partner

Dr. Johanna M. Kirschnick, LL.M. (KCL)

Johanna advises German and international companies on digitalization projects with a focus on data protection law, e-commerce, and IT law, bringing extensive in-house experience and a deep understanding of processes in large corporations.

Languages
  • German

  • English

  • Spanish

  • French

Anna Cardillo

Partner

Dr. Johanna M. Kirschnick, LL.M. (KCL)

Johanna advises German and international companies on digitalization projects with a focus on data protection law, e-commerce, and IT law, bringing extensive in-house experience and a deep understanding of processes in large corporations.

Languages
  • German

  • English

  • Spanish

  • French

Additional Qualifications

  • Dr. jur. (PhD) in data protection and data security law (University of Kassel)
  • LL.M. in IT/IP-law (King’s College, London)
  • Certified Information Privacy Professional/Europe, CIPP/E (IAPP)

Vita (short)

  • Studied law at the University of Potsdam, Germany, completed with the first state examination (Erstes Staatsexamen)
  • Legal clerkship (Referendariat) in Berlin and Barcelona, meanwhile research associate in a law firm, completed with the second state examination, the German Bar Exam (Zweites Staatsexamen)
  • Postgraduate studies completed with the LL.M. degree in IT/IP at King’s College, London, UK
  • Several years of research work in the project group “Constitutionally Compatible Technology Cesign” (provet) under the chair of Prof. Dr. Roßnagel, in charge of an interdisciplinary research project on dynamic data protection and data security certification of cloud computing services.
  • Admission to the German Bar since 2018 and worked as German solicitor (Rechtsanwältin) in international law firms in Munich and Berlin; long term secondments in a large German group of companies with international operations and at the German subsidiary of a US technology group of companies.
  • PhD (Dr. jur.)
  • The thesis was awarded with the Science prize of the legal society in Kassel
  • Since 2021 Data Protection Officer of German entities of a US corporate technology group and partner in a law firm

Focus

  • Johanna advises international and German companies on their digitalization projects. She specializes in data protection law, eCommerce and IT law. Johanna can draw on many years of in-house experience at the German subsidiary of a globally active US technology group. Through various secondments, she has gained deep insights into the workflows of large corporate units.

Publications (excerpt)

2024

International data flows, in Johannes/Geminn (eds.), Handbuch Datenrecht, Nomos 2024 (publication in German language; co-authorship with Dominik Hoidn), in the process of publication.

2024

Sanctions, in Johannes/Geminn (eds.), Handbuch Datenrecht, Nomos 2024, (publication in German language) in the process of publication.

2023

Chapter 12: Liability for data processing / data protection, in Hoeren/Bensinger (eds.), Haftung im Internet, de Gruyter, 2023, p. 679-710 (publication in German language).

2023

Dynamic in the implementation of data protection requirements within corporate groups, Datenschutz-Berater, 2023, p. 269-299 (publication in German language).

2022

How to use B2B-leads lawfully?, in DSB 2022, p. 238-241 (publication in German language; co-authorship with Dominik Hoidn).

2021

Brexit-Deal increases the chances of a seamless transition to the EU Commission’s adequacy decision, in ZD-Aktuell 2021, 05010 (publication in German language; co-authorship with Benjamin Stach).

2021

Soft Brexit – the calm before the storm?, in: ZD 2021, p. 3-8 (publication in German language; co-authorship with Benjamin Stach).

2020

Comment to judgement EUCJ, decision of 16.07.2020, C-311/18 – Schrems II, in: K&R 2020, p. 594-595 (publication in German language; co-authorship).

2019

Dynamic certification – data protection certification pursuant to the GDPR on the example of Cloud Computing, (publication in German language; doctoral thesis), Nomos, Baden-Baden, 2019.

2018

Dynamic certification – the road to a regulation compliant cloud computing, in: Roßnagel, A., Friedewald, M., Hansen, M. (eds.), Die Fortentwicklung des Datenschutzes – zwischen Systemgestaltung und Selbstregulierung, Wiesbaden, 2018, p. 293-307 (publication in German language).

2017

Data Processing (Cloud Computing), in: Roßnagel, A. (editor), Das neue Datenschutzrecht – Europäische Datenschutz-Grundverordnung und deutsche Datenschutzgesetze, Baden-Baden 2017, p.172-186 (publication in German language).

2017

Data protection authorities (organisation and responsibilities), in: Roßnagel, A. (editor), Das neue Datenschutzrecht – Europäische Datenschutz-Grundverordnung und deutsche Datenschutzgesetze, Baden-Baden 2017, p. 230-238 (publication in German language).

2017

Legally compliant design of Cloud-Services, in: Krcmar, H. u.a. (editors), Management sicherer Cloud-Services – Entwicklung und Evaluation dynamischer Zertifikate, Wiesbaden 2017, p. 25-57 (publication in German language; co-authorship).

2017

Protecting trust through certification, in: Krcmar, H. u.a. (editors), Management sicherer Cloud-Services – Entwicklung und Evaluation dynamischer Zertifikate, Wiesbaden 2017, p. 69-80 (publication in German language; co-authorship).

2017

Legal requirements on certification pursuant to the GDPR, in Krcmar, H. u.a. (editors), Management sicherer Cloud-Services – Entwicklung und Evaluation dynamischer Zertifikate, Wiesbaden 2017, p. 101-112 (publication in German language; co-authorship).

2017

The day that changed almost nothing: Do you actually know when the GDPR came into force? in: ZD-Aktuell 2017, 05853 (publication in German language).

2017

GDPR: Guide to autonomous interpretation oft he term of persona data, in: Zeitschrift für Datenschutz (ZD) 5/2017, p. 221-226 (publication in German language; co-authorship with Paul Johannes).

2016

Requirements under GDPR and NIS-Directiveon cloud computing, ZD-Aktuell 2017, 0548 Mitautorenschaft in Roßnagel (Hrsg.), Europäische Datenschutz-Grundverordnung, Baden-Baden 2016 (publication in German language).

2016

Guidance on the General Data Protection Regulation, synopsis of the German translation of the GDPR in the draft version of 28 January 2016 to the promulgated version, Roßnagel (editor), ITeG Technical Report, Band 4, Kassel 2016 (publication in German language; co-authorship).

2016

Comment on judgement of BGH, decision of 19.03.2015, Az. I ZR 157/13 – Schufa-Hinweis, in VuR 2016, p. 67-69 (publication in German language).

2015

Dynamic certification of cloud computing services: A legal approach on the example of availability, in: Cunningham et al. (eds.), INFORMATIK 2015, GI-Edition – Lecture Notes in Informatics (LNI), p. 539-552 (publication in German language).

2015

Guideline No. 11 – Data protection and cloud computing of the working group on the legal framework for cloud computing, competence centre of the Trusted Cloud technology programme of the Federal Ministry of Econoic Affairs of Germany, Berlin 2015 (publication in German language ; co-authorship).

Talks (excerpts)

2023

JUC Netzwerktreffen München, Rechtsprechung – Aufsichtsbehörden – Praxishilfen, Vortrag zum Thema Datenschutz im Konzern umsetzen.

2023

Datenschutzkonferenz 2023: Data Protection Implementation in Multinational Corporate Structures.