Dr Christoph Ritzer is a technology and data protection lawyer based in Frankfurt. He leads our German cybersecurity and data privacy practice. 

Christoph advises on cyber risk management and coordinates crisis response teams to help clients mitigate the impact of adverse cyber incidents. His broad experience is drawn from having overseen the response to dozens of incidents, some involving legal and regulatory issues in multiple jurisdictions. His day-to-day work involves overseeing forensic investigations, liaising with data protection and government authorities, coordinating notification requirements, communicating with relevant regulators and advising on interactions with commercial counterparties. He also has extensive connections within the forensics and cybersecurity community, helping to ensure that his advice is current, practical and centered on the latest cyber intelligence – of critical importance in an ever-evolving threat landscape.

For more than 15 years, Christoph has specialized in data protection law, where he is lauded as “one of the best data protection lawyers” by a competitor in JUVE’s 2023/24 legal rankings. He has particular experience advising clients on the EU General Data Protection Regulation (GDPR), and additionally advises clients regarding a broad range of multijurisdictional privacy, information security and information management issues, including the roll-out of global privacy programs, adoption of new technologies, and management of cross-border data flows and transfers. He regularly helps with privacy litigation, both dealing with regulator investigations as well as with data subject claims.

Christoph’s technology practice has evolved to cover the booming artificial intelligence (AI) industry and the many associated legal and regulatory considerations businesses must make when integrating AI technology into their operations. As a German lawyer, he is able to offer clients valuable legal insight and guidance into the EU AI Act, and how it will impact their business, while also helping them navigate practical ways to manage associated risks.  

Next to his cybersecurity and data privacy practice, Christoph is a highly experienced technology and outsourcing lawyer, advising clients on complex transactions in the technology sector, including in relation to cooperation and other commercial agreements. He also regularly advises on recent developments, such as cloud computing, blockchain technology and other issues in the FinTech space, as well as on matters spanning eCommerce, IT issues arising within the context of M&A transactions, business process outsourcing and systems procurement. 

Christoph advises clients across a variety of sectors, including financial institutions, technology and life sciences and pharmaceuticals, particularly related to handling patient data. His clients range from grown start-ups to German DAX 30 groups and US companies. 

Christoph studied law and business at the University of Bayreuth. He worked as a scientific assistant at the University of Wurzburg in EU law, where he also earned his doctorate in law. Prior to joining Norton Rose Fulbright, Christoph worked for several years in the Technology, Media and Telecommunications department of another leading international law firm in Frankfurt. He regularly publishes essays in professional journals and speaks at legal and industry events. He is author of the data protection chapter in "Recent Compliance" („Compliance aktuell", published by C.F. Müller) and is a regular contributor to the practice’s Data Protection Report blog. Christoph is also an active member of the International Association of Privacy Professionals (IAPP). He has spoken at IAPP privacy events in Germany and New York, and is an IAPP volunteer in Frankfurt.

Christoph is fluent in German and English, and is a member of the German Association of Law and Informatics (DGRI).