Lawyer Dr. Hans Markus Wulf (Hamburg)

Publications

2026

28th Regime Explained: How the EU Plans to Simplify Start-Up Creation and Cross-Border Scaling

Update Data Protection No. 232, February 11, 2026

EU Data Spaces on the rise: What companies need to know now from a legal perspective

Update Data Protection No. 231, January 26, 2026,

together with Theresa Marie Bardenhewer, LL.M.

EU Digital Rights 2026: What changes can be expected at the national level?

Update Data Protection No. 230, January 22, 2026,

together with Theresa Marie Bardenhewer, LL.M.

Digital law in transition: What the EU-Mercosur agreement now means for businesses

Update Data Protection No. 229, Janaury 20, 2026,

together with Theresa Marie Bardenhewer, LL.M.

EU Digital Law 2026: An overview of the most important changes

Update Data Protection No. 226, 7. Januar 2026,

together with Theresa Marie Bardenhewer, LL.M.

2025

AI ACT: How do companies need to label AI-generated content?

Update Data Protection No. 225, December 22, 2025,

together with Theresa Marie Bardenhewer, LL.M.

EU DIGITAL LAW: What legal obligations will providers of SaaS (Software as a Service) services face in the future?

Update Data Protection No. 224, December 2, 2025,

together with Theresa Marie Bardenhewer, LL.M.

Digital Omnibus: What changes in data protection (GDPR) can be expected?

Update Data Protection No. 223, November 27, 2025,

together with Theresa Marie Bardenhewer, LL.M.

Digital Omnibus: EU Commission presents draft

Update Data Protection No. 221, November 13, 2025,

together with Theresa Marie Bardenhewer, LL.M.

AI ACT: Should ChatGPT be classified as High-Risk AI?

Update Data Protection No. 220, October 28, 2025,

together with Theresa Marie Bardenhewer, LL.M.

EU DIGITAL LAW: Will there be an extension of the deadline for the implementation of the AI Act, the Data Act, and the Cyber Resilience Act (Digital Omnibus)?

Update Data Protection No. 219, October 15, 2025,

together with Theresa Marie Bardenhewer, LL.M.

DATA ACCESS WITHIN THE COMPANY GROUP: Are companies permitted to access the IT systems of parent, sister, or subsidiary companies?

Update Data Protection No. 218, October 1, 2025,

together with Theresa Marie Bardenhewer, LL.M.

New draft bill for the implementation of the AI Regulation

Update Data Protection No. 217, September 24, 2025,

together with Theresa Marie Bardenhewer, LL.M.

Legal framework for the use of AI AGENTS

Update Data Protection No. 215, September 17, 2025,

together with Theresa Marie Bardenhewer, LL.M.

Data Act: New obligations for data disclosure apply from September 12

Update Data Protection No. 214, September 11, 2025,

together with Theresa Marie Bardenhewer, LL.M.

EuG confirms effectiveness of EU-US Data Privacy Framework

Update Data Protection No. 219, September 3, 2025,

together with Theresa Marie Bardenhewer, LL.M.

The new EU Digital Identity Wallet (EUDI)

Update Data Protection No. 218, July 21, 2025,

together with Theresa Marie Bardenhewer, LL.M.

Neue Pläne der EU-Kommission: Der Digital Networks Act

Update Data Protection No. 217, July 16, 2025,

together with Theresa Marie Bardenhewer, LL.M.

Digital accessibility: What companies have to consider since June 28, 2025

Update Data Protection No. 216, July 9, 2025,

together with Theresa Marie Bardenhewer, LL.M.

E-Evidence Regulation: New obligations for service providers from 2026

Update Data Protection No. 215, July 8, 2025,

together with Theresa Marie Bardenhewer, LL.M.

New guidance from the Data Protection Conference on the legally compliant use and development of AI systems

Update Data Protection No. 214, July 1, 2025,

together with Theresa Marie Bardenhewer, LL.M.

EUR 45 million GDPR-fine against Vodafone – What are the conclusions for EU-companies?

Update Data Protection No. 212, June 12, 2025,

together with Dr. Hans Markus Wulf, Theresa Marie Bardenhewer, LL.M. and Emily Bernklau

New plans from the EU Commission: The Digital Fairness Act

Update Data Proctection No. 211, May 23, 2025,

together with Theresa Marie Bardenhewer, LL.M.

Artificial Intelligence: These Transparency Obligations must be observed

Update Data Protection No. 208, May 7, 2025,

together with Theresa Marie Bardenhewer, LL.M.

Cybersicherheit: NIS-2 im Gesundheitssektor – Was die EU-Richtlinie für Krankenhäuser bedeutet

Klinik Einkauf, April 2025, pp. 37-39

New developments in EU Digital Law

Update Data Protection No. 207, May 5, 2025,

together with Theresa Marie Bardenhewer, LL.M.

Use of US Cloud Providers under the Trump Administration: Risks and Recommendations for Action for Companies

Update Data Protection No. 206, April 15, 2025,

together with Theresa Marie Bardenhewer, LL.M.

GDPR compliance when using ChatGPT & Co.

Update Data Protection No. 204, April 3, 2025,

together with Theresa Marie Bardenhewer, LL.M.

EU Regulation on the European Health Data Space (EHDS) published

Update Data Protection No. 202, March 6, 2025,

together with Theresa Marie Bardenhewer, LL.M.

The Data Act: Opportunities and challenges for companies

Update Data Protection No. 200, February 25, 2025,

together with Dr. Thomas Jansen

EU digital law 2025 – These innovations should be considered

Update Data Protection No. 197, January 3, 2025

Show moreShow less

2024

Europäischer Datenschutzausschuss veröffentlicht Stellungnahme zum Einsatz von KI-Modellen

Update Data Protection No. 196, December 20, 2024,

together with Julian Rosenfeld

New accessibility requirements: Affected companies must revise their websites by June

Update Data Protection No. 193, November 27, 2024

Data protection supervision: Failure to delete personal data leads to a fine of EUR 900,000

Update Data Protection No. 192, November 15, 2024

Draft bill of the Employee Data Protection Act (BeschDG): New regulations for the use of artificial intelligence in the employment relationship

Update Data Protection No. 190, November 4, 2024,

together with Antje Münch, LL.M.

AI Act: Erste gesetzliche Pflichten greifen ab Februar 2025

Interview, HH@WORK: Der AI Act und seine Auswirkungen auf Unternehmen, Newsletter, Oktober 16 2024

Künstliche Intelligenz: Diese gesetzlichen Pflichten greifen bereits ab Februar 2025

Update Data Protection No. 185, September 30, 2024,

together with Dr. Johannes Rolfs, LL.M.

Die KI-Verordnung kommt noch vor der Sommerpause – Hat der Zeitdruck wertvolle Qualität gekostet?

Recht der Internationalen Wirtschaft, Issue 8, August 2, 2024

NIS2 Directive: Update on the German Implementation Act

Update Data Protection No. 183, July 30, 2024,

together with Michael Kuska, LL.M., LL.M. , Manuel Poncza

050: EU Digitalrecht – ein Überblick

"Recht kurz" - der Heuking-Podcast,

together with Dr. Marcus Georg Tischler , Tim Petermann

NIS2 Directive: Update on the German Implementation Act and the new EU Implementing Regulation

Update Data Protection No. 180, July 2, 2024,

together with Michael Kuska, LL.M., LL.M.

Data protection compliant use of artificial intelligence – Data protection authorities publish guidance

Update Data Protection No. 178, May 14, 2024,

together with Antje Münch, LL.M.

Data Protection & Cybersecurity – Germany

The Legal 500 Country Comparative Guide 2024

Ein Überblick zum Status Quo der EU-Digitalstrategie und rechtliche Auswirkungen auf die Privatwirtschaft

Zeitschrift für das Recht der digitalen Wirtschaft, Issue 4, pp. 118-124

EU digital law: Formal agreement in the EU Parliament on the AI Regulation, the Cyber Resilience Act and the European Media Freedom Act

Update Data Protection No. 173, March 13, 2024,

together with Manuel Poncza

AI Act: Preliminary result of the trilogue negotiations leaked

Update IP, Media & Technology No. 90 & Update Data Protection No. 168,

together with Dominik Eickemeier

E-Evidence Act: Herausgabe- und Prüfpflichten für Anbieter von Onlinediensten in europaweiten Strafverfahren

Update Data Protection No. 166, January 12, 2024,

together with Dr. Johannes Rolfs, LL.M.

Show moreShow less

2023

DORA – One year before the implementation deadline, more and more details are becoming known

Update Data Protection No. 164, December 21, 2023,

together with Dr. Johannes Rolfs, LL.M.

AI Act (update): Agreement on the new AI regulation

Update Data Protection No. 162, December 14, 2023

Cyber Resilience Act: Vorläufige Einigung von Rat und Parlament, fünfjährige Updatepflicht und längere Umsetzungsfrist

Data Protection Update No. 160, December 7, 2023,

together with Dr. Johannes Rolfs, LL.M.

Data Act (Update): EU Parliament adopts new data law, what steps do companies need to implement now?

Update Data Protection No. 158, November 23, 2023

Differing views of German regulators on the effectiveness of the Data Privacy Framework (use of U. S. cloud services)

Update Data Protection No. 153, September 14, 2023

Supervisory authority provides guidance on implementing the new Data Privacy Framework

Update Data Protection No. 152, August 18, 2023

DATA ACT: Europäisches Parlament einigt sich auf ein Datengesetz mit weitreichenden Rechtsfolgen für Unternehmen

Update Data Protection No. 148, July 5, 2023,

together with Dr. Johannes Rolfs, LL.M.

Rechtliche Aspekte bei der digitalen Transformation nicht vergessen!

Security-Insider, 28. Juni 2023

Künstliche Intelligenz: Europäisches Parlament macht Weg frei für neue EU-Verordnung (AI-Act)

Update Data Protection No. 146, June 26, 2023,

together with Dr. Johannes Rolfs, LL.M.

Current developments in international data transfer - New guideline of the supervisory authorities & record fine against META

Update Data Protection No. 143, May 31, 2023,

together with Dr. Johannes Rolfs, LL.M.

Data Protection & Cybersecurity - Germany

The Legal 500 Country Comparative Guide 2023

Digital Operational Resilience Act and Cyber Resilience Act: New EU requirements for cybersecurity

Update Data Protection No. 132, February 13, 2023,

together with Dr. Johannes Rolfs, LL.M.

Show moreShow less

2022

Current legal situation regarding the use of tracking tools on websites

Update Data Protection No. 128

Der Digital Services Act: Erste Pflichten sind schon bis Februar 2023 umzusetzen

Update Data Protection No. 127

Microsoft 365 and Data Protection: US Data Transfer is Inadmissible, Consent is Invalid

Update Data Protection No. 125

Cyberattacks – Effective prevention and appropriate response in the event of an attack

Update Data Protection No. 123,

together with Dr. Lutz Martin Keppeler , Manuel Poncza

Die neue EU-Verordnung zur Künstlichen Intelligenz – Inkrafttreten schon Anfang 2023 möglich

Update Data Protection No. 121

OLG Karlsruhe stellt klar: Einsatz eines europäischen Server- und Hosting-Dienstleisters mit US-amerikanischer Konzernmutter nicht per se datenschutzrechtlich unzulässig

Update Data Protection No. 116

Das neue EU-Digitalrecht und seine Umsetzung in Deutschland

Update Datenschutz No. 114

“In Germany the authorities are taking increasingly consistent action against IT security breaches.”

Leaders League, July 29, 2022

Supervisory Authority Publishes Guidelines for the Implementation of Erasure Obligations under the GDPR

Update Data Protection No. 113,

together with Dr. Johannes Rolfs, LL.M.

DATA PROTECTION & CYBER SECURITY LAW Germany

The Legal 500, Country Comparative Guides

Show moreShow less

2021

Verwaltungsgericht untersagt Nutzung von Consent-Management-Plattform „Cookiebot“ mit weitreichenden Folgen für den internationalen Datentransfer

Update Data Protection No. 106

Drittlandtransfers nach Schrems II – Europäischer Datenschutzausschuss aktualisiert Empfehlungen

Der Betrieb, page 1524, July 12, 2021

New EU Standard Contractual Clauses in Force - How Companies should now correctly proceed when using US Cloud Services

Update Data Protection No. 99,

together with Dr. Thomas Jansen , Manuel Poncza

Aufsichtsbehörden beschließen Datenschutzkontrollen bei Unternehmen, insbesondere zum internationalen Datentransfer; neue Standardvertragsklauseln der EU-Kommission

Update Data Protection No. 98

EU Data Protection Officer Initiates Proceedings against Institutions of the European Union for using Amazon AWS and Microsoft Office 365

Update Data Protection No. 97

E-Privacy-Richtlinie endlich umgesetzt – Bundestag beschließt Neuregelung des Datenschutzes im Bereich der Telemedien und Telekommunikation

Update Data Protection No. 96

Framing bei technisch geschützen Werken nur mit Erlaubnis des Urhebers

dfv Mediengruppe, Kommunikation & Recht, 05/2021, S. 303

Right to copy of personal data: First highest court ruling on the right of access to information under data protection law pursuant to Article 15(3) GDPR issued (Federal Labor Court, April 27, 2021)

Update Data Protection No. 95

EuGH: Framing kann eine Urheberrechtsverletzung darstellen. Was Unternehmen nun beachten müssen.

Update IP, Media & Technology No. 36

Bußgelder nur noch nach Datenschutzverstößen von Führungskräften? Das Urteil des LG Berlin vom 18. Februar 2021

Update Datenschutz Nr. 92

German Cyber Security Act 2.0: Federal Cabinet presents new draft

Update Data Protection, No. 90

Update on the Legal Situation for Data Transfer to Third Countries (the US and China in particular)

Update Data Protection, No. 89

Show moreShow less

2020

Nach EuGH-Urteil zum Privacy-shield - Datenschutzbehörde veröffentlicht Handlungsempfehlungen für die Praxis

Update Datenschutz, Nr. 84

Berliner Datenschutzaufsicht beanstandet AV-Bestimmungen zu Microsoft Office 365

Update Datenschutz, Nr. 80

Jetzt wird es richtig teuer

DSGVO-Update, CREDITREFORM 03 | 2020

Rechtliche Aspekte der Digitalisierung

Neue Technologien: wie Künstliche Intelligenz, Data Analytics, IoT oder Blockchain rechtskonform einsetzen, Leitfaden Mittelstand 4.0-Kompetenzzentrum Hamburg, February 2020

2019

Stellungnahme im EuGH-Verfahren zur Datenübermittlung an Facebook, Amazon, Microsoft, Google & Co.

Update Datenschutz No. 71

Datenschutz: Wer Adressen bunkert, riskiert Millionen-Bußgeld

Der Bauunternehmer 12-2019, page 7

Microsoft Office: Verstoß gegen DSGVO? Ergebnisse einer aktuellen Datenschutz-Folgenabschätzung

Der Betrieb No. 4, January 25, 2019

2018

Die 10 wichtigsten rechtlichen Fallstricke der Industrie 4.0

Newsletter, Mittelstand 4.0-Kompetenzzentrum Hamburg, October 10, 2018

Was Betreiber von Facebook-Fanpages jetzt tun sollten

Magazine impulse, September 30, 2018

Dr. Hans Markus Wulf

Vita

Affiliations

Dr. Hans Markus Wulf's Distinctions

Latest news

Gallery

[Translate to English:] https://www.heuking.de/de/anwaelte/profil/dr-hans-markus-wulf.html

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

Publications

2026

2025

2024

2023

2022

2021

2020

2019

2018

Lectures

2025

2024

2023

2022

2021

2020

2019

Dr. Hans Markus Wulf

Vita

Affiliations

Dr. Hans Markus Wulf's Distinctions

Latest news

Gallery

[Translate to English:] https://www.heuking.de/de/anwaelte/profil/dr-hans-markus-wulf.html

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:] https://www.heuking.de/de/anwaelte/profil/dr-hans-markus-wulf.html

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

[Translate to English:]

Publications

2026

2025

2024

2023

2022

2021

2020

2019

2018

Lectures

2025

2024

2023

2022

2021

2020

2019

Questions?