Tim Wybitul

  • Partner
  • Etim.wybitul@lw.com
  • Die Welle
  • Reuterweg 20
  • 60323 Frankfurt am Main
  • Germany
  • T +49.69.6062.6560


Tim Wybitul is a partner in Latham & Watkins Frankfurt office, advising companies on complex data protection issues. He focuses on the implementation of the EU General Data Protection Regulation (GDPR) and employee data protection as well as internal investigations, data protection authority probes, respective litigation, and other data privacy-related legal disputes.

He advises clients on a variety of matters, including:

  • Implementing the GDPR
  • Operating data protection systems
  • Reviewing data protection management systems and respective compliance structures
  • Negotiating with data protection authorities and in data protection proceedings before the courts   

He has particular expertise advising on international matters, specifically data protection requirements for intra-group data transfers, discoveries and cross-border legal proceedings, international data transfers, and representing companies in cross-border regulatory and criminal investigations.

Mr. Wybitul is a Certified Information Privacy Professional and a specialist lawyer for employment law. The German Parliament (Deutscher Bundestag) appointed him as the individual expert for a hearing on data protection issues.

Thought Leadership
  • The Federal Supreme Court and Federal Labor Court, as well as courts of appeal, cite many of his publications
  • Co-editor of the Zeitschrift für Datenschutz (ZD), published by C.H. Beck
  • Lecturer for data protection at the Goethe University in Frankfurt
  • Author of the handbook EU-Datenschutzgrundverordnung in der Unternehmenspraxis (2017), the practice guide DSGVO im Unternehmen (2015), and the handbook Datenschutz im Unternehmen, 2nd edition (2014, all published by Deutscher Fachverlag GmbH) and other book publications
  • Author of numerous specialist publications on data protection, compliance, and internal investigations, among others:
    • NJW 2018, 113, “Abwehr von Schadensersatzansprüchen nach der Datenschutz-Grundverordnung”
    • CCZ 2018, 14, “Beschäftigtendatenschutz und Compliance: Compliance-Kontrollen und interne Ermittlungen nach der EU-Datenschutz-Grundverordnung und dem neuen Bundesdatenschutzgesetz”
    • NZA 2017, 413, “Der neue Beschäftigtendatenschutz nach § 26 BDSG und Art. 88 DSGVO”
    • NZA 2017, 1488, “Betriebsvereinbarungen im Spannungsverhältnis von arbeitgeberseitigem Informationsbedarf und Persönlichkeitsschutz des Arbeitnehmers”
    • NZA 2019, 672, “Welche Reichweite hat das Recht auf Auskunft und auf eine Kopie nach Art. 15 I DS-GVO?”
    • NZA 2018, 285, Interview: Beschäftigtendatenschutz nach der DS-GVO
    • ZD 2017, 503, “Übermittlung personenbezogener Daten in Drittländer”
    • ZD 2018, 202, “Schadensersatzrisiken für Unternehmen bei Datenschutzverstößen”
    • ZD 2019, 290, “Vermeidung hoher DS-GVO-Bußgelder und Kooperation mit Datenschutzbehörden”
    • CCZ 2016, 194, “Welche Folgen hat die EU-Datenschutz-Grundverordnung für Compliance?”
    • BB 2010, S. 1085, “Wie viel Arbeitnehmerdatenschutz ist „erforderlich”?”
    • BB 2016, 1077, “EU-Datenschutz-Grundverordnung in der Praxis – Was ändert sich durch das neue Datenschutzrecht?”
    • CB 2018, 119, “Bußgelder und Schadensersatzansprüche nach der DSGVO – neue Compliance-Risiken? – Ein Interview


Mr. Wybitul's experience includes advising:

  • A leading car manufacturer on the implementation of the GDPR*
  • Allianz Deutschland AG on complex aspects of data protection, compliance, and employment law*
  • Deutsche Bahn on data protection law and compliance structures, particularly in connection with the introduction of an internal whistleblower system*
  • UBS AG on extensive internal investigations in connection with US Department of Justice (DOJ) and Securities and Exchange Commission (SEC) investigations (leading a team of more than 60 lawyers)*
  • Metro AG on compliance, data protection, and labor law*
  • Birkenstock Group in labor court proceedings up to the Federal Labor Court*

*Matter handled prior to joining Latham

Thought Leadership

  • GDPR and COVID-19: What Companies Need to Know About Data Privacy  -  March 19, 2020
  • The Pervasive Threat of Business Email Compromise Fraud — and How to Prevent It -  February 20, 2020
  • RuNet Law Comes Into Force: What Is Next -  November 27, 2019
  • German Data Protection Authorities Adopt New GDPR Fine Model -  October 02, 2019
  • How Are European Supervisory Authorities Exercising Cooperation and Consistency In Practice? -  September 02, 2019
  • High GDPR Fines: German Data Protection Authority Joins the Club -  August 28, 2019
  • Datenschutzklagen als Geschäftsmodell kommerzieller Anbieter – Was müssen Unternehmen jetzt beachten -  August 14, 2019
  • 5 Ways for Companies to Limit GDPR Penalties  -  January 25, 2019
  • German GDPR Fine Proceedings Conclude Favorably for Defending Company -  December 26, 2018
“Clients highlight his ‘excellent knowledge of data privacy, huge experience of US and EU data privacy law and great knowledge in data privacy investigations.’”Chambers EUROPE GERMANY 2018
Bar Qualification
  • Rechtsanwalt (Germany)
  • Second German State Exam, Regional Court, Frankfurt am Main, 2002
  • First German State Exam, Goethe University, Frankfurt, 1998
  • Financial Institutions
  • Information Technology – Systems & Solutions
  • Internet & Digital Media
  • Automotive
  • German
  • English
  • Litigation & Trial Practice
  • Data Privacy & Security
  • White Collar Defense & Investigations
  • Benefits, Compensation & Employment
  • False Claims Act