Jan Pohle

Practice Areas

Jan Pohle is a partner in Dentons’ Dusseldorf office, a member of the Intellectual Property and Technology practice group and heads the German TMT sector. He is one of the leading legal advisors in the field of technology and data law in the German market, with more than twenty-five years of professional experience.

He specializes in supporting strategic digitization projects, in advising on artificial intelligence related legal topics and in designing and supporting strategic (procurement) projects in information technology, especially cloud services and the outsourcing of IT services and business processes with a focus on regulated industries such as financial services, insurance, life sciences, and health care, automotive, energy and telecommunications.

Jan also advises on projects and regulations in the area of data economy, project related or ongoing data protection related compliance issues on regulatory obligations applying on digital services provider and related responsibilities.

Finally, he has specialist expertise in legal advice on cyber-related topics, including advise on cyber regulatory, cyber risk management and cyber incident response.

For almost 20 years Jan is a lecturer on internet law with a focus on digital services related obligations and responsibilities at the University of Oldenburg in the postgraduate LL.M. program in information law. He is co-editor of the standard work Computerrechtshandbuch (formerly Kilian/Heussen), of the Berlin Commentary on the EU AI Act (to be published 02/2026) and, among other things, author of the chapter on data breach notifications in the leading commentary by Taeger/Gabel on the GDPR, BDSG and TDDDG.

Career

Dentons (Partner since 2025), DLA Piper UK LLP (Partner 2011–2025), Taylor Wessing (Partner 2004–2010), Osborne Clarke (Partner 2001–2004), Graf von Westphalen (Associate/Partner 1996–2004).

Professional Memberships

Member, Deutsche Gesellschaft für Recht und Informatik (DGRI e.V.)

Member, International Technology Law Association (ITechLaw)

Member, Arbeitsgemeinschaft IT des Deutschen Anwaltvereins (DAV IT)

Member, Deutscher Anwaltverein (DAV)

Publications

Articles

•“Kommentierung der Artikel 33 und 34 DSGVO,” Taeger/Gabel (hrsg.) DSGVO –BDSG - TDDDG, 5. Auflage. Frankfurt am Main 2025

•Co-author: “Kommentierung der Artikel 12 und 10 DSGVO sowie §§ 20, 21 and 44 BDSG,” Taeger/Gabel (hrsg.) DSGVO - BDSG, 4. Auflage. Frankfurt am Main 2022

•Co-author: "Problemstellungen im BSIG-neu: Anwendungsbereich, Lieferkette und erheblicher Sicherheitsvorfall“, MMR Zeitschrift für das Recht der Digitalisierung, Datenwirtschaft und IT 2026, 115

•Co-author: “Das neue Cybersicherheitsrecht im internationalen Konzern“, Compliance Berater 2026, S. 1

•Co-author: "Schadenersatzanspruch nach DSGVO-Verstoß: Kontrollverlust als Schaden, Der Betrieb 2025, S. 239"

•Co-author: "Datenschutzrechtlicher Schadensersatzanspruch nach Cyberangriffen", ZD Zeitschrift für Datenschutz 2024, S. 312

•Co-author: "KI-Verordnung - Was bisher geschah und jetzt zu tun ist", Compliance Berater 2024, S. 137

•“DORA: Die EU-Verordnung über die digitale operationale Resilienz im Finanzsektor,” Versicherungsrecht 2023, Heft 3, S. 273

•„Der transatlantische Datentransfer – eine unendliche Geschichte ?”, Kommunikation & Recht, Editorial Heft 12/2022

•“Innovativ – und jetzt? Der Verordnungsentwurf der Europäischen Kommission zur Regulierung künstlicher Intelligenz,” Compliance & Recht 2021, Heft 10, S. 371

•“Datenschutz durch Technikgestaltung in der Vertragspraxis,” Kommunikation & Recht 2021, Heft 6, S. 374

•“Datenschutz durch Technikgestaltung in der Vertragspraxis,” Specht-Riemenschneider, Buchner, Heinze, Thomsen (hrsg.), IT-Recht in Wissenschaft und Praxis, Festschrift für Jürgen Taeger, Frankfurt am Main, 2020

•Editor to “Data Privacy Legislation in the European Union Member States—a Practical Overview,” Cri Computer Law Review International, 2019, Edition 4, P. 97 (Part 1) and Edition 4, P. 133 (Part 2)

•Neue Pflichten zur IT-Sicherheit, NJW-aktuell 25/2019, S. 19

•Co-author, “Die Neufassung des § 203 StGB – der Befreiungsschlag für IT-Outsourcing am Beispiel der Versicherungswirtschaft?,” Computer und Recht 2017, Heft 8, S. 489

•Co-author: „Telekommunikation”, in: Kronke, Mellis, Kuhn (hrsg.), Handbuch des Internationalen Wirtschaftsrechts, Köln 2017

•Co-author: „Die Bestimmbarkeit des Personenbezugs – Von der IP-Adresse zum Anwendungsbereich der Datenschutzgesetze”, Multimedia und Recht 2015, S. 563

•“Der Inkassovertrag”, in: Conrad/Grützmacher, Recht der Daten und Datenbanken im Unternehmen, zugleich Festgabe für Jochen Schneider zum 70 Geburtstag, Köln, 2014

•Co-author: eCall = Der gläserne Fahrer, Computer und Recht 2014, 409

•Co-author: „Software-Compliance: Sicher ist sicher im Fall eines Software-Audits", Compliance Berater 2014, S. 384

•„Nutzungsrechte bei agiler Softwareprogrammierung”, in: Bullinger/Grunert/Ohst/Wöhrn, Festschrift für Artur-Axel Wandtke zum 70. Geburtstag, Berlin, 2013

•„Unterlagen-, Daten- und E-Mailauswertung unter Berücksichtigung datenschutzrechtlicher Aspekte”, in: Wessing/Dann (hrsg.), Deutsch-Amerikanischen Korruptionsverfahren, München, 2013.

•„IT-Outsourcing in der Insolvenz: Optionen für Anbieter und Anwender”, Kommunikation & Recht 2013, S. 297.

•Co-author: “BYOD” - Rechtliche Herausforderungen der dienstlichen Nutzung privater Informationstechnologie, Kommunikation & Recht 2012, S. 470

•Einbeziehung telekommunikativer Leistungen in IT-Verträgen, ITRB - Der IT Rechtsberater 2011, S. 219

•Co-author: Software as a Service – auch rechtlich eine Evolution, Kommunikation & Recht 2009, S. 625

•Update Internetrecht in: Tager/Wiebe (hrsg.), Von Adwords bis Social Networks – Neue Entwicklungen im Informationsrecht, Tagungsband der DSRI Herbstakademie 2008, Oldenburg, 2008

Books

•Co-publisher, “Berlin Kommentar KI-VO” (to be published 02/2026) and author of the annotations to Art. 1-2, Art. 57-63; Art. 73, Art. 85-87, Art. 99, Art. 101, Art. 112-113 KI-VO

•Co-publisher, “Computerrechtshandbuch,” Verlag C.H.Beck, München 2025

•Co-publisher, “FinTech – Digitalisierung, künstliche Intelligenz und aufsichtsrechtliche Regulierung von Finanzdienstleistungen” and co-author of the chapter „Regulierungsrahmen für Künstliche Intelligenz“, Berlin 2022

Experience

•Special Purpose Vehicle (SPV) of a German global software group: Advising on contractual, data protection, and security law issues in connection with the “German Sovereign Cloud” project in cooperation with a leading global US software group.

•German international direct insurance group: Ongoing advice on strategic IT procurement, outsourcing, and digitization projects, including a long-term digitization project in the area of life insurance lifecycle management.

•German domestic insurance group: Advise on contractual and data protection related topics of the client’s “Ready for the Cloud” project.

•International insurance group specialized in run-off management business: Advise on group internal technology and business process outsourcing agreements.

•Leading global payment solutions service provider: Ongoing advisee on contractual issues relating to technology-based service offerings with strategic partners.

•Global German-Swiss industrial group: Advice on legal issues relating to the Data Act and the AI Regulation.

•German international industrial group in the automotive sector: Advice on the integration of the data protection management systems of a third party international industrial group in the automotive sector following the merger of the group operations.

•German international industrial group in the automotive sector: Advise on the artificial intelligence compliance of the client group in various countries globally

•German international industrial group in the automotive sector: Advise on the artificial intelligence compliance of the client group in various countries globally.

•Global specialist chemicals group: Ongoing advising on structured tendering processes for business process and IT outsourcing projects, including the structured tendering process for the consolidation and operation of the group-wide IT infrastructure and central group applications in a multi-provider environment, as well as within the framework of the group's digitization initiative.

•Global leading group of OEM in the automotive industry: Advise on data privacy topics of group internal strategic digitalization projects affecting sales channels and further internal operations.

•International OEM in the automotive industry: Advise on legal issues relating to digitalization and data protection including management of and support on the implementation of the group-wide GDPR implementation and compliance project.

•International OEM in the automotive industry: Advice on structural internal data privacy compliance topics

•International OEM in the automotive industry: Advise on the regulatory framework of autonomous driving with a focus on “traffic rules as a code”.

•German globally leading technology company specializing in rail infrastructure: Advise on a global ERP consolidation and SAP S4/Hana rollout.

•German globally leading technology company specializing in rail infrastructure: Advice on the award of the group-wide, global ERP template rollout and on legal issues relating to the Data Act.

•Listed global medical technology and healthcare group: Advising on contractual and data protection issues relating to a strategic IT procurement and outsourcing project.

•Leading global manufacturer of dental technology: Regular advice on the digitalization of its product and service range in more than 30 countries globally (contract and data protection law).

•Leading global, publicly traded medical technology group: Advice on contractual and data protection issues in various jurisdictions in EMEA.

•Leading global IT consulting and outsourcing service provider: Longstanding advice on legal issues relating to the compliance of digital service offerings and on numerous IT procurement and outsourcing projects for internationally active blue-chip clients (contract and data (protection) law).

•Leading global IT service provider: Advice on implementing the requirements of the DORA and the NIS-2 directive.

•German energy company: Representation in response to a request for information from a former board member pursuant to Art. 15 GDPR regarding personal data covering a period of several decades.

•International, publicly traded laboratory service provider: Advice on a cyberattack in 100 (+) jurisdictions globally.

•Global insurance company: Advised on a cyberattack affecting 300,000+ policyholders.

•German domestic insurance company: Advised on a cyberattack affecting 400,000+ policyholders.

•German domestic insurance group: Ongoing advice to the client on the management of cyber attacks on its cyber policyholder.

•Swiss manufacturing company: Advised on a cyberattack in more than ten countries within and outside the EU.

•Various German domestically and internationally active companies: Advising on cyberattacks, including an insurer on the management and consequences of a ransomware attack.