Home / CMS Lawyers / Christina Maria Schwaiger
Portrait of Christina Maria Schwaiger

Christina Maria Schwaiger


CMS Reich-Rohrwig Hainz
Rechtsanwälte GmbH
Gauermanngasse 2
1010 Vienna
Languages English, French, German

Field of activity

Christina Maria Schwaiger has been working primarily for the department of TMC Technology, Media and Telecommunications since May 2019. Her focus is on the topic of data protection. Previously, she was an employee of the Austrian Data Protection Authority for several years. In doing so, she was able to gain valuable experience in both national and cross-border proceedings.


Christina Maria Schwaiger advises and represents her clients in the areas of data protection law, IT law, e-commerce, social media and e-marketing as well as commercial law. She provides her clients with comprehensive support in the area of GDPR compliance (including drafting data protection declarations, conducting data protection impact assessments, drafting contracts for commissioned processing/shared responsibility) and offers GDPR audit support in cooperation with civil engineer DI Dr. Wolfgang Prentner (ZTP). In addition, she represents her clients in particular in proceedings before the data protection authority, the Federal Administrative Court (BVwG), the Administrative Court of Appeal (VwGH) and the civil courts in areas of data protection law. 

IT / E-Commerce / Commercial: In the area of IT law, she is regularly entrusted with the review and drafting of licence agreements, software agreements (SaaS), etc. She also provides legal advice in the area of e-commerce and commercial law. In the area of e-commerce and commercial, she is particularly responsible for the review and drafting of B2B and B2C GTC, the review and drafting of websites, apps, contractual documents, etc. with regard to compliance with consumer protection regulations (KSchG, FAGG, FernFinG, ECG) as well as the review and drafting of contracts in the area of commercial agency law.

Furthermore, the areas of e-marketing and social media, which have become significantly more advisory-intensive due to increasing regulation in recent years - as well as in the coming years due to new legal acts such as the Data Governance Act, the Digital Markets Act, the Digital Service Act and the E-Privacy Regulation - are also part of her areas of expertise.

Previous work experience / education

Christina Maria Schwaiger completed her law studies at the University of Salzburg in 2015. Already during her studies, she worked as a research assistant at the Institute for Public Law, European Law and International Law, with a focus on data protection and IT law. Subsequently, she joined the Austrian Data Protection Authority as an officer. Her areas of expertise included the conduct of national and international complaints procedures, and she also participated at the European level in the drafting of guidelines of the European Data Protection Committee (EDSA) and as a member of various subgroups, such as the International Transfer Subgroup. She was also a member of the Chair Coordination Team, which provided essential support to the chair of the EDSA, Dr Andrea Jelinek, in carrying out the tasks assigned by the GDPR. 

During her time at the DPA, she was also able to successfully complete her bachelor's degree in economics as well as the basic training of the general administrative service (in accordance with the Basic Training Ordinance of the Federal Chancellery). 

In May 2019, Christina Maria Schwaiger moved from the data protection authority to the law firm CMS Reich-Rohrwig Hainz and has since been providing her clients with advice based on her wealth of experience. 


Christina Maria Schwaiger regularly gives lectures on topics such as data protection, e-commerce, digitalisation and IT law. She is also a lecturer at the Danube University Krems for the postgraduate course "Data Protection and Privacy".

more less


  • Teilkommentierung (Commentary on selected issues), in: Jelinek, Schmidl, Spanberger (eds.), Kommentar zum Datenschutzgesetz (2018).
  • Der Datenschutzbeauftragte (The Data Protection Officer), in: Weka (ed.), Praxiswissen Datenschutz (2017).
  • Biometrische Gesichtserkennung (Biometric facial recognition), in: Jahnel (ed.), Datenschutzrecht. Jahrbuch 2016 (2016) 193.
more less

Lectures list

  • Data Processing at Public Authorities (Judicial System and Administration), lecture in the Data Protection and Privacy post-graduate degree programme, Danube University Krems
  • Regular meetings on data protection in 2019, ARS – Akademie für Recht, Steuern und Wirtschaft
  • Experiences with the GDPR from the Austrian Data Protection Authority’s Perspective, lecture at imh’s annual conference on data protection 2019
  • GDPR Bootcamp 2018, Practising Law Institute, San Francisco
  • First Experiences with the GDPR, lecture at Manz’s annual conference on internet law 2018
  • Intensive workshop on data protection law: Austrian Data Protection Act and GDPR, Austrian Federal Academies of Public Administration in Vienna and Vorarlberg
more less


  • 2021 – Bar exam
  • 2019 – Basic training for administrative staff incl. exam
  • 2018 – LLB.oec., University of Salzburg
  • 2015 – Mag. iur., University of Salzburg 
more less


Christina Maria Schwai­ger wird Recht­san­wält­in bei CMS in Wien und set­zt...
Die ehem­a­lige Mit­arbei­t­er­in der Ös­ter­reichis­chen Datens­chutzbe­hörde wurde im Juni als Recht­san­wält­in bei CMS in Wien ein­getra­gen und legt ihren Fok­us auch kün­ftig auf das Thema Datens­chutz. Weit­ere Be­r­a­tungsschwer­punkte sind E-Com­merce und Ver­trag­s­recht sow­ie recht­liche Frages­tel­lungen in den Bereichen So­cial Me­dia und E-Mar­ket­ing.
IAPP Vir­tu­al Danube Know­ledgeN­et: Data Con­trol­lers vs. Pro­cessors
IAPP Vir­tu­al Danube Know­ledgeN­et: Data Con­trol­lers vs. Pro­cessors For the very first time, the Aus­tria, Bul­garia, Croa­tia, Hun­gary, Mu­nich, and Ro­mania Know­ledgeN­et Chapters are join­ing forces for this...
Vir­tu­al Danube Know­ledgeN­et
Data Con­trol­lers vs. Pro­cessors For the very first time, the Aus­tria, Bul­garia, Croa­tia, Hun­gary, Mu­nich, and Ro­mania Know­ledgeN­et Chapters are join­ing forces for this spe­cial joint 'Danube' re­gion Know­ledgeN­et...
Data pro­tec­tion and cy­ber­se­cur­ity laws in Aus­tria
Data pro­tec­tion 1. Loc­al data pro­tec­tion laws and scope Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR)Aus­tri­an Data Pro­tec­tion Act 2018 (DPA 2018)Aus­tri­an Tele­com­mu­nic­a­tions Act 2003 (TCA 2003)Aus­tri­an...
Is a pri­vacy-friendly use of mo­bile ap­plic­a­tions to com­bat COV­ID-19 our...
A Pan-European Ap­proach to the Use of Mo­bile Apps and Mo­bile Data With its Re­com­mend­a­tion of 8 April 2020 on steps and meas­ures to de­vel­op a com­mon ap­proach to the use of mo­bile ap­plic­a­tions and mo­bile...
Com­mu­nic­a­tions as an es­sen­tial ser­vice dur­ing COV­ID-19 con­fine­ment
Aus­tria has taken pre­cau­tion­ary meas­ures re­gard­ing in­ter­net use, al­though at present there is no reas­on to worry that the avail­able net­works will not be able to with­stand in­creased use. As in­ter­net traffic...
Are em­ploy­ers al­lowed to pro­cess and dis­close health data of em­ploy­ees...
Due to the on­go­ing de­vel­op­ments in con­nec­tion with COV­ID-19, al­most all com­pan­ies have to take ap­pro­pri­ate crisis man­age­ment meas­ures in or­der to com­ply with the new leg­al re­quire­ments im­posed by gov­ern­ments...