Home / People / Christian Runte
Portrait ofChristian Runte

Christian Runte

Partner
Rechtsanwalt

CMS Hasche Sigle
Nymphenburger Straße 12
80335 Munich
Germany
Languages German, English

Christian Runte specializes in technology projects, with a special focus on data protection law. He is also widely experienced in handling German and international technology transactions and IT outsourcing projects. Christian’s clients include international technology companies and service providers who particularly appreciate his negotiation skills and solution driven approach.

Christian is co-head of the CMS data protection group and chair of the privacy and data protection group of the World Law Group.

Christian led numerous EU and international data protection and technology projects across several jurisdictions.

Christian, who has been a partner at CMS since 2008, started his legal career with a leading firm in São Paulo (Brazil) and Munich before co-founding an e-commerce business in 1998. He joined CMS in 2000 and was seconded to CMS London in 2004.

more less

Listed as notable practitioner

Chambers Europe, 2024

‘Christian Runte is very solid and reliable.‘, client

Chambers Europe, 2024

„Oft empfohlen“ für IT-Recht und Datenschutz

JUVE Handbuch, 2023/2024

Listed as notable practitioner

Chambers Europe, 2023

Listed as leading individual

Chambers Europe, 2023

Listed for IT Law

Deutschlands beste Anwälte 2023 – Handelsblatt in Kooperation mit Best Lawyers

Listed for Data Protection Law

Deutschlands beste Anwälte 2023 – Handelsblatt in Kooperation mit Best Lawyers

Listed as notable practitioner

Chambers Europe, 2021

"Recommended" for Data Protection and Information Technology

JUVE German Commercial Law Firms 2021 (GCLF)

Ranked for TMT: Data Protection - Germany

Chambers Europe, 2020

Listed as a leading lawyer in the category "Germany - Best Law Firms for Data Protection, IT & Outsourcing - 2020"

Leader's League, 2020

Recommended for Data

Who's Who Legal 2020-2021

Recommended for Information Technology

Who's Who Legal 2020 – Data

"Christian Runte is a well-established practitioner with notable experience in outsourcing, e-commerce and special expertise in data protection."

Chambers Europe, 2019

"Christian Runte is a European data protection law expert."

The Legal 500 EMEA, 2016

"Christian Runte is extremely experienced, super well connected and tactically clever.", client

The Legal 500 EMEA, 2022

"finding feasible solutions", client

Chambers Europe, 2022

"He is very direct and precise in his requirements, delivers on time and is really a trusted adviser", client

Chambers Europe, 2022

Listed as Leading Individual

Chambers Europe, 2022

Listed as notable practitioner

Chambers Europe, 2022

"very good", client

JUVE German Commercial Law Firms 2022 (GCLF)

"Recommended" for Information Technology

JUVE German Commercial Law Firms 2022 (GCLF)

"The team also includes the 'extremely experienced, excellently connected and tactically clever' Christian Runte and 'wonderful, intellectual sparring partner' Michael Kamps."

The Legal 500 EMEA, 2022

Memberships & Roles

  • Chairman of the World Law Group’s Privacy & Data Protection Group
  • German Association for Data Protection and Data Security (GDD)
  • German Association of Law and Informatics (DGRI)
  • International Technology Law Association (ITechLaw)
  • German Bar Association
more less

Publications

  • Datensicherheit nach Hackerangriff, PLATOW Recht, Nr. 9, 23. Januar 2019, S. 6
  • Perspektiven für Juristen 2011, "Medien- und IT-Recht", e-fellows.net GmbH & Co. KG, München 2010
  • Handbuch für den Fachanwalt Informationstechnologierecht (Mitautor), Datenschutzrecht, Wolters Kluwer 2008
  • et. al., Special Report: Anonymous Sarbanes Oxley Hotlines in the European Union: Practical Guidance On Compliance For Global Companies, World Securities Law Report, Volume 11, Number 9, pp. 24-30 2008
  • The Practitioners' Guide to the Sarbanes-Oxley Act, Volume II, Anonymous Sarbanes-Oxley Hotlines for Multi-National Companies: Compliance with E.U. Data Protection Laws (Chapter 9), American Bar Association 2008
  • Düsseldorfer Kreis: Whistleblowing Hotlines und Datenschutz, MMR, Heft 6, XXV 2007
  • The Practitioners' Guide to the Sarbanes-Oxley Act, Volume II, American Bar Association, Chicago, Anonymous Sarbanes-Oxley Hotlines for Multi-National Companies: Compliance with E.U. Data Protection Laws (Chapter 9), S.1-29 2006, p. 0
  • EU Richtlinie zur TK-Vorratsdatenspeicherung in Kraft getreten, Informationsdienst IT-Grundschutz, Bundesanzeiger Verlag, Bonn 2006
  • Neue Entwicklungen bei der Vorratsdatenspeicherung von Telekommunikationsdaten, CMS Update Technology 2006, p. 6 f
  • Anonymous Sarbanes Oxley Hotlines in the E.U.: Practical Compliance Guidance for Global Companies, BNA International's World Data Protection Report (www.bnai.com) 2005
  • Anonymous Hotlines for Whistleblowers - The U.S. Sarbanes Oxley Act and European Compliance Issues, Computer Law Review International (CRi) 2005, p. 135 ff
  • Anonymous Sarbanes Oxley Hotlines in the E.U., World Tax and Law Report, Issue 20, BNA International 2005
  • et. al., ANONYMOUS SARBANES OXLEY HOTLINES IN THE E.U.: PRACTICAL COMPLIANCE GUIDANCE FOR GLOBAL COMPANIES, THE SECURITIES REPORTER, Newsletter of the American Bar Association's Section of Business Law Committee on Federal Regulation of Securities, Volume 10 Issue 3 2005, p. 61 ff
  • "EU: Alternative Standardvertragsklauseln für die Übermittlung personenbezogener Daten in Drittländer", MMR (Multimedia und Recht) 2005, p. 17 ff
  • Software und GPSG, Computer und Recht 2004, p. 725 ff
  • Remote Control und Datenschutz, IT-Administrator 2004, p. 52 f
  • Data Mining und Datenschutz, IS-Report, Ausgabe 9 2004, p. 31
  • Vergütung für Softwarepflege bei laufender "Gewährleistung", ITRB (Der IT-Rechtsberater), Heft 11 2003, p. 253 ff
  • Schadensersatz bei Abschaltung eines Webservers (Anmerkung zu AG Charlottenburg, U. v. 11.01.2002 - 208 C 192/01), Computer und Recht, Verlag Otto Schmid, Köln 2002, p. 297 ff
  • Produktaktivierung - Zivilrechtliche Aspekte der "Aktivierung" von Software, Computer und Recht, Verlag Otto Schmid, Köln 2001, p. 657 f
more less

Lectures list

  • Final Countdown to GDPR – The role of data protection officers, Webinar, 20.03.2018
  • Datenschutz, Data Ownership, Lizenz- und Haftungsfragen, Konzerne im Wandel - Fortschritt durch Digitalisierung, München, 21.02.2018
  • Privacy-Tech - Möglichkeiten und Grenzen von Legal Tech bei der Bearbeitung datenschutzrechtlicher Aufgaben, BITKOM Forum Recht, Berlin, 18.05.2017
  • Vertiefungsworkshop zur EU-Datenschutzgrundverordnung / Einbindung des Betriebsrats, 16. CMS-Arbeitsrechtskongress, Frankfurt, 16.05.2017
  • Brexit and implication for Data Protection Law, World Law Group Spring Conference, Warsaw, 12.05.2017
  • Are you ready for the GDPR? - Time to implement your compliance programme, CMS Data Protection Conference, London, 24.02.2017
  • Surveillance society: Big Data, CMS TMC Conference 2016, London, 25.11.2016
  • EU-Datenschutzgrundverordnung 2018, BVDW-Datenschutz-Roadshow, München, 22.11.2016
  • EU-US Privacy Shield und neue europäische Datenschutzregeln – Was erwartet die Digitale Wirtschaft?, BVDW, München, 22.03.2016
  • Safe Harbor: Die Auswirkungen des Urteils des Europäischen Gerichtshofes auf Arbeitsverhältnisse – auch in nicht konzerngebundenen Unternehmen, 6. BPM Arbeitsrechtstag 2016, Frankfurt a.M., 16.03.2016
  • Big Data - Implications for Privacy and Data Protection Compliance in the UK and Germany", Consumer Products Conference, London, 04.06.2015
  • Datenschutzrechtliche Vorgaben beim Datentransfer ins Ausland, Compliance Roadshow 2014, München, 22.07.2014
  • IT-Sicherheit – Truth or Dare, Unternehmensjuristentage 2014, Berlin, 27.06.2014
  • Datenaustausch mit Drittstaaten, BITKOM Forum Recht, Berlin, 14.05.2014
  • Datenschutz aktuell, Corporate Governance Compliance Strategies 2014, Berlin, 05.05.2014
  • Data Processing Agreements under German Law – What is so special?, Privacy Laws & Business Privacy Officers Network Roundtable, München, 28.04.2014
  • Global Data Breaches: Strategies, Notifications and Management, AllClear ID Webinar, 28.01.2014
  • NSA Cyber Spying Programs – Impact on Business Clients in Germany and the EU, Privacy Matters & IP/IT Group Meeting, World Law Group Fall Conference 2013, Boston, 04.10.2013
  • Global Hotlines, Data Protection and FCPA Investigations, IAPP Europe Data Protection Intensive 2013, London, 24.04.2013
  • Whistleblowing – Good Corporate Governance - IAPP Data Protection Congress 2012, Brüssel, 14.11.2012
  • Update Datenschutz, Köln, 10.05.2012
  • Update Datenschutz, München, 09.05.2012
  • Internal Investigations und Datenschutz, München, 14.03.2012
  • E-Mobility und Datenschutz, Erlangen, 07.02.2012
  • Bring Your Own Device, Frankfurt/Main, 06.10.2011
  • Cloud Computing - Data Protection & Security, München, 04.10.2011
  • Datenschutz und Compliance, Stuttgart, 25.03.2011
  • Navigating the Privacy Sea, Convergence here and now! - Conference of the International Federation of Computer Law Associations (IFCLA), Helsinki, Finland, 10.06.2010
  • Data Breach Laws - EU Framework and Implementation, European Card Acquiring Forum 2010, Berlin, 25.02.2010
  • New Data Breach Laws - Developments, Requirements, Consequences in the EU and Germany, Privacy Matters Practice Group Meeting, World Law Group Spring Conference 2008, Athens, Greece, 09.05.2008
  • EU Whistleblower Hotlines - Current Trends and Best Practices, Ethicspoint Web Seminar, 01.08.2007
  • SOX Whistleblower Hotline Programs in the EU - Evolving best practices in France, Germany and elsewhere, Ethics & Compliance Officer Association, 21.06.2007
  • IT / data protection compliance, 360° Compliance, Frankfurt, 26.04.2007
  • Data protection requirements for global data management and data transfer", BITKOM working party Service Management and Standards, Langen, 15.02.2007
  • Convergence and data protection, Telecommunications and new media working party, Munich, 29.11.2006
  • Warranties and Liability UK/Germany, IT Forum Training Event, Munich, 15.02.2005
  • The Internet - a 'legal trap'?, E-Business Expo, Düsseldorf, 16.08.2000
more less

Education

  • Law studies at the University of Munich
more less

Feed

15/05/2024
Six years of GDPR: Europe-wide analysis shows increasingly dynamic sanction...
Highest GDPR fine of 1.2 billion euros imposed by the Irish data protection authority in May 2023 for a breach of the rules on international data transfers. Further fines imposed by this authority in 2023 amounted to hundreds of millions of euros. The main violations are “Insufficient legal basis for data processing” and “Failure to comply with the general principles of data processing”. The next most common violation is “Insufficient technical and organizational measures to ensure information security”. Spain tops the list of countries with the most fines for the fifth year in a row, followed by Italy and Romania. Ireland, Luxembourg and France have the highest average fines and total amounts per country. Berlin – Today, international law firm CMS has published the fifth edition of its annual Enforcement Tracker Report. The English-language report shows the developments of all publicly known GDPR fines based on CMS's own online database, GDPR Enforcement Tracker. The current edition of the report covers the analysis period between March 2023 and March 2024. 510 fines were added for the past year as of the editorial deadline on 1 March 2024. This brings the total number of data protection fines since the GDPR came into effect in May 2018 to 2,225, or 2,086 if only fines with full details such as the amount of the fine, date and authority are counted. The total amount of fines since the start of the survey is around 4.5 billion euros. This means that fines of around 1.7 billion euros have been added compared to last year’s Enforcement Tracker Report. This shows that authorities are no longer shying away from imposing high fines. The average fine for the entire reporting period was around 2.1 million euros - with high fines against “big tech” companies in 2021/22 and the first fine in the billions in 2023 having a particularly heavy impact.“At the top of the list of GDPR fine triggers is, once again, insufficient legal basis and non-compliance with the general data processing principles as well as insufficient technical and organisational measures. Companies should pay particular attention to this,” says Christian Runte, lawyer and partner at the international commercial law firm CMS Germany. Dr Alexander Schmid from the Enforcement Tracker team at CMS Germany adds: “In addition to data protection authorities, the courts have also increasingly dealt with the interpretation of the GDPR. For example, the Court of Justice of the European Union has further clarified the scope of data subjects' right of access. “These rulings create more clarity, but at the same time tighten the requirements for companies, which is why, in addition to a viable compliance concept, current developments will also be decisive for them in practice in the future.”Read the full Enforcement Tracker Report here; a summary can be found here. Pressekon­takt presse@cms-hs. com
20/11/2023
Data protection and cybersecurity laws in Germany
Data protection 1. Local data protection laws and scope Data processing operations are governed by the Federal Data Protection Act (Bundes­datens­chutzge­setz – BDSG) of 30 June 2017, as last amended...
Comparable
01/06/2023
Datenschutz – Compliance- und Ver­trauens­voraus­set­zung für das Metaverse
The metaverse continues to evolve and gain ground. In this context, the question naturally arises as to how personal data can be protected. What happens, for example, if data about the spatial environment or other people is collected through virtual reality headsets? And how can the multilateral relationships of individual players in the metaverse be handled in terms of data protection law? Which data protection legislation applies in a virtual world that transcends national boundaries? CMS partner Christian Runte and Senior Associate Dr Alexander Schmid look at these and many other interesting data protection issues relating to the metaverse in our new podcast.
22/05/2023
Europe-wide analysis on the fifth anniversary of the GDPR reveals data...
European data protection authorities imposed fines totalling over 2.7 billion euros in more than 1,500 publicly known cases for violations of the General Data Protection Regulation, which has been in...
16/08/2021
Data protection and security
Expert legal advisers
04/05/2021
CMS advises Computacenter on acquisition of Interseroh logistics subsidiary...
Munich – IT service provider Computacenter has acquired ITL logistics GmbH from environmental services provider Interseroh in Germany. The company will use the acquisition to expand its IT logistics...
24/12/2020
CMS Technology, Media & Communications Global Brochure
The challenges arising from data are countless and inescapable in our maturing technological landscape. To future-proof your organisation, and unlock opportunity from your data, you need alert and experienced...
24/11/2020
CMS advises VR Equitypartner and MEH Beteiligungs GmbH on sale of N3K Network...
Leipzig – VR Equitypartner and MEH Beteiligungs GmbH have sold their shares in IT service provider N3K Network Systems to private equity firm Invision. Equity capital financier VR Equitypartner and...
15/05/2020
Data Law Navigator - your guide to local data and cyber security laws across...
100% security does not exist. Now more than ever organisations of all shapes and sizes should pay attention to their data privacy and cyber security. Unprecedented numbers are now working from home, thus...
17/04/2020
Is a privacy-friendly use of mobile applications to combat COVID-19 our...
A Pan-European Approach to the Use of Mobile Apps and Mobile Data With its Recommendation of 8 April 2020 on steps and measures to develop a common approach to the use of mobile applications and mobile...
30/10/2019
Sharing is (S)caring
Scroll down to register with the blue button. Now marking its 5th year, CMS's International Technology, Media and Communications conference gathers delegates representing the spectrum of technology, media...
14/01/2019
The tension between GDPR and the rise of blockchain technologies
We live in an era of rapid technological development. Though this provides humanity with amazing opportunities to enhance our standard of living, it also forces lawmakers to work around the clock to analyse...