MünchenBerlinMon–Fri 08:30–18:30 CET
DE / EN
German business law
for the Mittelstand
HomePracticesIP, IT & Data Protection
Practice 05

Your brand, your software, your data — defensible under German law.

Germany polices its market closely: trademark conflicts, competitor warning letters and data-protection enforcement reach foreign companies as soon as they sell here. We protect international businesses on all three fronts — registering and defending IP, drafting technology contracts that hold, and making GDPR exposure manageable.

§ I — Context

Enforcement here starts with a letter, not a lawsuit

The first contact many foreign companies have with German market regulation is the Abmahnung — a formal warning letter from a competitor or rights holder, typically demanding a cease-and-desist declaration with a contractual penalty within a period measured in days. Under the UWG (Unfair Competition Act) and the MarkenG (Trademark Act), this private enforcement is fast, inexpensive for the sender and binding for decades if the declaration is signed carelessly. Signing the first draft is almost always a mistake; ignoring the letter invites an interim injunction.

Data protection adds a regulatory front. The GDPR applies to foreign companies that offer goods or services to people in Germany, even without a local entity. Processing needs a legal basis under Art. 6 GDPR — Art. 9 for sensitive data — and enforcement is real on two tracks: fines under Art. 83, imposed by the supervisory authorities of the German Länder and calculated by reference to worldwide group turnover, and civil damages claims by individuals under Art. 82, which German courts increasingly entertain. An EU trademark through the EUIPO, by contrast, is one of the least expensive protections an inbound business can obtain — before a German competitor registers something confusingly similar.

We respond to and send warning letters, litigate trademark and competition cases, register and manage marks with the DPMA and EUIPO, draft software, SaaS and licensing agreements under German law, and build GDPR documentation that stands up to authority scrutiny. The pattern we recommend to every market entrant: clear the trademark, fix the contracts and the privacy basics before launch — German enforcement rarely waits for a company to settle in.

§ II — Services & scenarios

What we handle — and in which situations.

Services

  • Warning-letter defence — response strategy to Abmahnungen under the UWG and MarkenG: modified declarations, protective filings, negotiation.
  • Trademark portfolio — clearance, registration and management of German marks at the DPMA and EU marks at the EUIPO; opposition and cancellation proceedings.
  • IP litigation — trademark and unfair-competition proceedings, including interim-injunction practice before the German courts.
  • Technology contracts — software licensing, SaaS, development and IT-project agreements under German law, with workable AGB (standard terms) under secs. 305 et seq. BGB.
  • GDPR compliance — legal bases under Art. 6 and Art. 9 GDPR, records of processing, data-processing agreements, international transfer mechanics.
  • GDPR defence — representation toward German supervisory authorities in complaints and fine proceedings under Art. 83 GDPR, and defence against damages claims under Art. 82.
  • Data-breach response — notification assessment, authority communication and claim prevention after security incidents.

Typical scenarios

  • A foreign e-commerce brand receives a German competitor's Abmahnung over advertising claims, with a five-day deadline and a pre-drafted cease-and-desist declaration.
  • A US SaaS provider signs its first German enterprise customers and needs German-law contract terms, a data-processing agreement and a transfer assessment.
  • An Asian manufacturer discovers a German distributor has registered the manufacturer's own brand as a German trademark.
  • A German supervisory authority opens a GDPR inquiry into a foreign company's website tracking after a complaint by a German user.
  • An international group rolls out a new product name across the EU and needs clearance plus an EUIPO filing strategy.
  • After a security incident, a foreign company must decide within hours whether German users and authorities have to be notified.
§ III — Statutes & forums

The legal framework.

MarkenG
The German Trademark Act: registration, scope of protection and enforcement of German marks, and the basis for infringement and cancellation proceedings.
UWG
The Unfair Competition Act: governs advertising, imitation and market conduct. Competitors enforce it directly — most visibly through the Abmahnung, the formal warning letter with cease-and-desist demand.
DSGVO (GDPR) Art. 6 / 9
The legal-basis rules of the GDPR: every processing operation needs a basis under Art. 6; sensitive categories — health, biometrics and similar — require the stricter conditions of Art. 9.
DSGVO (GDPR) Art. 82 / 83
The enforcement provisions: Art. 82 gives individuals civil damages claims for GDPR violations; Art. 83 empowers the supervisory authorities of the German Länder to impose turnover-based fines.
BDSG
The Federal Data Protection Act — Germany's national supplement to the GDPR, relevant for employee data and the powers of the German supervisory authorities.
BGB §§ 305 ff.
The Civil Code's standard-terms (AGB) regime: it polices pre-formulated contract clauses strictly, including in B2B relationships — the reason many translated foreign contract templates do not hold under German law.
DPMA / EUIPO
The German Patent and Trade Mark Office and the EU Intellectual Property Office: the registries for German marks and EU trademarks — the standard combination for protecting an inbound brand.
§ IV — How we start

How an engagement begins.

01

First contact

Send the warning letter, the contract or the question. We reply within one business day — within hours where a deadline is running — and offer a free 30-minute orientation call.

02

Legal assessment

We assess the position in writing — infringement risk, GDPR exposure, contract gaps — at a fixed fee from EUR 1,500 plus VAT.

03

Mandate

Depending on the matter: hourly rates, fixed fees for defined packages such as filings or contract sets, or a fee agreement under sec. 3a RVG.

04

Ongoing support

Brands and data practices need maintenance. We monitor portfolios, update documentation and stay available as your German IP/IT counsel.

From practice
A cease-and-desist declaration signed in a hurry binds the company for decades. The letter deserves a lawyer, not a signature.
Stephan Köhler · Partner
§ VI — Fees

Clear before the engagement begins.

Much of this practice fits fixed fees: filings, contract sets, GDPR documentation. Contentious work is scoped per phase, with the model agreed in advance.

  • Orientation call — 30 minutes, free of charge: deadline triage and a first view of the position.
  • Legal assessment — a written analysis (warning-letter response strategy, GDPR gap review, clearance result) at a fixed fee from EUR 1,500 plus VAT.
  • Mandate — hourly rates, fixed fees for defined packages, or a fee agreement under sec. 3a RVG.
  • Court proceedings — in trademark, competition and GDPR litigation, the statutory fees under the RVG form the floor; we do not undercut them.
§ VII — FAQ

What clients ask first.

We received an Abmahnung. Do we have to sign the attached declaration?

Not as drafted — and usually you should not. The pre-formulated declaration typically goes further than the law requires: broader conduct, higher contractual penalties, longer reach. Once signed, it binds the company contractually for decades, independent of whether the original claim was justified. Ignoring the letter is equally wrong, because the sender can obtain an interim injunction quickly. The standard response is a legally reviewed, modified declaration that removes the excess while eliminating the litigation risk — prepared within the deadline. Send us the letter before responding to anything.

Does the GDPR apply to us if we have no German entity?

Very possibly. The GDPR applies to companies outside the EU that offer goods or services to people in the EU or monitor their behaviour — a German-language shop, EUR pricing or Germany-targeted advertising are classic indicators. If it applies, you need legal bases under Art. 6 GDPR, transparent privacy information, contracts with processors and, in many constellations, an EU representative. Enforcement reaches foreign companies through fines under Art. 83 and damages claims under Art. 82 brought before German courts. We assess applicability first, then build the minimum compliant setup.

Should we register a German trademark or an EU trademark?

For most inbound businesses the EU trademark via the EUIPO is the default: one registration covering all member states, including Germany, at moderate cost. A national German mark via the DPMA makes sense as an addition where Germany is the key market and you want a fallback if the EU mark is attacked centrally, or where an earlier right exists in another member state. The genuinely important step happens before filing: clearance. Launching under a name that infringes an earlier German mark invites an injunction at the worst possible moment. We run the search before the strategy.

Our standard contracts work everywhere else. Why not in Germany?

Because of the AGB regime in secs. 305 et seq. BGB: German courts review pre-formulated terms for fairness even between businesses, and clauses that are standard elsewhere — broad liability exclusions, certain warranty cut-backs, automatic renewals — can be simply void here. The consequence is not a negotiated compromise but the statutory default rule, which is often worse for you than a clause drafted to the German limits. Translating your global template is therefore not a legal strategy. We adapt the commercial substance of your terms into a German-law version that actually holds.

What happens if a German data-protection authority contacts us?

Take the letter seriously and answer within the period — silence escalates, and the authorities of the German Länder coordinate with each other. The inquiry is usually triggered by a user complaint or a visible issue such as website tracking. Your response shapes everything that follows: it is a factual submission in a potential fine proceeding under Art. 83 GDPR, so accuracy and legal framing matter more than speed-induced completeness. We take over the authority communication, align the technical facts with the legal position and work toward closing the matter without a fine proceeding where the facts allow it.
§ VIII — Insights

Articles on this practice area.

Articles on German trademark practice, technology contracts and GDPR enforcement appear in our knowledge base.

Browse the knowledge base →

Entering the German market? Clear the rights before launch.

Trademark, contracts, privacy setup — fixed before launch, they cost a fraction of what they cost after. We reply within one business day.

Book an orientation call →

BRANDT & FALK Rechtsanwälte is a German business-law firm with offices in Munich and Berlin. The content of this website is general information about our fields of work and does not constitute legal advice. An attorney–client relationship is established only by a separate engagement agreement. Unless stated otherwise, all fees are quoted plus statutory VAT. Our lawyers are admitted to the bar in Germany; advice on foreign law is provided by independent local partner firms.