Dr. Patrick Grosmann
M.A.
Lawyer / Associate
  • Certified Data Protection Officer (TÜV®)
  • Certified Data Protection Auditor (DGI®)
Eschersheimer Landstraße 25-27
60322 Frankfurt am Main

Dr Patrick Grosmann specialises in data protection law. He advises and supports his clients in the fulfilment of data protection requirements and protection against cyber-attacks as well as in litigation.

Dr Grosmann is a certified external data protection officer and, in addition to his work at FPS, also works as a lecturer for data protection officers.

  • Expertise
    • Artificial intelligence

      Artificial intelligence (AI) has become increasingly important in recent years and is influencing more and more areas of life and the economy. This also gives rise to new legal issues that have to be dealt with by lawyers, courts and legislators, including the protection of AI-generated works, the issue of copyright attribution and any liability issues involving AI-generated content. Adequate legislation is needed to protect intellectual property related to AI, while fostering innovation and creativity. The legal team at FPS provides comprehensive advisory services to help companies deal with the challenges and opportunities presented by AI in the field of intellectual property.

    • IT contract law / outsourcing

      FPS advises in all areas of IT contract law. Whether clients need support in drafting and negotiating IT project contracts, designing and running outsourcing projects or making use of cloud services – we are on hand to help with our experts. In addition to many years of experience in advising a wide range of industries and companies of all sizes, our team has a real technical affinity and a special degree of creativity. This gives us a good technical understanding of our clients’ concerns and business models and enables us to find the best solution for them. Our services include drafting and negotiating IT project contracts (agile, classic, managed services, new business models), outsourcing contracts, service descriptions, service level agreements and pricing plans, and helping clients to prepare for due diligence processes, vendor conferences and on-site visits. We also oversee project and system integration measures as well as hardware and software maintenance and draft licensing, escrow and distribution agreements.

    • IT tenders

      When it comes to IT tenders, we help contracting authorities to choose the right procedure (known in Germany as VOL/A and VOB/A) and implement it. For example, we sit down with our client to work out the desired performance target, taking into account the usual legal and regulatory frameworks, translate the technical requirements into legal language and help to draft the contract documents (in line with EVB-IT, for example, the supplementary contractual conditions for the procurement of IT services). We are familiar with both sides of the coin, not least because in addition to advising public contracting authorities, we also have many years of expertise in advising national and international bidders in the context of public IT tenders.

    • IT litigation / mediation

      In many cases, carefully drawn-up project contracts protect the parties from disputes. Due to the content and complexity of IT projects, however, disputes cannot be completely ruled out. We help our clients to get troubled projects back on track by finding sensible solutions. If necessary, we also support them when asserting their rights (judicially) or defending against claims.

    • Data (protection) law

      Digitalisation unlocks new opportunities for companies and creates space for future-oriented and scalable business models. Data has become the most valuable currency in the digital world. Data protection law – or now data law – is a separate advisory field at FPS rather than a mere annex to other areas of law. FPS helps companies to devise future-proof and legally compliant data usage concepts so that they can achieve their goals when using new technologies: innovation and data protection – when understood correctly – needn’t contradict one another. The GDPR with its drastic fines has significantly increased the risks for companies. FPS establishes what a company is permitted to do with the data and ensures compliance with data protection requirements in a pragmatic way by setting up a data protection management system, which, among other things, includes records of processing activities, data protection policies, data protection information, deletion and authorisation concepts, data protection impact assessments, processes for dealing with information and deletion requests from data subjects and much more besides. And if penalty proceedings are initiated, we defend our clients’ rights against the supervisory authorities. We also provide external data protection officers for our clients – for data protection from one single source.

    • IT security / cybersecurity

      While IT security has long been considered a ‘technical’ matter handled solely by a company’s IT department, its legal relevance can no longer be disputed. Alongside buzzwords such as ‘trade secret’, ‘data protection’ or ‘record fine’, the implications of any liability for executives must be taken into account, for example. In order to fully protect a company and its management, a legal assessment of the risks should always be carried out in addition to examining the matter from a technical perspective. FPS devises cybersecurity strategies to protect government agencies as well as business owners and businesses. In the event of an attack, our experts coordinate the immediate action that needs to be taken, getting in touch with their IT security forensic experts, crisis communication agencies, investigative authorities and insurance companies. And we help our clients to defend themselves against claims for damages and administrative fines.

    • Artificial intelligence

      Artificial intelligence (AI) is influencing more and more areas of life and the economy. AI has been a ‘hot topic’ since the advent of ChatGPT. The potential is huge – so the time has come to get to grips with the legal parameters of AI. This includes, for example, protecting AI-generated works and avoiding copyright infringements by texts, images and software created by AI, not to mention any liability issues, data protection implications and the need to find a sensible approach to handling training and production data. FPS ensures that AI applications are legally compliant. We draft contracts, protect intellectual property and help to uphold ethical standards. In the event of any conflicts, we are our clients’ first line of defence. We also hold training courses on the subject of AI for our clients and their employees, together with leading AI consultants on request.

    • Metaverse

      The metaverse covers 3D virtual environments where people and businesses interact and move around the virtual world with avatars. It unlocks new business opportunities, but lacks a consistent legal framework. FPS helps its clients to overcome these legal challenges. We find legally robust solutions, offer advice on risk prevention and successfully support metaverse projects.

    • IT tenders

      The awarding of IT contracts is becoming ever more relevant as a result of digitalisation. Procuring IT services is a challenge for even experienced contracting authorities and tenderers. The requirements of public procurement law must be reconciled with the technical conditions in order to be able to fully exploit the room for manoeuvre. FPS advises the contracting authority on choosing the right type of procedure and procurement structure, prepares and analyses the awarding and contractual documents and manages the procurement procedure right through to the awarding of the contract. Furthermore, FPS goes through the complex documents with the tenderers so that they can successfully participate in the procurement procedure.

    Language skills

    German English
  • Education
    since 2023Lawyer at FPS
    2023Doctorate (Dr. iur.)
    2023Admission to practise law in Germany
    2023Second state law exam
    2020First state law exam
    2018Master of Arts in Political science
  • Publications
    Dr. Patrick Grosmann
    Die Interessenkonflikte der betrieblichen und behördlichen Datenschutzbeauftragten
    Verlag: Springer Berlin Heidelberg,
    Dr. Patrick Grosmann Dr. Hauke Hansen
    Neues zur Haftung von Auftragsverarbeitern und Verantwortlichen
    Kommunikation & Recht, 27. Jahrgang, , S. 102 - 104
    Dr. Patrick Grosmann
    Immaterieller Schaden durch Hackerangriff
    IT-Rechtsberater (ITRB), Heft 02, , S. 32
    Dr. Patrick Grosmann Dr. Hauke Hansen
    Geldbuße gegen juristische Person wegen Datenschutzverstoß
    Kommunikation & Recht, 27. Jahrgang, , S. 30 - 36
    Dr. Hauke Hansen Dr. Patrick Grosmann
    Bußgeldbescheid unwirksam – keine DSGVO-Geldbußen gegen juristische Personen
    Kommunikation & Recht, , S. 381
  • Events