Baker McKenzie Baker McKenzie
How Can We Help?
Photo, Silvia Grohmann

Silvia Grohmann

Associate
Baker McKenzie Rechtsanwälte LLP & Co KG

Biography

Silvia Grohmann, CIPP/E, focuses on strategic advisory in the areas cybersecurity, data protection, and AI.

Since joining the firm in 2020, her practice initially concentrated on technology litigations, particularly regulatory and civil disputes in the areas of platform regulation, digital business models, and data protection. Building on this expertise, Silvia pivoted her focus on strategic advisory, emphasizing prevention, preparedness, and regulatory resilience.

During her time at the firm, Silvia also completed a part-time secondment with the DACH team of a leading technology company and digital platform provider. She played an essential role during a period of restructuring within the in-house legal team, gaining deep insight into internal processes and the practical needs of corporate legal departments.

Prior to joining the firm in 2020, Silvia gained diverse experience at the Austrian Chamber of Commerce in Shanghai, the Austrian Federal Ministry for Economics, a startup in the digital sector, and a boutique law firm, specializing in commercial law. Her academic journey also includes experiences at the University for Peace (UN-mandated) in collaboration with the University of Trento, University of Verona, and the United Nations Interregional Crime and Justice Research Institute, the East China Normal University, and the London School of Economics.

Silvia is well known for regularly publishing articles and giving lectures on current legal issues related to emerging technologies, cybersecurity, data protection, and AI. She also teaches IT law in the cybersecurity program at the University of Applied Sciences of St. Pölten, Austria.

Practice Focus

Silvia's practice focuses on strategic advisory in the areas cybersecurity, data protection, AI, and digital business models.

The landscape of EU legislation in the technology law sector is one of her areas of experience. Silvia also has a strong understanding of the cyber and data protection regulatory landscape globally because of her extensive experience in advising multinational clients, helping them undertake global projects, involving a broad range of jurisdictions.

Representative Legal Matters

  • Managing a global cyber incident for a global SaaS cloud provider, including the coordination of data breach notifications to customers and to authorities in 41 jurisdictions in EMEA, the Americas, and APAC.
  • Designing EU-wide NIS2 strategies for clients across various sectors, minimizing regulatory/authority exposure and managing NIS2 assessments under national transpositions and authority registrations across the EU.
  • Advising one of the globally leading turbine manufacturers on cyber regulations in 35 countries in EMEA, the Americas, and APAC, including strategic advice on the Cyber Resilience Act.
  • Designing a global privacy strategy for one of the globally leading quick service restaurant companies, including the design of intra-group data transfer agreements, covering jurisdictions in EMEA, the Americas, and APAC.
  • Advising a global franchisor with the implementation of a centrally managed HR system, covering data protection regulations in EMEA, the Americas, and APAC.
  • Strategic advice for a GenAI provider regarding privacy and commercial guardrails for offering its product and services in the EU/EEA.
  • Representing Google before the CJEU in a landmark case that established for the first time that the E-Commerce Directive’s country-of-origin principle grants the EU Member State where a provider is established the exclusive authority to regulate such providers (C 376/22).
  • Representing a US multinational technology client in cross-border data protection litigations concerning core features of the client's online service offerings.
  • Designing strategy for technical implementation of processes in accordance with the Austrian transposition of the EU Copyright Directive and the Digital Services Act.
  • Advising the shareholders of APEIRON Biologics AG on the sale of their shares to an American investor.

Professional Associations and Memberships

  • International Association of Privacy Professionals (iapp), Co-Chair for Austrian Chapter
  • Certified Information Privacy Professional/Europe (CIPP/E)
  • Women4Cyber Austria
  • Austrian Bar Association
  • Association of Austrian Lawyers

Education

  • United Nations Interregional Crime and Justice Research Institute (UNICRI) and the University for Peace (UN-mandated) in cooperation with the Centre of Security and Crime Sciences of the University of Trento and University of Verona (CSCS) (Master of Laws (LL.M) in Cybercrime, Cybersecurity and International Law) (2025)
  • University of Vienna (Mag. iur.; equivalent to an LL.M) (2019)

Languages

  • English
  • German
  • Italian

Publications

  • Co-author, How to navigate notification obligations under the NIS2, CRA and GDPR, August 2025
  • Co-author, For the security of all: What companies are required to do (Resilience of Critical Entities Act), August 2025
  • Co-author, The NIS2 Directive puts international groups in a bind, Blog: IT-Recht entschlüsselt, DerStandard.at, Blog: Connect on Tech, April 2025
  • Co-author, Europe’s enhanced cybersecurity regime: Who does NIS2 apply to and what are the key obligations?, Blog: Connect on Tech, February 2025
  • Co-author, Cybersecurity: EU wants to protect software and smart devices, DiePresse - print and online, December 2024
  • Co-author, Cybersecurity redefined: The EU tightens the reins, Blog: IT-Recht entschlüsselt, DerStandard.at, November 2024
Baker McKenzie Rechtsanwälte LLP & Co KG is a member of Baker & McKenzie International, a Swiss Verein.