Governance, prevention and liability management – legal advice for managers and businesses




Good governance is the best way to prevent liability. We know the daily business in a company and have many years of experience in advising on and development of compliant corporate structures, processes and procedures. We will support you when implementing legal, regulatory, and internal rules and regulations. A main focus of our services is on the insurance sector.

Our practice-oriented training and our personalised coaching make governance and compliance transparent – because only processes actually implemented ensure protection.


  • Analysis and optimisation of organisational / governance and compliances structures of corporations and groups
  • Advice on legal requirements with regard to corporate structures and processes (e.g. risk identification, reporting)
  • Advise on regulatory requirements in the insurance sector (e.g. Solvency 2)
  • Advise on legal requirements regarding data privacy (e.g. GDPR), digitalisation and IT security
  • Analysis, optimisation and drafting of business directives and guidelines
  • Analysis, optimisation and drafting of legal documents
  • Training for board members, directors, management and employees
  • Management coaching




Compliant implementation of individual measures and projects is essential for preventing liability claims. We advise you on compliant contract design and measures. Within projects and in case of strategic decisions, we are your sparring partner and we will take care of legal quality assurance. We will support you in all legal matters concerning protection against personal liability and risks for your business.

We advise insurance companies on all matters of insurance supervisory law and on product development (in particular financial lines products / D&O insurance).


  • Cross sector support in strategic decisions, from individual measures to projects and transactions (including legal quality assurance and legal monitoring)
  • Drafting of contracts and contract monitoring
  • Legal support in connection with data privacy- and IT-projects
  • Advise on regulatory matters and insurance supervisory law in daily matters, during projects and transactions (depending on requirements in cooperation external specialists, e.g. actuaries)
  • Support of insurance companies in communication with the relevant regulatory bodies
  • Advise on development of insurance products
  • Advise for public sector entities on insurance matters within public procurement procedures


Liability Management


The allegation of being non-compliant alone may trigger a personal crisis or a crisis for your company. Analysis, establishment of facts, and development of a strategy are all crucial elements of every crisis management. We have years of consulting experience in the area of business and director's liability including D&O insurance. We are also familiar with the necessary measures.

We will support you in the event of a crisis or liability claims being made. If necessary we will defend you in court. We also represent insurance companies at the relevant regulatory bodies.


  • Legal analysis and establishment of facts with regard to critical matters, liability claims and governance or compliance deficits
  • Support in legal establishment of facts and coordination of forensic matters
  • Development of (defence) strategies in times of crisis
  • Support of businesses and / or managers in times of crisis
  • Representation in and out of court in management liability procedures (defense counsel)
  • Monitoring counsel in D&O- and other financial lines cases
  • Out-of-court and in-court advise and representation of insurance companies with relevant regulatory bodies
  • Representation to data protection authorities



Independent advise – sustainable, transparent, and realisable .

We combine corporate experience and experience as legal advisors. Due to joint projects with accountants, tax advisors and consultants, we are familiar with workflows and operational processes, with economic interdependencies and background.

We understand business organisations and speak your language. Our expertise and our experience allow us to provide you with pragmatic and workable solutions.

We are independent. We want to win you over with our suggestions, ideas, and recommendations through expertise and quality of our work. As legal advisors to businesses and managers with years of experience we pay particular attention to sound and sustainable solutions.

We are aware of our responsibility for you and your business, and consider ourselves your sparring partner.


Dr. Kristina Leffler

Solicitor np (England & Wales)

Dr. Kristina Leffler possesses longterm experience in the insurance sector and worked, amongst others, for an international insurance company for several years. She combines legal expertise with economic understanding.

Dr. Kristina Leffler in particular advises insurance companies and managers in matters of governance, insurance and insurance supervisory law as well as on liability matters and D&O insurance.


Christian Schlitt


Christian Schlitt advises national and international groups and businesses as well as managers for many years on corporate law, governance, and compliance matters.

One key area of his work is the optimisation of corporate structures in order to to reduce compliance risks.


Dr. Matthias Platzer


Dr. Matthias Platzer advises on digitisation and information technology law. He worked, amongst others, in the compliance and data privacy department of a regulated company for several years. His practice is focused on data privacy, IT security laws, compliance, IT projects, and data-driven business models.

Dr. Matthias Platzer advises business organisations i. a. on the implementation of data privacy regulations with a risk-based approach.



Feel free to contact us:

+49 89 8563166-0


leffler schlitt
Partnerschaft mbB

Uhlandstraße 2
80336 München

Find us on Google Maps

Dr. Kristina

Email / VCF-Card


Email / VCF-Card

Dr. Matthias

Email / VCF-Card




back to


Provider information

leffler schlitt Rechtsanwälte
Partnerschaft mbB
Uhlandstraße 2, 80336 Munich, Germany
Fon +49 89 8563166-0
Fax +49 89 8563166-90

leffler schlitt Rechtsanwälte Partnerschaft mit beschränkter Berufshaftung is a partnership with limited liablity in accordance with the German Partnership Act (Partnerschaftsgesellschaftsgesetz), entered in the partnership register of the Amtsgericht München (local court), PR 1556

The following persons are partners and authorised to represent the Partnership:
Dr. Kristina Leffler
Christian Schlitt
Dr. Matthias Platzer

USt-IdNr. DE305669218

Concept and Design

Marc Oeder Photography

Bar admission
All lawyers (Rechtsanwälte) of the partnership are licensed to practise in the Federal Republic of Germany. They are members of the Munich Bar Association, Tal 33, 80331 Munich, Germany (

Dr. Kristina Leffler is also admitted as solicitor in England and Wales by the Solicitors Regulation Authority, but currently non practising (np). The Solicitors Regulation Authority, The Cube, 199 Wharfside Street, Birmingham, B1 1RN, United Kingdom is the competent regulatory authority.

Professional liability insurance
Professional liability insurance pursuant to Articles 51, 51a of the German Federal Lawyers Act (Bundesrechtsanwaltsordnung, BRAO) covering all of Europe has been taken out with ERGO Versicherung AG, Victoriaplatz 1, 40198 Düsseldorf, Germany.

Currently applicable professional regulations
German Federal Lawyers Act (Bundesrechtsanwaltsordnung, BRAO), German Federal Code of Conduct for Lawyers (Berufsordnung für Rechtsanwälte, BORA), German Specialist Lawyers Regulations (Fachanwaltsordnung, FAO), German Lawyers’ Fee Act (Gesetz über die Vergütung der Rechtsanwältinnen und Rechtsanwälte, RVG); all regulations are available on the website of the German Bar Association (section professional regulations).

The professional regulations applicable to solicitors exercising their profession in England and Wales are available on the website of the Solicitor Regulation Authority The Solicitor Regulation Authority published a handbook (SRA Handbook) which contains the relevant regulations applicable to solicitors (it can be viewed here In addition, the Solicitors’ Code of Conduct applies (you can view it here

Exclusion of liability
Despite having thoroughly checked the content of external websites, we cannot be held liable for any such content. It is exclusively the website providers who are responsible for their content.

Privacy Policy

We are delighted by your interest in our website. Please take a moment to read this statement on what personal data are collected by us relating to your visit to our website or when sending us an email, and for what purposes we use these data.

  1. Name and contact information of the party responsible for processing

This data protection statement applies to all data processing done by leffler schlitt Rechtsanwälte Partnerschaft mbB (hereinafter: “leffler schlitt”), Uhlandstr. 2, 80336 Munich, Germany. You can contact us via:


Telephone:       +49 (89) 85 63 16 60

Fax:                 +49 (89) 85 63 16 690

  1. Collection and storage of personal data and the purpose of their use when visiting our website

When accessing our website,, the browser running on the devices you use for accessing automatically transmits information to our website servers. This information is temporarily stored in so-called logfiles. The following information is automatically, i.e. without any action from your side, collected and stored until automatic deletion after a period of seven (7) days: IP address of the accessing computer / date and time of access / name and URL of the accessed file as well as the transmitted data size and notification of successful access / the website visited before accessing ours (referrer URL) / browser and operating system running on your computer as well as the name of your access provider.

In accordance with Article 6 (1)(f) GDPR, your data are temporarily stored for the following purposes, which also serve our justified interests in data processing: to ensure the seamless establishment of a connection with our website, to analyse system security and stability, as well as for further administrative purposes.

We never use the collected data to draw conclusions about your person.

  1. Cookies

We use a cookie to allow for automated language settings, which makes our website more user-friendly (justified interested pursuant to Article 6 (1)(f) GDPR). Cookies are text files stored within the Internet browser or by the Internet browser onto the user’s computer system. If a user accesses a website, the cookie can be stored automatically on the user’s operating system. This cookie contains a unique character sequence that allows for the unequivocal identification of the browser when the website is accessed again.

The cookie is stored on the user’s computer and then transmitted from there to our website. This means that you, as a user, have full control over the use of cookies. You can disable or restrict the use of cookies by changing certain settings in your Internet browser. Stored cookies can be deleted at any time. This can also be done automatically.

  1. The use of Google Maps via the provided link

Our website contains a link for using Google Maps. When using the said link, you are transferred to a Google website. Please inform yourself about Google’s usage and data protection regulations for that website before using the link.

  1. Collection and storage of personal data as well as the type and purpose of their use when sending an email (e.g. by using the email link on our website)

Our website does not offer you the option to give us a mandate; however, the email link provided on the website does offer you the opportunity to contact us. In this case, we only store the personal data transferred via the  email for the purpose of communication with you (justified interested pursuant to Article 6 (1)(f) GDPR). These data will be deleted as soon as these are no longer necessary for the purposes for which they are collected.


  1. Transfer of data

We solely transfer the data provided by you to us through using our website or when contacting us via email to third parties, if you have expressly consented thereto pursuant to Article 6 (1)(a) GDPR or if said transfer is necessary to assert, perform, or protect our legal claims pursuant to Article 6 (1)(f) GDPR and there is no reason to believe that you have an overriding interest worthy of protection that prevents the transfer of your data, or if a legal obligation to transfer your data pursuant to Article 6 (1)(c) GDPR exists.


  1. Rights of data subjects

If personal data about you are processed, you are a data subject in the sense of the GDPR. As a data subject, you have the right:

  • in accordance with Article 15 of the GDPR, to request information about your personal data we process. In particular, you can request information about the purposes of the processing, the categories of personal data, the categories of recipient to whom your data has been or will be disclosed, the planned storage period, the right to rectification, deletion , restriction of processing or objection, the existence of the right to complain, the source of your data if not collected by us, and the existence of automated decision-making processes including profiling and, where appropriate, meaningful information about the details of same;
  • in accordance with Article 16 of the GDPR, to demand the immediate correction of your incorrect personal data stored with us or to demand its completion;
  • in accordance with Article 17 of the GDPR, to demand the deletion of your personal data stored with us, unless processing is required for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest, or for the assertion, exercise, or defence of legal claims;
  • in accordance with Article 18 of the GDPR, to demand that the processing of your personal data be restricted if you dispute the accuracy of the data, the processing is unlawful, you reject its deletion or we no longer need the data while you, however, require the data to assert, exercise, or defend legal claims, or you have objected to the processing in accordance with Article 21 of the GDPR;
  • in accordance with Article 20 of the GDPR, to receive the personal data you provided to us in a structured, standard, and machine-readable format, or to request transmission to another responsible person;
  • in accordance with Article 7 (3) of the GDPR, to revoke your previous consent at any time. This means that we are no longer allowed to continue processing the data based on this consent, and
  • you have the right to complain to a supervisory authority in accordance with Article 77 of the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, work, or the competent supervisory authority for us, the Bavarian State Authority for Data Protection (das Bayerische Landesamt für Datenschutzaufsicht).


  1. Right to object

When contacting us via email, you can object to the storage of your personal data at any time, if there are reasons resulting from your particular situation, by sending an email to We will then stop processing your data and delete all personal data stored relating to your contact  An exception exists if this deletion is prevented by our compelling and legitimate interests. After deletion of your personal data, it will no longer be possible to communicate with you.

In case of direct advertisement, you have a general right to object (Article 21 (3) GDPR), which we will implement without you having to providing reasons resulting from your particular situation.

  1. Data security

On our website, we use the common SSL procedure (Secure Sockets Layer) in conjunction with the highest-available encryption level supported by your browser. This is generally 256-bit encryption. If your browser doesn’t support 256-bit encryption, we use 128-bit v3 technology instead. You can identify whether a single page of our website is encrypted from the locked key or lock symbol displayed in the status bar of your browser.

We also take appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

  1. Updating and changing this Data Protection Statement

This Data Protection Statement is currently valid as at May 2018.

It may be necessary to change this Data Protection Statement due to further developments of our website, or due to changed legal or official requirements. You can read and print out the current version of our Data Protection Statement at