%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20none;%20}%20.st1%20{%20fill:%20%23006db4;%20}%20.st2%20{%20isolation:%20isolate;%20}%20.st3%20{%20mix-blend-mode:%20multiply;%20}%20.st4%20{%20clip-path:%20url(%23clippath-1);%20}%20.st5%20{%20clip-path:%20url(%23clippath-2);%20}%20.st6%20{%20fill:%20%23009891;%20}%20.st7%20{%20clip-path:%20url(%23clippath);%20}%20.st8%20{%20fill:%20%2300a25b;%20}%20%3c/style%3e%3cclipPath%20id='clippath'%3e%3crect%20class='st0'%20x='7.2'%20y='4.6'%20width='50.5'%20height='72.1'/%3e%3c/clipPath%3e%3cclipPath%20id='clippath-1'%3e%3crect%20class='st0'%20x='-9'%20y='-8'%20width='50.5'%20height='72.1'/%3e%3c/clipPath%3e%3cclipPath%20id='clippath-2'%3e%3crect%20class='st0'%20x='23.5'%20y='17.1'%20width='50.5'%20height='72.1'/%3e%3c/clipPath%3e%3c/defs%3e%3cg%20class='st2'%3e%3cg%20id='Ebene_1'%3e%3cg%3e%3cg%20class='st3'%3e%3cg%20class='st7'%3e%3cpolygon%20class='st6'%20points='48.7%2012.6%2016.3%2031.5%2016.3%2075.7%2048.7%2056.7%2048.7%2012.6'/%3e%3c/g%3e%3c/g%3e%3cg%20class='st3'%3e%3cg%20class='st4'%3e%3cpolygon%20class='st8'%20points='32.5%200%200%2019%200%2063.1%2032.5%2044.1%2032.5%200'/%3e%3c/g%3e%3c/g%3e%3cg%20class='st3'%3e%3cg%20class='st5'%3e%3cpolygon%20class='st1'%20points='65%2025.1%2032.5%2044.1%2032.5%2088.2%2065%2069.3%2065%2025.1'/%3e%3c/g%3e%3c/g%3e%3cpath%20d='M273,24.9h-7.3v44.5h22.4v-5.9h-15.1V24.9ZM246.3,69.5h7.3V24.9h-7.3v44.5ZM214,63.6c-2.9,0-5.6-.7-7.9-2-2.3-1.3-4.1-3.3-5.4-5.8-1.3-2.5-2-5.4-2-8.7s.7-6.2,2-8.6c1.3-2.5,3.1-4.4,5.4-5.7,2.3-1.3,4.9-2,7.9-2s5.6.7,7.9,2c2.3,1.3,4.1,3.2,5.4,5.7,1.3,2.5,2,5.4,2,8.6s-.7,6.2-2,8.7c-1.3,2.5-3.1,4.4-5.4,5.8-2.3,1.3-4.9,2-7.9,2M214,69.9c4.2,0,8-1,11.5-2.9,3.5-1.9,6.2-4.7,8.2-8.1,2-3.5,3-7.4,3-11.8s-1-8.3-3-11.7c-2-3.5-4.8-6.2-8.2-8.1-3.5-1.9-7.3-2.9-11.5-2.9s-8,1-11.4,2.9c-3.5,1.9-6.2,4.6-8.3,8.1-2,3.5-3,7.4-3,11.7s1,8.3,3,11.8c2,3.5,4.8,6.2,8.3,8.1,3.5,1.9,7.3,2.9,11.4,2.9M159.7,30.9h8.1c2.8,0,4.8.7,6.2,2,1.4,1.3,2,3.1,2,5.4s-.7,4.1-2.1,5.5c-1.4,1.4-3.4,2.1-6.2,2.1h-8.1v-14.9ZM184.3,69.5l-11-18.4c3.5-.9,6.1-2.5,7.8-4.8,1.7-2.4,2.5-5,2.5-7.9s-.6-4.7-1.8-6.7c-1.2-2-2.9-3.6-5.3-4.8-2.4-1.2-5.3-1.8-8.7-1.8h-15.4v44.5h7.3v-17.8h5.6l10.2,17.8h8.7ZM141.9,30.8v-6h-24.6v44.6h24.6v-6h-17.3v-13.6h15.4v-6h-15.4v-13.1h17.3ZM94.6,24.9h-7.3v44.5h22.4v-5.9h-15.1V24.9Z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Data Protection. Leave it with us.
Data Protection Consultancy
We provide consultancy services for all aspects of data protection related to your business. Our focus is on delivering practical, straightforward solutions that enable your business model to thrive – all while ensuring GDPR compliance wherever possible.
Data Protection Officer
In Germany, companies with 20 or more employees are legally required to appoint a data protection officer (DPO). However, even if your company falls below this threshold, appointing one can still be beneficial. As your external DPOs, we bring the requisite expertise and up-to-date GDPR knowledge to the table. Compared to an internal appointment, outsourcing this role to us saves you both time and resources. You also won’t need to worry about labour laws that make it nearly impossible to dismiss an internal DPO – or about training someone from scratch.
Data Security
By law, you are required to protect personal data from unauthorised access, accidental loss, or destruction. In essence, this is what most people think of as data protection.
We will assess your existing data security measures – also lovingly called TOMs – and optimise them to strengthen data protection within your company.
Chances are, you also have other valuable company assets or sensitive information worth protecting beyond personal data. Well, you’re in luck: Securing your data also means safeguarding your trade secrets.
Data Processors
Companies remain accountable for any data processing they outsource to third-party service providers. GDPR mandates that you have the right contracts in place. We can review your existing agreements or support you in concluding them in the first place. If you ask nicely, we can even communicate directly with your providers and provide tailored templates.
If the boot is on the other foot, we’ll support you in your negotiations with clients and review the contracts they expect you to sign as their data processor.
Projects
Developing bespoke solutions for extraordinary projects is what we love most. We firmly believe data protection shouldn’t hold you back but should instead serve as an opportunity to refine and elevate your ideas. Time and again, we’ve seen how well-implemented and thoughtfully designed data protection measures lead to better outcomes for everyone involved. Not to mention that knowing you’ve done your data protection homework can be a real confidence booster.
We’ve tackled data protection challenges ranging from the everyday to the truly complex: mailouts, photo usage, online shops, CRMs, whistleblower portals, all the way to Europe’s largest IoT project, delicate access bans, or extensive video surveillance. We can’t wait to hear about what exciting challenges you have in store for us.
Responding to Data Protection Authorities
If, despite everything we’ve done together, you end up receiving a letter from the Data Protection Authority, we’ll work closely with our partner law firm, WLHK, to coordinate an appropriate response strategy. Be it on-site audits or written questionnaires, we’ve got your back.
Internal Guidelines
For your staff to comply with data protection laws, they need clear guidance and instructions. Otherwise, mistakes or infringements could fall back on you. We’ll help you develop pragmatic internal guidelines tailored to your needs.
Of course, we know that guidelines often go unread – let alone followed. That’s why we focus on feasibility and straightforward messaging to ensure they’re both practical and effective.
Staff Training
Weirdly enough, GDPR training sessions seem to have a reputation for being dry and boring – but they don’t have to be! We’ll come in and deliver interactive, engaging training sessions tailored to both management and staff. The content will be customised to your needs, featuring relevant use cases and practical examples.
Data Protection Audits
An internal data protection audit provides valuable insights into your data processing practices and helps identify potential compliance gaps. We’d be delighted to put our auditing skills to work for you.
Should you ever find yourself being audited by a client, we’ll guide you through the process. We are also able to audit your service providers to ensure they meet compliance standards.
Transfer Impact Assessments
Transferring personal data to countries outside the EU may require a Transfer Impact Assessment (TIA) to evaluate risks and implement appropriate safeguards, depending on the level of data protection in the third country. We’ll map your data flows and assess these cases for you.
Data Protection Impact Assessment
When planning projects involving data processing that may pose a high risk to data subjects, a prior Data Protection Impact Assessment (DPIA) is mandatory. Identified risks must be mitigated with appropriate security measures.
We’ll support and document your Data Protection Impact Assessments to ensure compliance and clarity.
AI Regulation
The EU’s new AI Regulation establishes a framework for the use of artificial intelligence. Data protection is just one of many requirements when implementing AI projects or using AI tools.
In collaboration with our partner law firm WLHK, we can assess and support your project, provide employee training, and help you comply with the requirements of the AI Regulation.
NIS-2 Directive
If your organisation is subject to the new EU NIS-2 Directive on cybersecurity, we’ll support you with your registration and reporting obligations. Most importantly, we’ll collaborate with your IT department or service provider to review your existing security measures and develop a practical and effective security plan tailored to your needs.
Additional Legal Support
Occasionally, complex matters or legal issues may extend beyond our scope as Data Protection Officers. In such cases, our partner law firm WLHK is ideally positioned to advise you on advanced data protection matters, as well as competition and media law.