Data Protection & Compliance, pragmatic.
Data protection should protect your business, not paralyse it. Since 2018 I have guided around 30 small and medium-sized businesses through GDPR implementation — from medical practices through retail and trades to education providers. As a certified data protection manager I deliver compliance that is documented, understandable and workable in daily business. Currently added: Data Act and AI Act — what AI use in your company allows and what it doesn't.
What you can commission
Complete GDPR Implementation
Inventory, records of processing activities, legal bases, TOMs — within a few weeks, cleanly documented.
DPAs & Service Providers
Data processing agreements, third-country transfers, standard contractual clauses — your tool landscape made legally sound.
Privacy Policy & Website
Legal texts that reflect the actual state of your website — instead of boilerplate that auditors notice.
Workshops & Training
Employee training with cases from your own business — including Data Act and AI Act.
E-Learning Content
Training modules on GDPR, cybersecurity and AI — produced for your industry.
Ongoing Support
Annual brush-ups, new processing activities, new tools — compliance stays current.
How solid is your setup?
Eight questions, honest answers — a non-binding first assessment. Nothing is stored or transmitted.
01 — Do you have an up-to-date record of processing activities?
02 — Do you have data processing agreements with all service providers (hosting, cloud, newsletter …)?
03 — Is your website's privacy policy current and complete (covering all tools in use)?
04 — Is there a defined process for data subject requests (access, erasure — deadline: 1 month)?
05 — Are retention periods or an erasure concept defined for personal data?
06 — Are your employees bound to confidentiality and trained on data protection?
07 — Is there a process for data breaches (72-hour notification duty)?
08 — Are your technical and organisational measures (access, backups, encryption) documented?
Your open items:
Non-binding first assessment — no substitute for a data protection review.
How it works
Initial call
30 minutes, free. You describe your situation and goal — I'll tell you honestly whether and how I can help.
Analysis & proposal
A concrete proposal that fits the task — as a project, ongoing advisory or a performance-based model. With a clear scope and timeline.
Execution & steering
From sparring to execution — with measurable interim results and direct communication.