Book a call ↗ DE EN
Service — Data Protection & Compliance

Data Protection & Compliance, pragmatic.

Data protection should protect your business, not paralyse it. Since 2018 I have guided around 30 small and medium-sized businesses through GDPR implementation — from medical practices through retail and trades to education providers. As a certified data protection manager I deliver compliance that is documented, understandable and workable in daily business. Currently added: Data Act and AI Act — what AI use in your company allows and what it doesn't.

What you can commission

Complete GDPR Implementation

Inventory, records of processing activities, legal bases, TOMs — within a few weeks, cleanly documented.

DPAs & Service Providers

Data processing agreements, third-country transfers, standard contractual clauses — your tool landscape made legally sound.

Privacy Policy & Website

Legal texts that reflect the actual state of your website — instead of boilerplate that auditors notice.

Workshops & Training

Employee training with cases from your own business — including Data Act and AI Act.

E-Learning Content

Training modules on GDPR, cybersecurity and AI — produced for your industry.

Ongoing Support

Annual brush-ups, new processing activities, new tools — compliance stays current.

GDPR quick check

How solid is your setup?

Eight questions, honest answers — a non-binding first assessment. Nothing is stored or transmitted.

01 — Do you have an up-to-date record of processing activities?

02 — Do you have data processing agreements with all service providers (hosting, cloud, newsletter …)?

03 — Is your website's privacy policy current and complete (covering all tools in use)?

04 — Is there a defined process for data subject requests (access, erasure — deadline: 1 month)?

05 — Are retention periods or an erasure concept defined for personal data?

06 — Are your employees bound to confidentiality and trained on data protection?

07 — Is there a process for data breaches (72-hour notification duty)?

08 — Are your technical and organisational measures (access, backups, encryption) documented?

How it works

01

Initial call

30 minutes, free. You describe your situation and goal — I'll tell you honestly whether and how I can help.

02

Analysis & proposal

A concrete proposal that fits the task — as a project, ongoing advisory or a performance-based model. With a clear scope and timeline.

03

Execution & steering

From sparring to execution — with measurable interim results and direct communication.

Typical outcomes

References from this practice

All data protection references ↗

Fachstelle NÖ

Data protection training and consulting on the Data Act and AI Act — legally sound client communication and AI use.

Around 30 SMEs since 2018

Records of processing, DPAs, privacy policies and workshops — from medical practices to education providers.

Horeca Hero

E-learning content on GDPR, cybersecurity and AI for the hospitality industry.

Frequently Asked Questions

Do I need an external data protection officer?

Most SMEs are not obliged to appoint a data protection officer — but they still need a documented implementation. What applies in your case is clarified in the initial call.

How long does GDPR implementation take in an SME?

Typically a few weeks: inventory, records of processing, agreements, texts, training — with clear milestones instead of a never-ending project.

Does the consulting also cover AI topics?

Yes. Training on the AI Act and Data Act, rules for AI use in your company, and e-learning modules on GDPR and AI are part of the core offering.

Let's talk Business.

The initial call is free — afterwards you'll know whether it's a fit.