Data protection officer for banks, insurance companies and the healthcare sector
Your data protection officer (DPO)
Professional & solution-oriented. Data protection that supports your business goals.
Data protection doesn't have to be complicated - quite the opposite: With over 15 years of experience as a lawyer and consultant for the healthcare, banking, insurance and numerous other industries, I offer not only tailored advice, but also practical solutions that both efficiently meet your data protection requirements and keep your business goals in mind.
Datenschutzbeauftragter für das Gesundheitswesen
“Data protection is not a hurdle - it is the basis of sustainable digital development. This is exactly where I support companies.”
qualified
Multi-certified data protection officer (SGS-TÜV, Ulm University of Applied Sciences)
multi-disciplinary
übergreifende Kompetenzen im Datenschutz, Recht, KI-Regulierung und IT-Security
international
Experience in international data protection law, in particular USA, Brazil and Asia
Practical experience in numbers
15+
Experience in years
200+
Projects
100+
Clients
Industries in which I support you
Data protection affects the entire company - from IT to HR to marketing. As an external data protection officer, I am familiar with the requirements of a wide range of industries - from banking and insurance to healthcare, retail and e-commerce - and work closely with all relevant departments. In this way, data protection does not become a brake, but is integrated into your processes in a practical, efficient and tailor-made manner.
| Banking, finance and insurance | Health, pharma and medical device technology |
| Industry and machine construction | Logistics, mobility and transportation |
| Retail and e-commerce | Energy sector |
| Education and social affairs | Non-governmental organizations (NGO) |
| IT & Technology | Real Estate & Construction |
What services are included?
As an external data protection officer, I not only take on the legally required tasks in accordance with the GDPR, but also support you in implementing or further developing an effective data protection management system (“DPMS”).
Data Protection Officer (DPO)
| Advising the controller or processor | |
| Monitoring compliance with data protection regulations and strategies | |
| Consulting on the creation and maintenance of the record of processing activities (ropa) | |
| Consulting on the conduct of data protection impact assessments (DPIA) | |
| Contact person and cooperation with the competent supervisory authority | |
| Training and awareness |
Data Protection Management System (DPMS)*
| Guidelines, policies and work instructions for data protection | |
| Procedures to ensure data protection-compliant data processing | |
| Processes for ensuring data subject rights and transparency obligations | |
| Technical and organizational measures and risk management | |
| Dealing with data breaches | |
| Monitoring and auditing |
Schedule a free initial consultation
Procedure
As an external data protection officer, I rely on a structured and transparent approach. From the first meeting to the initial data protection assessment and efficient onboarding through to implementation and ongoing support - every step is tailored to your requirements, internal workflows and existing systems and processes. The result is data protection consulting that is not only GDPR-compliant, but also practical, company-specific and efficient.
Initialer Compliance Check
GAP analysis to identify risks and create an action plan to close gaps
Onboarding
Onboarding and appointment of the DPO, notification of the supervisory authority, definition of roles and responsibilities, guidelines and policies
Implementation
Measures and processes as well as documentation of processing activities (ropa); risk analyses and definition of technical and organizational measures
Ongoing support
Advising management and employees, responding to ongoing requests, service provider checks, data processing agreements (DPAs), data protection impact assessments (DPIAs), etc.
You have questions?
Give me a call to clarify your questions!
+49 (0) 30 62737352
What you can count on
As an external data protection officer, I not only bring in-depth specialist knowledge, but also a strong understanding of business practice, processes and the people behind them.
Solution-oriented and close to practice
I provide solutions that suit your business. Options for action are presented in a comprehensible way so that risk-conscious decisions can be made.
High quality and industry experience
As a lawyer with over 15 years of business experience, I understand the legal and business challenges of various industries. My advice combines legal expertise with practical solutions that are precisely tailored to the needs of your company.
Goal-oriented, efficient and tool-supported
I work tool-supported with proven standards and offer a customizable template set. Synergies and tools that can be integrated are used.
Fair conditions & pricing
Start
€480per month - duration one year
Medium
€875per month - duration one year
Individual
€1.120per month - duration one year
If required, individual service packages can also be tailored specifically to your requirements.
Write to me!
Request your personal offer now or ask me your questions via the contact form!
You can use the following button to make a non-binding appointment via the booking tool.
FAQ
Those who ask questions get answers.The most frequently asked questions are listed here. And if your question is not included - please contact me directly.
Do I need a data protection officer?
In Germany, Section 38 BDSG regulates when a data protection officer must be appointed. This is mandatory as soon as at least 20 people in the company are regularly involved in the automated processing of personal data. Regardless of the number of employees, the obligation also applies if particularly sensitive data is processed - such as health data - or if personal data is transmitted for business purposes, transmitted anonymously or used for market and opinion research.
What are the benefits of an external data protection officer compared to an internal one?
An external DPO is independent, specialized and immediately available. You save on internal training and development costs, conserve personnel resources and benefit from up-to-date expertise - especially in complex or regulated areas.
What is a DPMS?
A data protection management system (DPMS) is a structured, process-based approach to the implementation and continuous improvement of data protection in an organization. It helps to reliably fulfill legal requirements such as the GDPR.
A DPMS includes, among other things:
- binding data protection guidelines,
- clearly defined roles and responsibilities,
- a record of all processing activities (ropa),
- Processes for risk assessments and data protection impact assessments (DPIA),
- technical and organizational measures (TOMs),
- Training for employees and
- Processes for ensuring the rights of data subjects and dealing with data breaches.
An effective DPMS is based on the Plan-Do-Check-Act (PDCA) cycle and is continuously developed through regular checks. While smaller companies can often implement a DPMS manually, larger organizations with complex structures often benefit from specialized data protection management tools.
What industry expertise do you bring to the table as an external data protection officer?
As a lawyer, consultant and external data protection officer, I have extensive experience in dealing with data protection requirements in highly regulated industries - in particular in the financial sector (e.g. banks, FinTechs), the insurance industry and the healthcare sector (e.g. SaaS service providers, hospitals, medical centers or medical technology companies).
I am very familiar with the industry-specific requirements beyond the GDPR - including the KWG, BAIT, VAG, VAIT, the GDV guidelines and the SGB. I also incorporate international legal and regulatory requirements where necessary.
By working closely with relevant departments - such as IT, Compliance, HR, Research & Development, Marketing, Sales and Legal - I ensure that your company's data protection obligations are implemented in a practical and efficient manner.
How can I contact you?
You can contact me via the e-mail address given here (contact@dataandlaw.com) and by telephone (+49 30 62737352) during normal business hours. In the event of working together, binding response times will be agreed. As a rule, you will receive a response within 24 hours. An emergency number is available in urgent cases.
Society for Data Protection and Data Security (GDD) e.V.
Datenschutz für NGOs und Spendenorganisationen
© 2024
English 
Deutsch