Data Protection

(Data Protection Officer, Data Protection Auditor, representative per Art. 27 GDPR)


Your case can not be solved by any lawyer.
Specialization exists not only with doctors, but also with lawyers.
We are your guide when it comes to privacy.

We have been concentrating on this area for many years, keeping our knowledge up-to-date through in-depth training and knowledge of the environment beyond the legal are

Certified Data Protection Officer


Ensure legal certainty for your company


Build trust with your customers and partners


Training and sensitize your employees


Legally compliant order as your data protection officer


Trained and tested by TÜV-SÜD Akademie GmbH in GDPR and BDSG


Avoid impending fines

You would like a personal consultation? Give us a call

0711 / 35 79 30

Data protection officer

As an external data protection officer, I advise management on all data protection issues relevant to your company.
I check every department that works with personal data for compliance. The management will be made aware of any issues and the corresponding need for action. I then provide suggestions for solutions and develop appropriate concepts.
The external data protection officer is the direct contact person for the responsible supervisory authority.

Data protection audit

The data protection auditor audits all departments of a company for their current level of compliance and compares the results to the requirements and delivers the corresponding report to management.

Global application of the General Data Protection Regulation

The GDPR adopted by the EU applies to the processing of personal data not only in the European Economic Area, but also outside the EU, wherever goods and services are offered to EU citizens (lex loci solutionis). In this case, these companies in the EU must appoint a representative within the meaning of Art. 27 GDPR.

Pursuant to Art. 83 para. 4 a) GDPR, failure to name a representative could result in fines of up to 2% of your global annual turnover! In some cases (Art. 85 GDPR), fines may even be up to € 20 million or 4% of your global annual turnover.

For example, the US hotel chain Marriott is facing a $123 million fine imposed by the UK’s Information Commissioner’s Office (ICO). Hackers gained access to the database of the Marriott subsidiary Starwood and obtained the data of 339 million customers, not only their names and addresses, but also highly confidential data such as passport and credit card numbers. According to the ICO, when Marriott bought Starwood in 2016, it failed to conduct sufficient audits during the acquisition and provide sufficient security for the systems afterwards. But this would have been their duty under the GDPR.

British Airways has also been threatened by the ICO with a £183.39 million fine for a GDPR breach. British Airways lost the data, including credit card information and the CVV numbers, of some 500,000 customers during a cyberattack. The attack occurred when customers paid for their flights by credit card.

This means that companies outside the EU have to comply not only with their own privacy laws, regulations and directives, but also with the GDPR.

Worldwide hotel industry

One industry where masses of personal data are processed is the hotel industry. In this area, in addition to credit card information, highly sensitive data such as passport numbers, religion, ethnicity, etc. are also processed (when included in the passport). This data falls into the special categories of personal data per Art. 9 GDPR and must be specially protected. This is a huge challenge for hotels.

This is why I specialize in this industry.