A data protection officer must fulfill the following three main factors in accordance with the requirements of Art. 37 para. 5 GDPR:
- professional qualification with regard to expertise in the field of data protection law
- Specialist knowledge in the field of data protection practice
- Ability to perform the tasks specified in Art. 39 GDPR (see above)
The external data protection officer is personally liable for all activities. Due to this high risk, we have developed an insurance concept that covers losses of up to EUR 40 million.
We audit your company in accordance with the legal standards of the GDPR and the BDSG (new). From a practical perspective, we are guided by the legal requirements of the audit procedures of the state data protection authorities.
Companies reduce regulatory risks, build trust with customers and business partners, and can use AI systems in a more secure, transparent, and sustainable manner.
With a data protection audit, you can prove to customers and also during an official audit that you comply with and implement the legal provisions and requirements of the GDPR. Above all, you create trust with potential customers and cooperation partners who want proof of GDPR compliance.
The project typically begins with a GAP analysis. This is followed by a risk analysis, the implementation of the ISMS, the preparation of the necessary documentation, and preparation for the certification audit.
The costs depend on the size of the company and the number of branches. We will be happy to provide you with a fixed price offer within 24 hours.
The duration depends on the size and complexity of the organization. In many cases, a certifiable ISMS can be established within a few months.
Yes. ISO 27001 can be seamlessly integrated with GDPR data protection requirements as well as regulatory requirements such as NIS2 or DORA, creating synergies and more efficient processes.
Yes. AI compliance can be effectively integrated with data protection, information security, and governance frameworks—particularly in conjunction with the GDPR, ISO 27001, NIS2, or DORA.
AI compliance is relevant for all companies that use or develop AI systems—particularly in the fields of HR, customer service, marketing, finance, healthcare, software, or automated decision-making processes.
The specific tasks of the data protection officer result from the GDPR and primarily include
- Monitoring the legal requirements of the GDPR
- Overview of processing activities
- Risk assessment for processing activities
- Employee training
As a general rule, all AI solutions in use should be evaluated—particularly external AI tools, generative AI, HR systems, automated decision-making processes, and AI applications that process personal data.
ISO 27001 certification strengthens information security, reduces risks, and builds trust among customers, partners, and regulatory authorities. At the same time, it helps streamline internal processes and ensure compliance with regulatory requirements.
Yes. We help companies establish legally compliant AI governance frameworks and develop internal AI policies, usage guidelines, and compliance processes.
We assist with the development of all necessary policies and documentation, including security policies, risk analyses, asset management, access control frameworks, emergency plans, and ISMS documentation.
ISO 27001 is particularly well-suited for organizations with high standards for information security, data protection, and compliance—such as those in the IT, software, healthcare, finance, manufacturing, or critical infrastructure sectors.
The use of AI can entail risks related to data protection, liability, compliance, and reputation. Of particular concern are erroneous decisions, a lack of transparency, discriminatory outcomes, or insecure data processing.
Yes. We offer practical training and awareness sessions for employees, managers, and compliance officers on the safe and legally compliant use of AI.
Yes. AI solutions that are already in use can be reviewed, evaluated, and adapted to meet current regulatory requirements.
The cost depends on the size of your company, the complexity of your IT infrastructure, and the scope of certification you require. We would be happy to provide you with a customized, fixed-price quote within 24 hours.
Certain companies are obliged to appoint a (external or company) data protection officer. The General Data Protection Regulation (GDPR) and the new BDSG stipulate the appointment of a company data protection officer if one of the following conditions is met:
a) As a rule, at least ten people are permanently involved in the automated processing of personal data in the company.
b) The core activity of the company is the performance of processing operations which, by virtue of their nature, their scope and/or their purposes, require extensive regular and systematic monitoring of data subjects (this includes, for example, hospitals and pharmacies).
The process begins with an analysis of the AI systems and processes in use. Risks are then assessed, necessary measures are defined, and governance, documentation, and compliance frameworks are established.
The EU AI Act establishes Europe-wide requirements for the safe and legally compliant use of artificial intelligence. Depending on their risk category, companies must meet specific transparency, documentation, and security requirements.
Yes. We support companies throughout the entire project—from the initial analysis through to the successful preparation for and support during the external certification audit.
