Law in House 6: Data protection – Audit

Are you wondering whether your company needs to appoint a data protection officer or whether the privacy policy on your website meets the requirements of the new General Data Protection Regulation (GDPR)? Are you unsure whether and with which contractual partners you need to conclude a separate contract for order processing? Are you worried that you are not adequately fulfilling your data protection information obligations? Not sure whether you are allowed to use the employee photos you have taken on your website?

With the GDPR, which came into force last year in May 2018, not everything has changed in data protection law, but a lot has. Deterred by the high fines that the GDPR threatens in the event of non-compliance, many companies have implemented data protection measures, some of which have been implemented somewhat hastily and/or are often based on models circulating on the internet. However, this does not provide data protection documents and measures that are customised to the company. Very few companies have a comprehensive overview of the topic of data protection. This is dangerous. There is often an acute need for action in one area or another.

In this case, we offer you a data protection audit, usually lasting one day, to identify typical sources of error in the area of data protection in your company. The content of this offer is to uncover any need for action to implement the data protection requirements of the GDPR. We will tell you where you should take action in terms of data protection law and work with the employees in your company who deal with data protection law to develop a strategy for further action. The complete legal review and, if necessary, revision of your forms, sample contracts and internal processes can then take place at a later date.

For this data protection audit, in step 1 you provide us in advance (e.g. by sending us an e-mail) with the information and documents that we should check for any current need for action. We then check this information and documents (usually within a time frame of around 4 hours) for any need for action – a complete legal review and revision of the documents does not yet take place within this framework (this complete legal review/revision is offered separately if required).

This may include the following information/documents:

  • Order processing contracts
  • List of processing activities
  • Privacy policy
  • Data protection mission statement, data protection policy
  • Declarations of consent
  • Documentation on the fulfillment of information obligations
  • IT security concept


In step 2, we will visit your company (usually for a further 4 hours) to discuss any need for action and the next steps with your employees involved in data protection issues and IT. The aim will be to draw up a concept of measures based on the levels of acute, medium and low need for action, taking into account the actual risk for the processing activities carried out in your company. You can then decide for yourself whether you would like to develop a solution yourself using the information acquired during the data protection audit or whether you would like to take advantage of legal advice and support from us that goes beyond the data protection audit. In the latter case, we will be happy to provide you with a customised offer.

Costs of this comprehensive data protection audit: By arrangement. The fee depends on the desired scope of the data protection audit in terms of content and time.

Dierk Schlosshan
Phone: +49 351 563 90 20