Tel. (+49) 30-20 88 999 00

Implementation of GDPR in your company

GDPR implementation has been an important topic for many companies since the European General Data Protection Regulation (GDPR) came into effect on 25 May 2018. The GDPR has created a uniform European data protection framework and the same data protection standards for all EU member states.

Implementation of the GDPR should be a top priority for businesses, given the high level of fines imposed for non-compliance.

Fines of over EUR 100 million have already been imposed on individual companies (including British Airways, Marriott Hotels).

We support your company in the efficient implementation of GDPR-compliant data protection management with our experienced team of lawyers, business economists and IT specialists.

Four steps to GDPR-compliant data protection management

The process for implementing a GDPR-compliant data protection management system can be roughly divided into the following steps:

  1. Introduction of your data protection consultant and analysis of data protection risks: Assessment of the current state through a description of the business processes relevant to data protection within the framework of the Record of Processing Activities.
  2. Preparation of an action plan and implementation of data protection management: Analysis of the Record of Processing Activities and development of the necessary implementation measures as well as implementation of the further GDPR data protection requirements through feasible and practical solutions (in particular Technical Organisational Measures, data processing management, data breach management, management of data subjects’ rights, etc.).
  3. Setting up regular training for employees.
  4. Continuous data protection consulting and regular status evaluations: Continuous review of implemented processes and measures, with the focus on ensuring that new and changed processes are taken into account within the framework of data protection management (e.g. by corresponding trigger points in the purchasing department and in the company’s project management).

1. Introduction of your data protection officer (DPO) / data protection consultant and analysis of data protection risks

The first step is to get to know your data protection consultant / data protection officer (depending on whether data protection consulting or the appointment of a DPO is needed). Together we assess the current data protection situation at your company. From the evaluation we derive the current status of data protection in your company and define the risks. Based on this, we define the next steps and discuss them with you.

Nahaufnahme von Händen die an Mobiltelefoe
Bunter geöffneter Fallschirm von unten fotografiert

2. Preparation of an action plan and implementation of data protection management

The “As is” analysis is the basis for a joint action plan. The aim is to implement a GDPR-compliant data protection management system for your company with orderly and structured measures. This allows us to achieve, among other things, the following:

  • documentation and clarification of responsibilities,
  • data protection-compliant work processes,
  • the prerequisites for the legally compliant and timely processing of enquiries from affected persons and supervisory authorities.
  1. Technical Organisational Measures (TOMs),
  2. Record of processing activities (data controller and data processor),
  3. Privacy notice (website, for employees, other),
  4. Data protection impact assessment,
  5. Process for data breaches,
  6. Process for data subject rights,
  7. Management of consent,
  8. Management of the data processing agreements, audit of suppliers and assessment of the software used (vendor review) and
  9. Policies and guidelines

3. Employee training and distribution of training materials

During the implementation of your data protection management, we also train your staff. We aim to raise their awareness of safe handling of personal data in the company. The goal is to use business-relevant personal data, in particular customer data, in appropriate processes in a sustainable and data protection-compliant manner.

An einer Pinnwand klebenden Post-It's
Wolkenkratzer die in einen mit Wolken bedeckten Himmel ragen

4. Continuous data protection consulting and regular status evaluations

Today, data protection is an essential precondition in customer relations. So, the legally compliant treatment of data is a necessity. To ensure that your data protection management is always up to date, we provide you with continuous support:

  • Information on current topics and legally relevant changes in data protection
  • Advice and regular status reviews
  • Regular updates to your data protection management system
  • Review of data processing agreements
  • Communication with supervisory authorities and stakeholders
  • Training opportunities

Our offer

Eggert & Partner Rechtsanwälte Logo

Data protection is what we do best. By delegating your data protection management to us, you save time and resources to focus on what you do best – developing and sustaining your business. Depending on your need for support, we offer 4 consulting packages for GDPR implementation in companies. Our offer combines the advantages of an external data protection officer with the advice of accredited data protection lawyers provided by the law firm Eggert & Partner Rechtsanwälte.


We make it our job to position your company securely and efficiently in the field of data protection. For the implementation of GDPR we offer you versatile service packages and competent and reliable support tailored to your needs.


Request a callback

Please leave your name and telephone number - and we will call you back.
  • By submitting this form, I agree that the personal data provided within the scope of this message will be processed in a database managed under the responsibility of mip Consult GmbH exclusively for processing and answering this inquiry and that mip Consult GmbH may send me corresponding, inquiry-related information by post, e-mail or telephone. The declaration of consent can be revoked at any time in the future, for instance via written notification to mip Consult GmbH, Wilhelm-Kabus-Str. 9, 10829 Berlin or via e-mail to Your data will be treated confidentially and will not be passed on to third parties. Data transmission is encrypted. Further information on data protection and objection can be found at
  • This field is for validation purposes and should be left unchanged.