Data Protection for Businesses

Erfahrungen & Bewertungen zu DataGuard

Request for a non-binding offer. We will determine your company’s privacy requirements and the associated costs.

Transparent monthly prices over expensive hourly rates

Cooperations | Memberships

  • Basic
    LOW Privacy requirements





    150 € p/m Learn more
    Get an Offer
  • Medium
    MIDDLE Privacy requirements

    Advertising agencies

    Industrial enterprises

    Construction/Real estate

    Travel, tourism, hotels

    250 € p/m Learn more
    Get an Offer
  • Medium+
    High Privacy requirements

    Doctors, pharmacists

    Lawyers, consultants

    Online stores

    Small IT companies

    350 € p/m Learn more
    Get an Offer
  • Premium
    VERY HIGH Privacy requirements

    Finance companies

    Employment agencies

    Software/Platform solutions

    Companies with >100 employees

    500 € p/m Learn more
    Get an Offer
  • Enterprise
    INDIVIDUAL Privacy requirements



    Publicly listed companies

    Umbrella organizations

    As required Learn more
    Get an Offer
2-months satisfaction guarantee
You should be convinced by our support as an external DPO. Only then you give us your trust for the entire contract period.
BAFA subsidy
Our audits are eligible for at least 50% reimbursement by BAFA. We guide you through the application process.
Detailed Overview
Medium +
GDPR basic protection
Appointment of your Data Protection Officer
Notification of your Data Protection Officer to the supervisory authority
Personalized privacy policy for your website, webshop, app, platform
Data protection dossiers with technical and legal updates
Annual activity report to the Management Board
DataGuard seal for the website and for branding
Employee commitment to the principles of the GDPR
Employee training courses (digital)
Number of employees covered in the training (via the DataGuard platform) 1-50 pax 1-75 pax 1-100 pax 1-150 pax
Data protection audit
Data Protection audit (data protection assessment)
Analysis based on intelligent questionnaires (digital)
Audit calls with DataGuard’s Data Protection Officers
Audit minutes and prioritized recommendations for action
Number of supported Data Protection Impact Assessments (DPIA) 1 2 4
Data Protection documentation (prepared by DataGuard)
Preparation of Technical and Organisational Measures (TOM)
Documentation of standard processes without company specific data processing activties (e.g. personnel, purchasing, video surveillance)
Number of business units of core processes with documentation of company-specific data processing activties (e.g. gastronomy, medical treatments, car repairs) 1 business unit 2 business units 4 business units 6 business units
Additional consultation hours included in the service package – flexibly applicable for e.g.: 6 hours per year 12 hours per year 18 hours per year
Processing of data subject enquiries or queries by the authorities
On-site support for inspections by the authorities or external parties
Checking the data protection compliance of software and hardware
Duty to provide information pursuant to Art. 13 and Art. 14 GDPR
Preparation of a customized deletion concept
Data Processing Agreements (DPA)
Preparation of DPAs which the customer distributes to suppliers and external partners 5 DPAs per year 10 DPAs per year 15 DPAs per year
Checking DPAs which the customer receives from their customers and external partners 5 DPAs per year 10 DPAs per year 15 DPAs per year
Special services in Medium+ and Premium
Printing and delivery of a data protection folder with relevant information and templates
Personalized and industry-relevant training for the management team and other departments (digital)
Company-specific data protection analysis with personalized questionnaires and follow-up telephone calls 2 per year 4 per year
Data protection audit (one-off price)
All prices are net 1.000 € 1.600 € 2.200 € 3.000 €
Contract period (months) 24 24 24 24
Angebot Erhalten
Choose your industry

We support you on your journey towards GDPR compliance

  • Industrial and Manufacturing
  • Craft and Construction
  • IT
  • Finance and Legal
  • Media and Entertainment
  • Healthcare
  • Corporations
  • Churches
  • Public institutions

Your data protection team for Industrial and Manufacturing

With our expertise in the industrial and manufacturing sectors, we will support you in the GDPR compliant processing of personnel and customer data. We will assist you in the transfer of data to contract processors such as suppliers and sub-contractors. With DataGuard, you can guarantee data protection for your clients.

Dr. Patrick Schweisthal
Johann Steinert
Dr. Frank Schemmel
Ashraf Malik
Andreas Riehn
Robert Mäckle

Your data protection team for Craft and Construction

Whether working with property management companies, transferring data to sub-contractors or dealing with WhatsApp, we are familiar with the challenges faced by the craft and construction industries. Pragmatically and in a manner that is solution-oriented, we will support your company on its journey towards GDPR compliance.

Dr. Teßmar von Bonin
Maren Wienands
Patrick Schnitzer
Ashraf Malik
Dr. Hans-Georg Schaefer

Your data protection team for IT

In the IT industry, the processing of personal data is part of the core process. Benefit from our expertise; from the transfer of data to third countries to the examination of the application of software tools. We are also at your disposal to support you with data protection issues regarding remote maintenance and remote access.

Robert Mäckle
Celine Gündüz
Johann Steinert
Janis Junker
Maxim Ciebiera
Ashraf Malik

Your data protection team for Finance and Legal

The protection of personal data in the finance and legal sectors poses a particular challenge: As a bearer of trade secrets, you often process sensitive data. In addition, there are also specific features of the individual federal states. We are specialists in this field and have the answers to your questions.

Dr. Frank Schemmel
Andreas Riehn
Dr. Hans-Georg Schaefer
Dr. Patrick Schweisthal
Boris Otterbach
Sofia Davveta

Your data protection team for Media and Entertainment

In the communications industry, the processing of large amounts of personal data is part of everyday working life. But to whom can a newsletter actually be sent? How can old address lists still be used in the era of the GDPR? We have the answers you are seeking and will support you pragmatically as an external Data Protection Officer.

Janis Junker
Andreas Riehn
Maxim Ciebiera
Serhat Güncaldi
Celine Gündüz
Johann Steinert

Your data protection team for Healthcare

In no industry is the processing of personal data as risky as it is in the medical and healthcare industry. With our many years of experience in this sector, we will support you in the legally compliant handling of special-category data.

Dr. Hans-Georg Schaefer
Celine Gündüz
Maren Wienands
Konstantin Greif
Sofia Davveta
Dennis Gurewitsch

Your data protection team for Corporations

In the international networking of corporations and corporate groups, the legally compliant handling of personal data can be dificult to oversee, especially when dealing with third countries. With our experience in data protection for international companies, we understand the challenges you face and will support you in implementing the appropriate technical and organisational measures that are GDPR compliant.

Dr. Frank Schemmel
Maren Wienands
Dr. Hans-Georg Schaefer
Janis Junker
Serhat Güncaldi
Andreas Riehn
Robert Mäckle
Johann Steinert

Your data protection team for Churches

We are your experts in the implementation of the KDG, the KDG-DVO and the DSG-EKD and are at your disposal for all questions regarding data protection. In addition, we will be your contact for IT security in the day-to-day activities of the church.

Tobias Schweizer
Dr. Teßmar von Bonin
Boris Otterbach
Sofia Davveta
Dr. Hans-Georg Schaefer

Your data protection team for Public institutions

As a public institution, you have a special status in the GDPR and the BDSG, which comes with a great deal of complexities. In addition, there are country-specific legal bases to which public institutions must comply. As specialists in this field, we will support you with competence and confidence.

Dr. Hans-Georg Schaefer
Boris Otterbach
Dr. Patrick Schweisthal
Serhat Güncaldi
Tobias Schweizer
Dennis Gurewitsch

You have everything under control

In a continuous exchange, we will work together via an intelligent web platform. The platform is intuitively comprehensive and has no barriers to entry. All information surrounding data protection in your company can be viewed at any time via a dashboard.

Our platform is, of course, subject to the highest security standards. All information is protected against unwanted access via a trusted cloud. This cloud not only fulfills applicable security regulations, but also our own high standards of IT and data security.

Take us on a tour of your company

In order to get an overview of the infrastructure and processes of your company, we will organize an audit with various departments within your company and address their personal data processing procedures.

Each department representative will use our web platform to provide specific information on the department’s operations.

Our platform learns quickly, so it will only ask questions that are relevant to your business.

The GDPR folder

When all the audits are completed, we will prepare your data protection dossier. In the course of the assessment, you will receive concrete recommendations for action, a list of your processing activities (VVT) as well as the documentation of your technical and organisational measures (TOM).

You can retrieve the entire report at any time via the platform and present it to the authorities. If required, we will prepare a Data Processing Agreement (DPA) with which you may use to oblige your service providers to protect the data they process.

Recommendations for Action

During the ongoing cooperation, we will support you in the implementation of the technical and organizational measures (TOM). We will make adjustments and further recommendations where necessary.

You will receive a comprehensive activity report from us for the services and measures that have been performed, which can also be presented to the authorities.

We will coordinate concrete data protection goals with you and prepare a data protection guideline for your company.

Continuous support and cooperation

DataGuard is your partner for all questions and challenges relating to data protection. Whether it is an inquiry from a data subject or the authorities, or a data breach, we are here to help.

We will consult you, support you through changes within your organization, prepare data protection dossiers and keep you up to date with our newsletter and magazine.

About DataGuard

DataGuard is a privacy and legal-technology company headquartered in Munich, Germany. At DataGuard, we house over 100 employees who are passionate about privacy, compliance and IT security. Well over 1,000 business customers place their trust in our “Privacy-as-a-Service” solution, a hybrid of client consultation and the provision of our self-developed Software-as-a-Service platform. In addition to small and medium-sized enterprises, our customer portfolio also includes major international corporations (industrial, finance and trade), political parties, schools, sports clubs, as well as churches and public institutions.

An interdisciplinary team of TÜV/DEKRA certified Data Protection Officers, including lawyers, computer scientists, engineers, and business economists, provide personal support to both our German and international clients on the subject of privacy and IT security. The process of consulting our clients is supported by the use of our web platform which digitizes and automates manual activities and processes data input with machine learning (the software’s patent has been submitted to the European Patent Office under the reference number Q0144EP). The platform is used by both our customers and our privacy team.

  • 400+ CITIES
  • 1000+ CUSTOMERS


Abberior Instruments GmbH Abberior GmbH Autoglas Profi GmbH G. Stürzer GmbH Eckstein GmbH Hop Lun GmbH OneFID GmbH arculus GmbH Gravning GmbH VS Qloud Solution GmbH Orientis (Deutschland) GmbH RightNow GmbH Innung für Elektro- und Informationstechnik München brandwerk GmbH Hosokawa-Alpine AG St. Aurelia GmbH Mr Beam Lasers GmbH Martin KFZ-Technik GmbH EPSILON Rechtsanwälte WIWA Wilko Wagner GmbH Verwaltungsgesellschaft für Haus- und Grundbesitz Hammele & Partner mbh Cloud Solutions GmbH realbest Germany GmbH AURICON Audit GmbH Wirtschaftsprüfungsgesellschaft Cheerleading und Cheerperformance Verband Deutschland e.V. WIRA Fahrzeug- und Maschinenteile GmbH Microfluidic Chipshop Fertigungstechnik Wettringen GmbH Grand Excelsior Hotel München Airport deal Neudahm Hotel Interior Design GmbH ZST Security Service Consulting and Technology GmbH Freework GmbH Deutscher Bogensport-Verband 1959 e.V. VITZTHUM Projektmanagement GmbH Enduran GmbH Hotel VICTORIA Theodor Schuler GmbH & Co. KG machineering GmbH & Co. KG Industriepark Werk Bobingen GmbH & Co.KG Praxis für Ergotherapie Georg Weißlein Mitchell Consulting Inh. Robert Mitchell Autohaus HEINEMANN GmbH Medical Personalvermittlung e.K. Harald Hilgers Transporte e.K. Tensar International GmbH Gastro One GmbH & Co. KG Bruderherz GmbH Jahn Transprt A-TEX Germany GmbH Catella Real Estate AG HiQ Projects GmbH Druckluft Schmitz GmbH NovaStor GmbH Hotel Adlerbräu GmbH & Co.KG A-Z Objektservice Gmbh & Co. Kg Schottenhamel und Lechner GmbH ArangoDB GmbH Manfred Lehmann Innenausbau GmbH DEHOGA Nordrhein e.V. ETH – Elektrotechnik Hämmerle LAMBDA TECHNOLOGY® Gesellschaft für thermische Prozesse mbH GPEP GmbH Mateco GmbH Höfler GmbH FIPA GmbH mimi Kinder- und Seniorenstiftung Anton Puckrandt Heiz- und Betriebskostenabrechnung GmbH S&T Versorgungstechnik GmbH Sanitätshaus Fuchs+Möller GmbH Praxis für Ergotherapie Birgit Stadler PEB. Praxis für Ergotherapie Udo Streit SofaCompany GmbH oelheld GmbH Gerfer Recycling GmbH Ergotherapie Gerolstein Industrievertretung Friedel Baumann GmbH LEVELS GmbH & Co. KG Ralf Brill Engineering GmbH Freizeitbetriebe Worms GmbH Praxis für Ergotherapie Martin Leon u. Andrea Haben Energietechnik Südwest GmbH Geospin GmbH IMR Deutschland GmbH Fressnapf Gallafilz Retail GmbH Pro-Care-Ruppin Seehotel Heidehof GmbH Becotec Fahrbahnsanierungen GmbH luna-park GmbH Fischer u. Schweiger GmbH PreciPoint GmbH Wissensfabrik – Unternehmen für Deutschland e.V. Reesink Schwerstapler GmbH BSB I Bussche – Şahin – Bülow – Rechtsanwälte Insolvenzverwalter Dialoglotsen GmbH LiveCycle GmbH Ergotherapiepraxis Scheuer Landleben am Vilser Holz GmbH In Familia GbR HAAF Containerdienst- Transport GmbH Mayer Schaltechnik GmbH Kannegiesser Spedition GmbH Spedition Eder GmbH & Co. KG DADI – Service GmbH Auto Walther e.K. Gastro Team Venhofen GmbH Bernhart ConsKom GmbH & Co. KG Ergotherapie Hamburg Mitte Steuerkanzlei Hollfelder LQB² Das Lernzentrum für Qualifizierung, Bildung und Beratung GmbH Hotel Bornmühle GmbH & Co.KG Ergotherapiepraxis Hillebrecht & Sanders Gastro Team Lloyds GmbH KSW Reinigungssysteme Vertrieb und Service GmbH Druckerei Hirschfelder Gonotec GmbH Sägen-Mehring GmbH Praxis für Zahnheilkunde Dr. Christoph Wenninger und Dr. Sebastian Helgert Intracon Marketing Services GmbH Bosic GmbH MITEC Industrietechnik Vertriebs-GmbH Wittler Visuelle Einrichtungen GmbH Hotel Forsthaus Nürnberg/Fürth GmbH & Co.KG TourComm Germany GmbH & Co. KG Ergotherapiepraxis Achatz inovel elektronik GmbH Autohaus Meißner & Zahn GmbH Sit&Watch Media Group GmbH Praxis für Ergotherapie Schäfer&Liel insolutions GmbH Progress Internet GmbH Alfra GmbH Relocately GmbH Butz und Staab SALT communications GmbH Artis Service-Wohnen GmbH PBI Entwicklung innovativer Fassaden GmbH Praxis Ergotherapie GbR M. Siems u Stefanie Schenk-Simon Mobiler Tiernotdienst 24 Advisa Personal GmbH Fotogeräte-Service Nord GmbH mertes personalservice GmbH Ergotherapeutische Praxis Christa Middendorf Chapman Freeborn Airmarketing GmbH Sprachtherapie und Logopädie Anja Bartels BRICKA Personaldienstleistungen GmbH FS eCommerce GmbH Shred-it GmbH MUNSCH Chemie-Pumpen GmbH IEM FörderTechnik GmbH
Visco GmbH FELLGUTH FUCHS GELLING Partnerschaft von Steuerberatern mbB Steuerkanzlei Lehmann Profilbleche Dührkop GmbH Landhotel Voshövel GmbH Gemino GmbH Physio- & Ergotherapie Peggy Hoischen KFD Baden Württemberg UG Ortho Organizers GmbH DBRD Akademie GmbH Hauskrankenpflege Martina Stolley Erich Weit GmbH Praxis für Ergotherapie und Logopädie Rudolf Eberlein Praxis für Ergotherapie MaJa GbR KURIS Spezialmaschinen GmbH Primo Holding GmbH Praxis für Ergotherapie Heike Nebelsieck Claus Zollner Immobilien GmbH HMH Heidrich & Müller-Hansen Partnerschaftsgesellschaft Steuerberatungsgesellschaft mbB Zelt-Musik-Festival GmbH Autohaus Beck GmbH balandis real estate ag Oxana Dillmann Luxus BeautyLine Kompetenzzentrum Naturschutz und Energiewende KNE gGmbH Take4Net GmbH Harzer Mineralquelle Blankenburg GmbH ReformPlus GbR Paycult GmbH & Co.KG a plus plus Architektur + Generalplanung + Gutachten GmbH Opium Effect GmbH Treusorg GmbH Steuerberatungsgesellschaft Vaddi Concerts GmbH Willy Schoer KG WIWA Kampfmittelbergung GmbH HSG Harburger Sanierungsgesellschaft GmbH ACHT GmbH Das ZBW Zentrum für Bildung und Weiterbildung GmbH Schmid & Wezel GmbH AWO Arbeiterwohlfahrt – Kreisverband Esslingen e.V. Talent Leadership Supply GmbH ncn ImmobilienManagement GmbH Gral Systeme GmbH Energiezentrale Sachsen-Anhalt GmbH Bearpaw-Products Bogensport-Bodnik GmbH Perlen Packaging GmbH, Müllheim RK Siebdrucktechnik GmbH FINDEISEN GmbH Osenstätter GmbH domatec GmbH KEBOS Kessel- Boiler- Technische Anlagen Service GmbH Wirtschaftsclub Düsseldorf GmbH Struck Turbotechnik GmbH Autohaus Eichfeld GmbH Flair Hotel Sonnenhof Tombow Pen & Pencil GmbH Gemeinschaftspraxis Dr. med. Peter Maier und Dr. med. Heiko Weerda Futtermittel Louven e.K. PIN Privates Institut für Investitionsmanagement GmbH BEUTLER VERPACKUNGSSYSTEME GmbH kothes GmbH K & K Gilsenbach GmbH SETG GmbH Niederlassung Deutschland Haus am Mühlenteich gGmbH gardow-logistics SMB Schnekenburger GmbH Vermessungsbüro Schmitt  ÖBV Waffen – Will & Apel GmbH Knappmann GmbH & Co. Landschaftsbau KG Autohaus Dähn GmbH & Co. KG Internistische Gemeinschaftspraxis Dr. med. Karl-Heinz Göttl und Dr. med. Omar Adjan UPB GmbH Frische Service-GmbH Gustav Obermeyer GmbH & Co. KG VENTAS SERVICES GMBH BALLCOM GmbH Wilbers Products GmbH Zahnarztpraxis Widmaier und Widmaier ESCON – Marketing GmbH Auto Krasser FAUSER AG Schiermeier & Niermann GmbH PATENTPOOL Innovationsmanagement GmbH Societaetstheater gGmbH Ars Intellegendi GmbH I.B.E. Institut für betriebliches Entgeltmanagement GmbH Werbeagentur VON DER SEE GmbH Manhattan Hotel Frankfurt Deal k-h-t GmbH & Co. KG Christian Thieme Greiner GmbH Membran Entertainment GmbH PAN+ARMBRUSTER GmbH archwerk GmbH Brandtec GmbH Kupfer Betreibergesellschaft für Fitness & Freizeitanlagen GmbH & Co. KG Autocentrum Engin GmbH Christof Wegner Güterkraftverkehr GmbH PENTAC Polymer GmbH IWT Wirtschaft und Technik GmbH Arena Berlin Betriebs GmbH Hamburger Stadtrundfahrt – Die Roten Doppeldecker GmbH Grünkauf System GmbH HP Enders Umweltservice GmbH Hotel – Restaurant  Fuchsbau Betriebsgesellschaft mbH HAHN Lamellenfenster GmbH Praxis für Zahnheilkunde Thomas Nordbruch Radiometer GmbH Toni Technik Baustoffprüfsysteme GmbH Penning Sanitär GmbH & Co. KG Ökolectric-Haus Ehmann GmbH item Media GmbH Inovatools Eckerle & Ertel GmbH Fritz-Bender-Stiftung Die Online Experten 4u GmbH Dast GmbH & Co KG Gebr. Kopp GmbH & Co.KG Anger Systemtechnik GmbH Zahnärzte Waging am See Dr. Marquard und Dr. Hartig GbR admixx GmbH – Mühlacker Cloud Consulting Group GmbH Dresdner Stadtrundfahrt – Die Roten Doppeldecker GmbH Lübbe Transport & Logistik GmbH Neurologische Gemeinschaftspraxis im Bienenkorbhaus Mahlwerck Porzellan GmbH prisma plan ing. GmbH Wilh. Schmitz GmbH Maschinen und Apparatebau Zirngibl Bestattungen GmbH PsychoLogik Marktforschung GmbH SAAZOR WÄLZTECHNIK ZORN GmbH u. Co. KG Sweetware GmbH & Co. KG AUTEC GmbH & Co. KG Bertram GmbH Ingenieurbüro Theo Erb GmbH Eisenmann intec GmbH & Co. KG MIXACO Maschinenbau Dr. Herfeld GmbH & Co. KG Praxis Projekt KG ISOTEC-Fachbetrieb Abdichtungstechnik Schiefelbein GmbH & Co. KG JOI-Design Innenarchitekten A D joehnk + partner mbB Helma Interior Draht-Hemmer Betriebs GmbH Reisebüro & Busunternehmen Belitz JUMA Logistik GmbH Talent Garden GmbH GFD Gesellschaft für Datenverarbeitung mbH Elastique. GmbH Drehmoment – Agentur für kreatives Marketing GmbH Senic GmbH Facharztpraxis für Oralchirurgie und Implantologie
PSi Laser GmbH BIOMES NGS GmbH Liqmatic GmbH Böhnleins Partyservice GmbH waytowin GmbH ACBIS GmbH aaronprojects GmbH Pflegehof Domersleben GmbH & Co. KG dt druckluft-technik Langer & Pfeil GmbH STERNWALD SYSTEMS GMBH LF Consult GmbH Rollo Solar® MELICHAR GmbH Camping-Center Klein GmbH Baltes GmbH Pfefferminzia Medien GmbH Hermann Gittfried Gmbh & Co. KG Messegrafik & Messebau Schreiber Tierheim Carl Hildebrand & Tierschutzverein Kaiserslautern und Umgebung e.V. Gehling  Flugtechnik GmbH Pientka GmbH Narr Francke Attempto Verlag GmbH + Co. KG MKM BRANDSCHUTZ – Ingenieurbüro für Brandschutz Kittner-Meier dataREAL Meßtechnik GmbH Winfried Werne Immobilien GmbH STELLA Kunststofftechnik GmbH Lingua-World GmbH atb Systemetiketten GmbH & Co. KG Spreespeicher Event GmbH DW-STORE Inh. Matthias Schalk konzepta REAL Gebäudemanagement GmbH IPM Institut für persönlichkeitsorientiertes Management GmbH Gemeinschaftspraxis Wenzel/Spelter/Mallach Wuppertal Satherm GmbH pacoon GmbH Ingenieurgesellschaft Hellmich + Partner mbH facilioo GmbH IP Zollspedition GmbH Augenarzt Dr. med. Rainer Volz Mainblick – Agentur für Strategie und Kommunikation GmbH Apo Care GmbH Bund der Selbständigen Baden-Württemberg e.V. Hotel im Krummbachtal Kahl GmbH & Co. KG Fernwärmegesellschaft  Baden-Württemberg mbH Dorn Biervertriebsges. mbH G.O.L.F. – TIME Verlag GmbH VH24 GmbH Hausverwaltung Schlütter GmbH WELTER zahnrad GmbH GESRA Gerätebau GmbH iPoise Unternehmergesellschaft Axel Zangenberg GmbH & Co. KG Industrieverband Hamburg e. V. Caterwings Services GmbH Huber GmbH Specht Fleischwaren Vertriebs GmbH & Co.KG Versicherungskontor Reisch & Reisch OHG ABH Stromschienen GmbH SKI GmbH + Co.KG taskhopper Service für Menschen GmbH Weier Antriebe und Energietechnik GmbH Wind GmbH Bamberger Kaliko Textile Finishing GmbH Otto Glas Handels GmbH Montagebau Hartmann GmbH M&K Gewürze und Wertstoffe GmbH Lavanda Verlags-und Marketing GmbH Kurzentrum Soziales Genesungswerk Pelzerhaken (Ostsee) e.V. K. Gerdes GmbH FILCOM GmbH Deutscher Verband der Ergotherapeuten e.V. CleanFix Service CGS – Computer Gesteuerte Systeme GmbH ROHDE CLEAN GMBH ABD Media GmbH Schindelar Center Autoverwertung GmbH Vermeer Deutschland GmbH Autohaus Südring Datteln GmbH AviaFund Solution Services GmbH Nutzfahrzeuge Hasselfelde GmbH mediatack GmbH Landhotel Huber am See kapilendo AG JMT Mietmöbel Deutschland GmbH & Co.KG HR-Recruiting Services GmbH HANN & KROPP Consulting GmbH & Co. KG Fa. Maierhofer GmbH & Co. KG Eugen Hensle Ordnungs- und Zuführtechnik GmbH Dipl.-Kfm. Volker von Unruh DEDERICHS & REINECKE Public Relations GmbH & Co. KG COREDINATE GmbH Clearwater International GmbH A & T Immobilien GmbH 42ponies GmbH RHMD Reimer Hausmeisterdienste AKS-Messtechnik GmbH Alpu GmbH AKO Armaturen & Separationstechnik GmbH Sandmaster GmbH TIERÄRZTLICHE GEMEINSCHAFTSPRAXIS C. HAAGS & A. RAPP, GBR W.u.E. Rau GmbH AWO Sozialstation Rems-Murr gGmbH B&K Lettershop Kröger GmbH & Co. KG OTTO DÜRR KG Life Fitness Europe GmbH LC Liegenschaft Consulting GmbH KORODUR Westphal Hartbeton GmbH & Co. KG Klokow Industrietechnik GmbH item GmbH press & mail euprax Perchtold & Partner Steuerberater Rechtsanwälte PartG mbB Elektro Bömelburg GmbH ADCOLE GmbH Taxi-Kasiske Wallek&Geser Spezialtransporte GmbH. Zweckverband zur Trinkwasserversorgung und Abwasserbeseitigung Torgau – Westelbien apero GmbH Arbeitsgemeinschaft für Pharmazeutische Verfahrenstechnik e. V. (APV) AviaRent Invest AG Bauunternehmung M. Grundner GmbH NSG Net Solution GmbH Möller-Preussler Transformatoren GmbH Leonardo Personal-Konzept GmbH Internetvertrieb Michael Bergs Grüner Store – Jörg Grüner Escape Clothing GmbH EPUTEC Drucklufttechnik GmbH Elektro Scheuermann GmbH & Co KG E. Geiger GmbH Druckhaus Stil BS-Concepts GmbH 1/2/3 Autoteile GmbH & Co. KG Pollozek GmbH & Co. KG Projektwerkstatt, Gesellschaft für kreative Ökonomie mbH Rochus Mummert Beteiligungs- und Dienstleistungs GmbH Alltech Dosieranlagen GmbH Theiml Personal-Service GmbH Tierärztliche Praxis für Kleintiere Scharnhorst GmbH Aximpro GmbH BEDRA GmbH Mashup Communications GmbH Jürgen Girrulat Hausverwaltung GmbH IQS International Quality Service GmbH Intermove GmbH eviom GmbH eticur) GmbH ethinking GmbH Erich Scheerer GmbH EMENDO Event + Congress GmbH & Co. KG
BUCH&media Ergotherapie Zschoge GmbH

FAQs – Frequently Asked Questions

  • Contents
  • Contract
  • DataGuard
  • GDPR
  • How do the employee training courses work?

    Your employees will be trained online via the DataGuard platform. They will initially learn the essential topics on data protection and complete a test thereafter. If the test is passed successfully, the respective employee will receive a certificate. Otherwise, the employee may attempt the test again. Each employee will take approximately 30-45 minutes to complete the course.

  • How do the audits work?

    We will carry out the initial data protection audit (the GDPR assessment) with you online and via telephone. First, you and the department representatives of your company will complete a range of questionnaires according to each representative’s department (procurement, finance, human resources, sales, IT, security) and provide us with information on your company’s specific data processing activities (or so-called “core processes”). Your personal Data Protection Officer will evaluate the completed questionnaires and speak to each department representative via phone. After each audit call, DataGuard will prepare the corresponding minutes which will be shared with you.

    Based on the audit, we will produce recommendations for action as well as all the documents required under data protection law (records of processing activities, TOM).

  • Who creates the data protection documentation?

    The data protection documentation is prepared by each controller (a natural or legal person which determines the purposes and means of the processing of personal data) or processor (a natural or legal person which processes personal data on behalf of the controller).

    This data protection documentation consisting of the records of processing activities and the Technical and Organizational Measures is prepared jointly with you and will go beyond the legal obligations of a Data Protection Officer (DPO), as the law only specifies for the DPO to provide information and advice.

  • What is the difference between a standard processing activity and company-specific processing activity?

    The standard processing activities are secondary processes in a company (e.g. in procurement, finance, human resources, security, sales). The company-specific processing activities represent the value-adding core process of a company.

    We prepare the data protection documentation for all these processes in the records of processing activities based on your information during the data protection audit.

  • What are the Technical and Organisational Measures (TOM)?

    TOM refers to all activities that are carried out as a standard procedure in an organisation in order to protect personal data. The term is very broad and can mean totally different things in different companies. As the name suggests, these measures can include both technical procedures and organisational processes. The technical and organisational measures of an organisation must be documented in the records of processing activities, which documents your security procedures (both offline and online) and advises you on compliance with the legal requirements that apply to you.

  • What should the company size be for data protection documentation to be necessary?

    The records of processing activities are always obligatory if there are 250 or more employees. If there are less than 250 employees, it would only be necessary if the data processing is not only occasional, the processing caries a risk to the rights and freedoms of data subjects, if special categories of data are being processed, or personal data is processed through criminal convictions and offences.

  • What are Data Processing Agreements (DPA)?

    If data processing operations are outsourced to an external service provider, it is necessary to conclude a data processing agreement. The DPA sets out the subject-matter and duration, nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller. Through this contract, the contracting company (the controller) ensures that the other company (the processor) is bound to their obligations.

    Order processing often already exists if, for example, companies have payroll accounting performed by other companies or remote maintenance is performed by external IT service providers.

  • What does the Data Protection Impact Assessment (DPIA) do?

    The data protection impact assessment is a risk analysis for processing operations that are likely to result in a high risk to the rights and freedoms of natural persons, involve the processing of large volumes of special categories of personal data, include the use of new technologies and profiling / scoring techniques or exercise the systematic and comprehensive monitoring of publicly accessible areas. This assessment is aimed at making it possible for companies to take protective measures for the rights and freedoms of data subjects at an early stage.

  • What can I use the additional consultation hours for?

    The consultation can be used for purposes such as data subject inquiries or queries by the authorities, checking documents for employees and customers, verifying the level of compliance of software/hardware with GDPR, as well as for external audits.

  • How much work for my company does the data protection project entail?

    The new data protection legislation often leads to an increased administrative burden and more work in general. However, if you designate an external Data Protection Officer, such as DataGuard, it will reduce a large bulk of the workload, including administrative tasks so you and your company may focus on the company’s core activities.

  • How do I commission DataGuard?

    After an initial conversation with one of our specialists, you will be recommended a service package that suits your company (Basic, Medium, Medium+, Premium). You may then sign the contract sent to you by email, scan and return to us via email.

  • What are the next steps after signing the contract?

    We will assign a personal Data Protection Officer (DPO) to you and send you the official certificate of appointment, as well as provide you the access data to our DataGuard web-platform. It will be required for you to sign the certificate of appointment and provide us with basic information such as contact persons within your company. We will then prepare the data protection audits, provide the privacy policy for your website, and conduct the employee training courses. Additionally, it will be necessary for you to forward your DPO’s contact details to the relevant supervisory authority. Please refer to the diagram on our website to view the full journey.

  • When would the contract begin?

    The contract can start on the 1st or 15th of each month.

  • What is the duration of the contract?

    The contract period is 24 months. The contract may be terminated with an advance notice of 6 months ahead of when the contract would end.

  • Can I upgrade a package while the current package contract is still running?

    Yes, you can upgrade a package during the contract period without the agreed contract period being extended. However, please note that a downgrade is not possible.

  • Is it possible to book additional consultation hours?

    You can book individual sessions for 180 € per hour at any time. However, the privacy requirements of your company and hence the appropriate allocation of package would have already been determined in the initial consultation call. This means the number of consultation hours is generally sufficient.

    If necessary, it would also be possible to upgrade your service package.

  • Who is DataGuard?

    DataGuard is a data protection company headquartered in Munich, Germany. Since our establishment at the end of 2017, we have now grown to 100 employees and have become one of Germany’s leading providers of external data protection. With our self-developed machine learning-driven “Privacy-as-a-Service” solution – a hybrid of personal consulting and software-as-a-service – we cater to over 1,000 business customers in more than 400 cities and 300 industries throughout Europe.

    In addition to small and medium-sized companies, our customer portfolio also includes major international corporations (industry, finance and trade), political parties, schools, sports clubs as well as churches and public institutions.

    Our partner network includes some of the largest German industry associations (BVDS, DEHOGA, wvib, BVMW etc.) as well as Deutsche Telekom as sales partner and IBM as technology partner.

  • What is DataGuard’s “Privacy-as-a-Service”?

    Personal consultation and support + platform/software support:

    An interdisciplinary team of lawyers, computer scientists, engineers, business economists etc. supports our customers in teams of 2-4 TÜV/DEKRA certified Data Protection Officers who specialize in the fields of data protection and IT security. As our platform/software is used intensively, we do not consider ourselves a consultancy but a legal-technology company with an approach that is scalable both in Germany and internationally.

    The personalized consultation of our customers is supported by a specially programmed web platform. It digitizes and automates manual and repetitive processes and processes data input with machine learning, amongst other things. The platform is used by our customers and our team. In June 2018, we filed a patent for our invention with the European Patent Office under reference number Q0144EP.

  • What is DataGuard’s geographical radius of action?

    We cater to customers nationwide and throughout Europe. Communication takes place primarily via e-mail, phone, as well as on our own specially developed web-platform so that we may advise you anywhere and at any time.

    In a continuous exchange we will work together via our intelligent web platform. The platform is intuitively comprehensive and has no entry barriers. All information on data protection in your company can be viewed at any moment via a dashboard. Our platform is, of course, subject to the highest security standards. All information is protected against unwanted access by a trusted cloud. This cloud not only fulfils applicable security regulations, but also our own high standards of IT and data security.

  • Does the Data Protection Officer not have to be physically on site?

    No. What’s important is that the Data Protection Officer has all the necessary information needed to fulfil their tasks and that they can be directly contacted by the company’s management team, employees, customers as well as by the authorities. We can offer you all of the above as we can be contacted personally by telephone or e-mail from Monday to Friday during office hours from 8AM to 6PM. The advantage here is that you don’t have to make any on-site scheduling so that you and your employees may focus on day-to-day business. This results in time being saved which can be used productively for your operational needs.

  • What motivates us?

    Data protection of course! The claim that each and every person expects their data to be placed in responsible hands.

  • When does the GDPR apply?

    The new General Data Protection Regulation (GDPR) has been applicable and binding since 25th May 2018.

  • What should the company size be for a Data Protection Officer to be necessary?

    Provided that there are usually at least ten persons permanently involved in the processing of personal data, the appointment of a Data Protection Officer is mandatory according to German data protection law. This also includes external service providers such as an external accounting department.

    If you carry out processing which is subject to a data protection impact assessment or process personal data for business purposes for the transmission / anonymised transmission of personal data, or for the purposes of market or opinion research, then you must appoint a Data Protection Officer, regardless of how many employees are involved in the processing of personal data.

  • What competences must a Data Protection Officer have?

    Many companies opt for the supposedly obvious, such as designating an employee from their own workforce as DPO. However, this is not possible without further measures. There are a few things to consider.

    A data protection officer must have the following competencies:

    • Full knowledge of the relevant: GDPR, national laws (BDSG, TMG, TKG)
    • Legal understanding
    • Extensive technical expertise
    • Knowledge of the IT basic protection catalogues of the Federal Office for Information Security (BSI)
    • Ideally, corresponding certifications
    • Reliability and personal integrity
  • Who is eligible to be designated as Data Protection Officer?

    The following individuals may not be designated as Data Protection Officers:

    • Managing Directors or General Managers
    • Senior Management (especially management of the IT department)
    • Unqualified or insufficiently experienced persons

    This is due to the fact that the legislation wishes to avoid conflicts of interests and possible sources of error.

  • What are the consequences of violating the GDPR?

    Fines of up to 20 million euros or up to 4 percent of the total worldwide annual turnover of the previous financial year, whichever is greater, may be imposed. Many violations, such as the failure to appoint a Data Protection Officer, are considered gross negligence. Managing Directors may have unlimited liability with their private assets.

    It took less than half a year for the first company to suffer the consequences of the GDPR: Due to a security breach the chat provider Knuddels from Karslruhe had to pay a penalty of 20,000 Euro. Now that the first punishments have been carried out, other companies no longer have the benefit of a grace period to be GDPR compliant. The supervisory authorities are now consistently in search of violations.

Receive a quote immediately. We would also be happy to advise you by telephone.

I have read and understood the Privacy Policy, in particular, point VII.

Get an Offer
089 442 550 - 62649