Data protection in companies

We support you - pragmatically, practically and future-oriented.

Whether to comply with the law or to secure their own reputation, data protection is now a high priority in most companies. Since 25 May 2018, all relevant processes in the company must have been adapted to the EU data protection basic regulation. Failure to do so could result in sanctions ranging from the mild rebuke of a supervisory authority to fines and the discontinuation of all processing activities. But it doesn't make a good impression on customers or employees, either, if companies appear too laissez-faire in the area of data protection.

However, data protection should not be an obstacle to business or innovation. According to the motto "As simple as possible, but not simpler", we accompany you - not according to scheme-F, but practically explained and future-proof in the development or continuation of your data protection organisation.
We speak your language and make data protection understandable for you and your employees.
Because it is much easier to live what you understand and a reasonable investment in the subject can therefore be beneficial.

Would you like a clear and honest insight into the current situation of the company with regard to data protection, support for your data protection officer or a reliable partner who can take care of all data protection issues for you?

We can!

External, designated data protection officer

As the appointed data protection officer of your company, we take on the function of an operational data protection officer. Our team is always up to date, multilingual and has in-depth experience in a wide range of industries. This includes among other things:

  • Inventory and risk analysis of the data protection organization
  • Advice on data protection law and technical aspects of planning new processing activities
  • Creating or updating the privacy policy
  • Aufbau des Datenschutzkonzeptes
  • Development of the data protection concept
  • Training, also sector-specific, of employees on data protection
  • Support in data protection impact assessments (DPIA)
  • Support in setting up or updating the documentation of technical and organisational measures
  • In-depth risk assessment through on-site inspections
  • Advice on project-specific data protection issues
  • Linking the data protection guidelines with the existing quality management system
  • Consulting and support for innovative projects
  • Advice and support for employees on personal and business data protection issues
  • Service provider review related to data protection (technical, organizational, legal)
  • Assistance in the negotiation of order processing agreements

That would help you? Please do not hesitate to contact us.

Data protection consulting

Individual projects, processing activities, concepts or "only" ideas should be checked and documented with regard to their data protection technical and legal feasibility or conformity?

That's what we're offering:

  • Basic consulting
  • Inventory and risk analysis Data protection
  • Advice on data protection technology when planning new procedures for processing personal data
  • Creating the data flow diagram
  • Structure of a data protection concept
  • Preparation of processing documentation
  • Training of the employees involved in the project on data protection and information security
  • Advice on the development of the necessary technical and organisational measures and
  • review of existing technical and organisational documentation.
  • Checking the status of compliance with EU GDPR requirements

That's what you're looking for? Please do not hesitate to contact us.

Data protection audit

Would you like a clear, comprehensible and objective assessment of your company's data protection structure? We analyse the data protection relevant processes and documents as well as service providers of your company, prepare a report and give concrete recommendations for action.

This includes, among other things:

  • Inventory and risk analysis data protection
  • Review of
    • any existing privacy policies
    • the data protection concept
    • the documentation of processing activities
    • training concepts
    • data protection impact assessments carried out (DPIA)
    • existing documentation of technical and organizational measures
  • In-depth risk assessment through site inspections
  • Checking the status of compliance with the requirements of the EU data protection basic regulation

This is going in the right direction? Please do not hesitate to contact us.

IT security & governance

As a company, you are confronted with a variety of requirements on the part of your customers and legislators with regard to IT security. We advise and accompany you during the introduction and implementation of IT security management systems, IT risk management systems, internal control systems (ICS) and the necessary processes to establish and continuously improve an appropriate level of information security.

Services of rehm Datenschutz GmbH:

  • Support of the Information Security Officer (ISO), if necessary provision of an external ISO
  • Execution of information security risk and vulnerability analyses
  • Accompaniment of all measures regarding logical and physical security
  • Creation and regular revision of IT security and IT emergency manuals
  • Simulation and practice of IT emergencies
  • Coaching and preparation of your organization for information security audits
  • Conducting information security audits at your suppliers and service providers
  • Conducting training events to raise employee awareness
  • Implementation of information security concepts/ ISMS according to art. 32 GDPR
  • Support during the implementation of Federal Office for Information Security IT-Grundschutz (IT Basic protection) 100-x / 200-x
  • Consulting for the implementation of your IT continuity strategy


Would you like to know more? Get in contact with us.

Service provider audit

Do your external service providers have access to your company's personal data? Are you aware of the need to be able to prove that your cooperation complies with data protection regulations?

We check your service providers on the basis of available documents and/or on site. You will receive proof of a legally compliant audit in accordance with applicable data protection requirements.

  • Review of data protection agreements
  • Service provider check based on documents
  • In-depth assessment through site inspections
  • Processing documentation

An issue that we can solve for you? Please do not hesitate to contact us.

Workshop and trainings

We offer workshops on various topics. Always close to the topic, at eye level, lively and with clear and noticeable effects for your organisation.

Learn more about our extensive offer in the area of "Seminars & Lectures".

Would you like to know more? Get in contact with us.

Website analysis

  • Analysis of a website (URL) - without subpages or subdomains
  • Analysis down to the third level in depth
  • privacy statement
  • imprints
  • contact form
  • Dealing with Cookies
  • Dealing with trackers
  • Connections / References to social media functions
  • Newsletter
  • Detailed report on the analysis
  • Report and consultation meeting (30 minutes) to explain and plan individual measures

Would you like to know more? Get in contact with us.

Website analysis online shop

  • Analysis of an online shop
  • Analysis of online terms and conditions
  • Analysis of online right of withdrawal
  • Analysis of online conflict resolution
  • Detailed report on the analysis
  • Report and consultation discussion (30 minutes) to explain and plan individual measures

Would you like to know more? Get in contact with us.

Social media analysis

  • Analysis of a social media presence (e.g. Facebook) according to legal data protection standards
  • Detailed report on the analysis
  • Consultation (30 minutes) for explanation and individual action planning

Would you like to know more? Get in contact with us.

Website analysis of IT security

  • Automatic and partly manual scan of a website (URL) without external domains according to internationally recognized OWASP criteria
  • The security and performance of the web page is not affected (Light Weight Scan)
  • Login credentials may be required for the website (to be provided by the customer).
  • Detailed report on the results (generated by the scanning process)
  • Report and consultation meeting (30 minutes, optionally by telephone or web conference) for explanation and individual action planning

Would you like to know more? Get in contact with us.

IT auditing and IT management consulting

Well-functioning IT organisations are the most important element for secure and data protection-compliant handling of personal data and the systems that process it. Implementing tried and tested procedures and standards for IT service and security management is the promising way to make your organisation fit for the challenges of the EU GDPR.

You can find out how we can support you in this in the data protection audit section.

Would you like to know more? Get in contact with us.

Data protection for IT service providers and IT administrators

The General Data Protection Regulation has been in effect throughout Europe since 25 May 2018 and largely harmonises data protection law in the EU.

In addition, it significantly increases the requirements for evidence of compliance with the necessary - also technical - measures.

This one-day training explains what the regulation means for IT service providers and IT administrators and what opportunities it offers IT departments.

  • What is the EU GDPR and what does it regulate?
  • Why is it so important for companies to take measures to be properly positioned?
  • Significant effects for companies and IT administrators from the GDPR.
  • Data protection impact assessment tool for processing sensitive data: Execution obligations, preparation and involvement of the IT department.
  • Extended requirements for the documentation of companies and the resulting requirements for administrators.
  • Risks of non-existent or incomplete documentation.

Would you like to know more? Get in contact with us.