Data pro­tection audits / auditing

Regular auditing is an elementary component of every data protection management system, the GDPR now explicitly demands such an audit in Art. 32 GDPR.

  • Directory of processing activities, Art. 30 GDPR including data protection impact assessment
  • Data protection law processes
  • Fulfilment of information obligations, Art. 12 - 14 GDPR
  • Safety of processing, Art. 32 GDPR
  • Comprehensive legal know-how in data protection law and related fields of law such as labour law, competition law, IT law, copyright law
  • Experience in conducting conversations
  • In-depth knowledge of data protection management systems and the requirements for implementation in the company
  • Structured and analytical approach to auditing and documentation
  • Initial audit to determine the data protection level in the company
  • Auditing of individual company divisions for data protection compliance
  • Auditing of the company website
  • Process audits
  • Regular audits within the framework of the data protection management system


Your partner

Lawyer Michaela Berger, LL.M.


Specialist lawyer for IT law

certified data protection officer (TÜV Süd)

certified data protection auditor (TÜV Süd)