We and data protection

This page is a "first information" for authorities, companies, clubs, associations and other parties who are interessted in  data protection or rather IT security.

We have willfuly decided to provide the essential information as our business model is directed to recommendations and we experienced that a smart business information - like this page www.eedpo.com - is very helpful and time efficient after receiving an active recommendation. We have been growing our customer portfolio just by mouth to mouth by our clients since taking effect of the GDPR we are faced with a huge increase of requests.

A good provision of services contains "service, achievement and confidence". With the fulfilment of these 3 key points we compile our customers in future. Only satisfied customers stay customers and only satisfied customers recommend positiv. We are asking activly our customers if they are satisfied with our performance and if and where we may improve. We also animate our customers to recommend our business activly. Therefore we do not have to spend amounts of money for advertisements - our costs stay reasonable and therefore our customer prices.

We do not sell - we consult. Doing so it is important to us having a fair and transparent commerce. We also do not offer by default packages or flat rates off-the-shelf but demand for apointment of an external data protection officer a economic reasonable montly amount for both parties. Any other services which are resulting of the GDPR obligations and appointment of the data protection officer are charge by hourly or daly rates. You have at any time cost overview and no hidden and surprising costs as in plenty of various market offers. If you like to have monthly flat rate for a fix budget forecast please feel free to get in contact - we will find a solution together.

Overview of our services

A summary for your quick orientation

External Data Security Officer

Data Security Consulting

Data Security Audits

Data Security Expertise

Support/Substitution of internal Data Security Officers

Information Security Management

Information Security Audits

Information Security Expertise

Process Consulting (Lean Management)

Without IT security no digital data protection

Just with an effective IT security concept a data protection and the protection of major company data puts you in a position to protect data sustained. We cover both areas and consult you in one.

The combination of IT management and data protection management system is achieved at best if both systems are taken into account at the momtent of concept planning creation. In the ISMS we are a competent partner in introduction of ISO 27001. After successful certification thru an accredited authority you may use this activly as a proof of your IT security standard. Internatnioal rule - internationaly accepted.

We also do not underlie any conflicting interests. It is you who always decides with which IT provider you put your actions in place. If necessary we are in a very good postion and have a huge network to get assisted by national and internationl high skilled professionals. With the most of these professionals we allready worked  very successful in the past and gathered very good experiences.

We do not want to forget informing about that we support other internal and external data protection officers with our advise or as a sparrings partner.

Also we do appoint external CISO for compareable, fair and reasonable conditions like the external data protection officer – Support as a Service.


  • IT security actions: from risk analyse to employee super vision
  • ISO 27001 area in conflict to GDPR
  • Transparence rule: Your obligations of information and documentation
  • Cooperation rights works council: When they may and when they have to be integrated?
  • Access rights authorities: Which data has to be provided and which not
  • IT Security incidents and data protection incidents. These are your information obligations

We advise you beginning with the concept thru the implemantation and completion - if requested as project manager in your project management.


Companies without a legal entity in EU are obliged to have a deputy person acc. to article 27 GDPR as long as they do not process personal data of EU citizens occasionally.

We take over the deputy function and are contact point and contact partner for authorities and concerned persons. Our language portfolio is English, French and Spanish.

Our current deployable radius

GDPR is valid whole over Europe (EU) and with various savings clauses every EU country has the possibililty to establish supplemental local Data Protection laws. This was yet done by Austria and Germany (BDSG new version). Because of our international context we offer - also as Group Data Protection Officer - consulting in data protection process in the following countries, regions respectivly compnies out of these regions.







We do not want to create the impression just jetting thru Europe and produce travel costs. Our local focus is in Rhine-Main-Area, Münster area and full North-Rhine-Westfalia. Get the benefit of our wide expertise and flexibility.

We also advise SME and clubs in our closness - around Francfort and Nordwalde (Münster area) - a personal contact regarding our facilities is important to us.

Information Security Sequence



Record of actual situation

  • Organisatorical and technical check of existing IT infrastructure
  • Verification of processes
  • Verification of IT security
  • Etc.


  • Based on ISO 27000 program and parts of German BSI base protection recommendation
  • Of the general security level
  • Existing Infrastructure
  • Legal demands like data protection)
  • Etc.

Consulting and presentation

  • Report hand over
  • Discussion of security standards of your business based on the documentation
  • Risc analyse
  • Recommendations for actions
  • Etc.




The execution of actions is oriented on your priorisation based on budget and risk analyse such as


  • Emergency provision
  • Working with external IT provider
  • System recovery times


  • Administrator accounts
  • Network access
  • VPN and WLAN encryption
  • Authentification
  • Content security: web filter, spam filter


  • Protection of malware
  • User access management
  • Mobile device management
  • Passwords and encryption
  • Infrastructure securityand access control
  • Server room


  • Impact of IT black out
  • Administration
  • Security policies




Regular inspection of realized actions in place and its acceptance

In dependance of your specification we drive a gradual (or fast paced) development to the succesful conditon for reaching ISO 27001 certification in a continuous PDCA cycle.

Districts, Cities and Communities

Within the following regions we are locally very close to our customers in action e. g. as external Data Protection Officers.

Certified by TÜV and CertEuropa

  • Lean Six Sigma Blackbelt - CertEuropa
  • Data Protection Officer I Datenschutzbeauftragter DSB – TÜV
  • Data Protection Auditor I Datenschutzauditor DSA – TÜV
  • CISO I Information Security Officer (ISO/IEC 27001) – TÜV
  • ISA/ISLA I Information Security Auditor/Lead Auditor (ISO/IEC 27001) – TÜV
  • Controller of critical infrastructure companies I Prüfer für Betreiber kritischer Betriebe KRITIS

The certificates may be apprehended in regard to a business relationship. The same is applicable for requalification, perpetuation and extension of the experience in regard to a business relationsship.


Only satisfied customers stay with you and only satisfied customers do recommend! To keep cost on a reasonable level and to assure that advertisement is addressed to the right place we are working by our firm conviction with recommendations without a huge advertising "machine".

We keep our customer prices - your costs - also in your interest transparent and lean.

Recommend us activly and get a benefit!

If you recommend us successfully you get one time per effected recommendation a refund of your monthly basic cost within your next invoice. Please pay attention about the correct and in time assignment - to inform us about your recommendation before first contact with our new client.

Industry categories

For your orientation here is a selection of (international) industries where we do/did constulting, where we are in negotiations or where we are appointed as data protections officer:


Retirement homes

Medical practices

Building industries


Retail industries

Power firms

Whole sale


IT system houses



Food industries


Puplic authorities

Online provider

HR provider

Care facilities



Manufacturing industries

Tax advisors

Business consulting



We are flixible, pro-active and consult in further industries which we can't list amongst other reasons like confidentiality and privacy at this moment. Please get in contact.

We are member of

A good consulting needs professional preparation in the background and a competent expert exchange - constantly. We achieve this actively thru the leading associations and organisations in Germany where we are proud member:

GDD e. V.

Gesellschaft für Datenschutz und Datensicherheit e. V.

  • founded 1977
  • more than 3.500 members
  • more than 30 exchange of experience circles in Germany with more than 3.000 pariticipants
  • training of more than 10.000 data protection responsibles in the GDD-Datenschutz-Akademie

Source: GDD (Nov 2018)

Gesellschaft für Datenschutz und Datensicherheit

BvD e. V.

Berufsverband der Datenschutzbeauftragten
Deutschlands (BvD) e. V.

  • founded 1989
  • more than 1.600 members in total (Nov. 2018)
  • more than 722 company members
  • more than 169 external data protection officers
  • more than 332 statements to the "general business principle"
  • 11 regional groups in Germany
  • 9 working groups

Source: BvD

Bundesverband der Datenschutzbeauftragten


Please calculate 7 plus 5.

Links to governement and authorities