Stay ahead of the game when it comes to Data Protection.

We can help you identify areas in your company where action is required and develop possible measures to close any gaps.

The General Data Protection Regulation (GDPR) requires you to take appropriate technical and organizational measures to protect personal data in your companies. All data processing must also be documented in a register of processing activities.

As a subsidiary of WOLF THEISS Rechtsanwälte GmbH & Co KG, we have access to a large, international network of legal experts who can assist with all legal issues relating to data protection.

Ensure your company's compliance with the GDPR and maximize transparency towards your customers and employees.

Roland Marko (Senior Legal Consultant)

Which companies must appoint a data protection officer?

Companies whose core activity consists of carrying out processing operations which, by virtue of their nature, their scope and/or their purposes, require extensive regular and systematic monitoring of data subjects (e.g. banks, insurance companies, credit reference agencies and professional investigators).

Your company processes sensitive data or collects data on criminal convictions or offenses (e.g., hospitals or correctional facilities).

(*Voluntary appointment of a data protection officer is possible at any time and makes sense in most cases.)

Why are external data protection officers useful?

If employees act as data protection officers, they should not be responsible for tasks that present conflicts of interest with the function as DPO. By outsourcing this function, you avoid internal risks while ensuring compliance with all legal requirements.

As external data protection officers, we advise you and your company on all data protection issues, ensuring ongoing compliance with legal standards, adaptation of procedures to the requirements of new legislation, and any updates to internal processes within your company.


We train and advise your team on your obligations under data protection law.


We monitor and review compliance with data protection regulations and policies for the protection of personal data, including assigning responsibilities, raising awareness and training your employees.


We advise in connection with a data protection impact assessment and the monitoring of its implementation.


We work together with the supervisory authority and are their point of contact.


We maintain your register of processing activities.