Data Protection Consultation - Experts at your Service

heyData - Your reliable partner for data protection

Data protection consultation by specialised lawyers

heyData offers companies of all sizes nationwide comprehensive data protection support with a team of lawyers specialised in all GDPR topics.

  • check Comprehensive and digital data protection audit
  • check Preparation of the complete data protection documentation
  • check Certified data protection training

Why is a data protection consultation important?

Data protection is more than just a legal requirement - it's a brand, a testament to your sense of responsibility and integrity as a business. As technology has advanced rapidly, so have the threats to your data. Professional data protection advice can help you meet the complex requirements of data protection law and increase the trustworthiness of your business.

How can a data protection consultation help your company?

A comprehensive data protection consultancy helps your organisation govern and manage all aspects of data protection. It helps you comply with applicable data protection laws and regulations while protecting your company's and your customer's data.

The basic principles of the GDPR

The GDPR is based on several basic principles that you as a company should observe:

  1. Lawfulness, fairness, and transparency: You must ensure that the processing of personal data is lawful, fair and transparent. This means, among other things, that you need to obtain the consent of data subjects before processing their data.
  2. Purpose limitation: You should only process personal data for specified, explicit and legitimate purposes. You should ensure that the data is not used for purposes other than those for which it was originally collected.
  3. Data minimisation: You should only collect the personal data that is necessary for the purpose. It is important to avoid unnecessary data collection and to ensure that you clearly state what type of data you will collect.
  4. Storage limits: You can only store personal data for as long as is necessary for the purpose in question. It is important to review data regularly and delete it when it is no longer needed.
  5. Integrity and confidentiality: You must take appropriate security measures to protect personal data from unauthorised access, loss, or theft. This includes the implementation of appropriate technical and organisational measures

The benefits of our data protection consultation

  • Expertise: Our data protection advisors are highly qualified experts with legal expertise. They know the specific requirements of different industries and can help you to efficiently implement data protection in your company.
  • Time saving: The implementation of the GDPR requires a thorough analysis of your existing data protection practices. Our data protection advice helps you to make this process more efficient so that you can save time and focus on your core business.
  • Legal certainty: Through our data protection consultation, we ensure that you comply with all legal requirements of the GDPR. This also minimises the risk of fines.
  • Customer trust: By focusing on being compliant with the current regulations, you ensure your customers' data is protected, and build trust in your brand. Customers are more likely to choose a service that is proven to comply with data protection regulations.

At heyData, we understand the needs of businesses and offer customised data protection solutions.


Data protection is an essential aspect for any business in the digital age. Professional data protection advice can help protect your business from legal difficulties and strengthen the trust of your customers.

Our team of experienced lawyers offers you not only sound legal knowledge, but also a deep understanding of the technical and organisational aspects of data protection. We understand the data protection challenges that businesses face and offer workable, tailored solutions.

Get in touch with us today for a free initial consultation and find out how we can help your business with data protection.

Hear it From Our Customers

Frequently asked questions

View our prices

There are various contacts for questions about data protection.

  • For private companies or organisations, the company data protection officer (DPO), as well as an external data protection officer, or in the case of smaller companies, an internal person who is familiar with data protection, can help in the first instance. 
  • For public bodies, such as public authorities or schools, there is usually a data protection officer who acts as a contact person for questions on data protection.
  • Other contact points for questions on data protection can also be consumer centres or data protection officers of the respective federal states. The Federal Office for Information Security (BSI) also offers advice on data protection issues.

We offer the use of a team of state-certified lawyers and attorneys who specialise in companies of different sizes and industries.

A data protection advisor, also called a data protection officer (DPO), is a person who assists companies and organisations in implementing data protection regulations. His or her role is to check compliance with data protection laws and regulations and to protect the personal data of customers, employees and others.

Specifically, a data protection advisor may undertake the following tasks:

  • Advice: the data protection advisor advises companies and organisations on data protection requirements and makes recommendations for implementation.
  • Training: The data protection advisor trains employees and managers in the handling of personal data.
  • Monitoring: The data protection advisor monitors compliance with data protection regulations and checks the technical and organisational measures for securing personal data.
  • Documentation: The data protection advisor often prepares and reviews documents relevant to data protection, but in some cases data protection coordinators also take on this activity.
    The data protection advisor is therefore an important interface between companies and data protection authorities and helps to ensure that personal data is processed securely and in compliance with the law.

We take care of all this and also offer software that simplifies the life of both the employee and the employer.

Violations of the General Data Protection Regulation (GDPR) can be punished by competent data protection authorities with significant fines. The amount of the fines depends on the severity of the violation and the economic damage caused.

In detail, the following sanctions can be imposed for violations of the GDPR:

  • Warning: In the case of a first infringement or a minor infringement, the data protection authority may initially issue a warning.
  • Fines: Fines may be imposed for serious violations of the GDPR. The amount of the fines depends on various factors, such as the turnover of the company or the type and severity of the violation. The maximum level of fines is up to 4% of the group's annual global turnover or €20 million (whichever is higher).
  • Cease and desist or removal order: The data protection authority may issue an order requiring the company to remove the breach or to cease and desist in the future.
  • Public notice: In the case of particularly serious violations, the data protection authority may make the violations public.
  • Prohibition of data processing: In the case of particularly serious violations of the GDPR, the data protection authority may prohibit the company's data processing.

In addition, persons whose rights have been violated by breaches of the GDPR may also assert claims for damages against the company. It is also possible that competitors or consumer protection agencies send warning letters to a violating company, for which the company must pay.

It is therefore important that companies and organisations comply with the requirements of the GDPR and check their processes and systems for data protection compliance.

Data protection breaches can be reported to different places depending on where the breach occurred and what type of breach it is. Here are some possible places to go:

  • With the organisation concerned: if you suspect that a company or organisation has breached data protection rules, you should first try to contact the organisation concerned directly to resolve the issue.
  • With the competent data protection authority: In Germany, this is the data protection authority of the federal state in which the company or organisation that has violated data protection regulations is located. You can find the contact details of the respective authorities here.
  • With the police: If it is a serious breach of data protection that can also have criminal consequences, you should inform the police.
  • Consumer advice centres: Consumer centres can also help with data protection violations and provide legal assistance if necessary.

It is important to emphasise that there are different contact points in each federal state, so it makes sense to find out about the responsibilities in advance.