Data protection does not have to sound complicated. It has to be legally sound and work in day-to-day practice. That is precisely what often fails in practice: either everything is buried under templates, checklists and forms, or the legal basis is missing at the crucial points.
Small and medium-sized enterprises in particular do not need a data protection façade, but a clean, practical solution. Anyone who processes personal data must know what is actually necessary, where the risks lie, and which measures not only look proper on paper but also work in day-to-day operations.
I advise companies on data protection obligations, GDPR compliance, and how legal requirements can be implemented sensibly—without unnecessary complexity and without the usual walls of text that no one reads to the end.
Typical Cases
Data protection in the company
Many data protection problems do not arise because nothing is regulated at all, but because half-correct solutions are in circulation: templates from the internet, outdated drafts, unclear responsibilities, or processes that were never properly assessed from a legal perspective.
I review which obligations actually apply in the specific company, which processes are relevant under data protection law, and where action is required.
Website, online shop and digital processes
Data protection does not end with the privacy policy. Especially on websites, in online shops and when using digital tools, the question regularly arises which data is processed, what information must be provided, and which integrations or processes may be legally problematic.
I review website and online matters, assess data protection risks, and help develop practical solutions that are not only legally defensible but also technically and organisationally feasible.
Employee data and internal processes
Data protection issues in the employment relationship do not affect only large companies. Smaller businesses also process sensitive employee data and must know what is permissible and what is better avoided.
I advise on data protection issues in the employment context, on internal processes, and on which rules and measures are actually required.
Rights to access, erasure and injunctive relief
Data protection law is not only organisational law for companies. It is also about specific rights—such as the right of access, erasure or injunctive relief. This is precisely when it quickly becomes clear whether data protection processes are robustly set up or were merely well-intentioned.
I review which claims exist, how to respond, and which course of action is legally appropriate.
What really matters in data protection
Data protection law is not an end in itself. It is intended to limit risks, safeguard rights and legally secure processes. This does not require a maximally complicated solution, but one that fits the company’s actual structure.
What matters is therefore not whether yet another document can be produced somewhere. What matters is whether the legal basis is correct, whether processes are structured in a comprehensible way, and whether the requirements can actually be maintained in day-to-day practice. Everything else is usually just neatly formatted reassurance material.
What sets me apart in data protection
I do not view data protection in isolation, but as part of operational reality. Legal requirements must be robust, but they must also be practically implementable. Otherwise, you may end up with paperwork, but not a viable solution.
As an attorney and graduate economist, I therefore look not only at legal permissibility, but also at effort, feasibility and economic reasonableness. Data protection does not have to sound good. It has to be right.
If you would like to know where action is actually required in your company and which solution makes sense legally and in practice, please briefly outline your matter to me.
Briefly describe what this is about.
☎️ 05204 – 9249884 · info@anwaltskanzlei-nieweg.de
Callback usually on the same business day.
