nationwide | digital | remote
Data protection is not your favourite topic? - We help you out!
We support companies in implementing the requirements of the GDPR - digital, simple and at fixed conditions.
Data Protection Officer (DPO)
TÜV-certified data protection officers - all inclusive at fixed rates.
Data protection consulting
360° GDPR: over 100 successful data protection projects - use our expertise to your advantage
Cookie Consent Management
Consulting, Design, Marketing – professional services and smart products for your website & eCommerce
What we do
Data Protection as a Service
Every company is unique, but the pain points of the GDPR are similar in many organizations. Our data protection consultants use our experience from the practical implementation and application of the GDPR to provide our clients with efficient data protection management - from answering individual questions to appointing the external data protection officer.
Cortina Consult has been advising companies on the BDSG and DSGVO for more than ten years. We advise both strategically and actively on the implementation of necessary data protection measures.
Nationwide Consulting - remote or on site
We support you in the following cities and the associated regions (remote and/or on-site), among others:
Berlin, Munich, Hamburg, Münster, Düsseldorf, Cologne, Frankfurt, Leipzig, Dortmund, Bochum, Bielefeld, Bonn, Bremen, Essen, Freiburg, Hannover, Osnabrück, Oldenburg, Würzburg, Dresden, Stuttgart and more...
Frequently asked questions about the external data protection officer
Regardless of the number of employees, you must appoint a data protection officer if particularly sensitive data (e.g. health data) is processed or if the core activity of your company is the collection, processing and use of personal data.
If your company has at least 20 employees regularly involved in automated data processing, you are required to appoint a data protection officer.
The law specifies requirements for cooperation between the DPO and data controllers. According to Art. 38/39 of the GDPR, data controllers must properly involve the DPO in all data protection issues at an early stage and provide him with all resources and access necessary to fulfill his duties.
Freedom from instructions
The DPO is free from instructions in this regard, but is not authorized to issue instructions. This means that the data controller may not issue any instructions to the DPO and the DPO may not issue any instructions to the data controller either. The DPO provides recommendations for action or advice with which the legal requirements can be met. He is an advisor, not a decision-maker.
The data protection officer undertakes to maintain secrecy or confidentiality and may not disclose any internal information or data relating to individuals.
To avoid unexpected costs, we emphasize transparency and offer our services in flat-rate subscription packages. If you are not sure which package is right for you, let us find out together in a short phone call.
The failure to appoint a data protection officer is a violation of the EU GDPR (Art. 37) and can be extremely expensive. High fines of up to 10 million euros or 2 percent of the previous year's turnover may be imposed.
External data protection officers at a fixed rates
Competent & cost-efficient: You want to appoint a data protection officer? Discover our DPO packages.
With the introduction of the General Data Protection Regulation (GDPR), we as a company were faced with major challenges. With Cortina Consult we got a welcome and professional support and the complex data protection law became a piece of cake.
Marcel Baldsiefen, Holz Richter GmbH
My experience with Cortina Consult has been very positive. The requirements of the GDPR were implemented in a practical way - and with an appropriate budget - for our company. In short: I feel I received honest and competent advice.
Julian Hilger, Hilltop Consulting GmbH
Usercentrics' Cookie & Consent Management helps us to be GDPR compliant while achieving high opt-in rates. In this way, we can handle sensitive data in a legally compliant manner and still conduct targeted marketing.
Johanne Schwensen, It´s Complicated