Our team consists of individuals from diverse backgrounds, including lawyers and attorneys, educated in both Europe and the US, technicians, and consultants.
Georgine Berger, Co-Founder / COO

Our Subscription Services
EU Representative
$ 149,00 / month
$ 1499,00 / per year
EU based Contact point for supervisory authorities & data subjects (mail & physical letters)
Information forwarding service
GDPR update service
Data Protection Officer
$ 149,00 / month
$ 1499,00 / per year
EU based Contact point for supervisory authorities & data subjects (mail & physical letters)
Information forwarding service
IT & legal expertise combined
Website Check
$ 490,00 / one-time purchase
Evaluation of frontend website services & consent management
Privacy Policy Check (Article 13 + 14 GDPR)
Technique-oriented action instructions
Boost in sales in Europe
No risk of harsh penalties
Less GDPR related support cases
3 Services billed monthly
Save -10 % by annual payment
3 Services billed yearly
Additional Services
In case you need further support
Proven by Success
For us dataprotectionofficer.io is the perfect 360° GDPR Service. Like Fire & forgett we can focus 100 % on our business!
Corinne McCarthy, COO Somecompany Inc.
For us dataprotectionofficer.io is the perfect 360° GDPR Service. Like Fire & forgett we can
Corinne McCarthy, COO Somecompany Inc.
For us dataprotectionofficer.io is the perfect 360° GDPR Service. Like Fire & forgett we can focus 100 % on our business!f orgett we can focus 100 % on our business!
Corinne McCarthy, COO Somecompany Inc.
News
Recent Updates on GDPR
Data Protection
Software distributor, Dedalus Biologie faced a 1.5 million fine for data breach and other GDPR violations.
Data Protection
The EU-U.S. Data privacy Framework is here: U.S. companies can now self-certify to participate in cross-border transfers of personal data.
Data Protection
Five-digit fine for unlawful use of GPS tracking software in company vehicles
Data Protection
The Italian data protection authority has imposed a fine of EUR 1.4 million on Douglas Italia S.p.a., a European beauty and cosmetics retailer for various GDPR violations.
Free GDPR Updates in your inbox
Wo We Are
Savvy humans – good to know

Mariella Stubhan
Co-Founder/CEO
Georgine is specializing in data protection law and law with regards to new technology. She studied law at the University of Salzburg and at the University of the Pacific, McGeorge School of Law (California).

Peter Harlander
Co-Founder/CEO
Peter Harlander is registered attorney both in Austria and Germany. He has dedicated his professional career as a lawyer for 20 years entirely to the legal aspects of data protection, IT, the internet, and marketing.

Sebstian Riedlmair
Co-Founder/CEO
Sebastian Riedlmair is specializing in various legal aspects, including data protection law and the legal implications of new technologies. As data protection attorney he brings a wealth of legal expertise to our team.

Matthias Redl
Co-Founder/CEO
Matthias is an experienced software architect and CEO of legal web GmbH, a company that implementing a legally compliant CMP. His expertise supports us in the areas of software architecture and development with regard to compliance and implementation of legal requirements.
Schedule a Free Video Call
Pick your preferred time-slot directly
Frequently Asked
`Yes. The GDPR also applies to organizations that process personal data of individuals in the EU, regardless of the organization’s location.n content.
The fine for violating GDPR obligations can be up to €20 million or up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.
In addition, according to Article 77 of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority.
Instead of or in addition to the complaint with a supervisory authority, the data subject may also file a lawsuit.
The controller is the entity that determines the purposes and means of the processing of personal data. They have the primary responsibility for complying with the GDPR’s requirements. The controller exercises overall control over the personal data and is accountable for ensuring that data processing activities are lawful and in line with individual’s rights.
The processor is an entity that processes personal data on behalf of the controller. Processors act on the instructions of the controller and are engaged by the controller to perform specific processing activities. Processors have limited responsibilities compared to controllers, and they must follow the controller’s instructions regarding data processing.
You are obliged to appoint an EU represenatitive if your processing activities are related to the offering of goods or services to data subjects in the Union, or in the monitoring of their behavior as far as their behavior takes place within the Union.
This means that if you are not located in Europe but are targeting the European market, you are required to appoint an EU representative.
Numerous companies are obliged by law to designate a data protection officer (DPO). Furthermore, it is advisable for any company that processes personal data in Europe to appoint a DPO.
A DPO assists in the implementation and fulfillment of legal requirements. Moreover, having a data protection officer shows your clients that you take data protection seriously, and you signalize a commitment to robust data protection practices.
In some countries like Germany, companies of a certain size are legally obliged to appoint a DPO.
The processor agreement, also known as data processing agreement (DPA), is a legal contract between a controller and a processor that sets out responsibilities and obligations of the data processor when processing personal data.
The controller is an entity that determines the purposes and means of the data processing, while the data processor is an entity that processes personal data on behalf of the controller.
The processor agreement is required by the GDPR when a controller engages a processor to handle personal data.
Where two or more controllers jointly determine the purposes and means of processing, they are joint controllers and must conclude a joint controller agreement.