Data Protection Consultation at KINAST

General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a set of rules that unifies the way personal data is processed by controllers across the EU. The goal of this regulation is to protect people’s privacy rights and ensure that their data is handled in a safe, secure, and responsible manner.

Top 5 Law Firm in Germany

The basics:

What is the GDPR?

The European General Data Protection Regulation (GDPR) is an EU regulation in force since May 25th, 2018, and regulating the protection of personal data in the EU and the EEA. The regulation lays down rules related to the protection of natural persons, so-called data subjects, with regard to the processing of personal data and rules related to the free movement of personal data within the EU.

The GDPR's primary purpose

As it protects fundamental rights and freedoms of individuals, the GDPR is a component of privacy law and of human rights law in the EU and EEA. It’s primary regulatory purpose is to enhance individuals’ control and rights over their personal data and to regulate international data transfers from the EU to countries outside the EU and EEA.

The GDPR provisions have 'extraterritorial' effect.

That means, the GDPR also applies to companies which are established outside of the EU/EEA when personal data of individuals who are located in the EU is processed.

GDPR - General Data Protection Regulation

Full service GDPR compliance

Our five steps to success:

Introduction of your company and KINAST as well as the relevant contact persons. Discussion of the current data protection setup and most important data protection topics.

We conduct data protection audit on-site or based on questionnaires to evaluate the current data protection status of your company.

Document the current data protection status and define further required actions if necessary.

We carry out all necessary measures identified during the data protection audit.

Designation as External data protection officer and on-going consultation starting from day 1.

How does the GDPR impact businesses?

GDPR is the most significant change to data protection law in two decades, and it impacts businesses in a number of ways. Firstly, companies must obtain explicit consent from their customers before collecting, storing or using their personal data. They must also provide clear and concise information about their rights under GDPR, and ensure that customers can easily withdraw their consent if they no longer want their data to be processed.

Furthermore, companies are required to implement adequate security measures to protect the personal data of their customers, and report any breaches promptly. Non-compliance with GDPR can result in heavy fines.

GDPR breakdown:

Non-Compliance can be costly!

Non-compliance with GDPR can result in heavy fines. Companies that do not comply with GDPR law can be fined up to 4% of their global annual revenue or €20 million (whichever is greater), and individual data controllers can be fined up to €10 million. These fines are designed to incentivize companies to become compliant with GDPR, and failure to do so could have serious financial consequences.

GDPR compliance in your international company or corporation, guaranteed.

To really guarantee your GDPR compliance, we recommend our full service External Data Protection Officer. To maximise a timely and cost effective execution of necessary data protection measurements, we’ve developed our own concept based on a three-point plan:

As a first step, we carry out a risk assessment in your company. We carry out the risk assessment either on-site or remotely. Based on the findings, we prepare a report that documents the degree of compliance with data protection standards. Furthermore, the report identifies any vulnerabilities, proposes suitable measures to remedy those vulnerabilities, defines responsibilities and sets a timetable for the implementation of these measures.

In a next step, we implement any measures which we identified within the framework of the risk assessment. Whereby great importance is attached to binding your internal resources as little as possible.

Finally, as an External DPO, we permanently support your company regarding all aspects of data protection. Therefore, we ensure an ongoing compliance with legal standards, the adaptation of procedures to the requirements of new laws and the consideration of current changes in internal processes.

Reasons to choose the KINAST legal team for international data protection and GDPR consultation

We have more than fifteen years experience in advising enterprises, international companies, groups of companies as well as small and medium sized companies on data privacy issues and related areas of law. Our know-how covers international data transfer mechanisms, implementation of data privacy management systems and harmonization of different data privacy requirements that apply to multinational companies.

Our approach is to anticipate and tackle each new requirement in the world of data privacy and a legal landscape that is constantly changing. We are able to find pragmatic solutions that not only meet the legal requirements, but also the business needs.


We are an experienced team of lawyers with many years of experience and knowledge in data protection law, data security and as DPOs.

Practical experience

Due to many years of practical experience we know companies "from the inside". In colloquial terms, you should be able to "live what we advise".

IT affinity

Regardless of existing or new IT systems, our attorneys have a profound technical understanding and advise you accordingly.

Cost transparency

We work on the basis of fixed hourly contingents, keeping pricing simple and managable.

Guaranteed legality

We are not only outstanding data protector officers, but also experienced lawyers.

Individual solutions

We do not work "off the peg", but offer tailor-made concepts, specifically for your business.

Efficient organisation und communication

Our soluitions lay high priority on open communication, transparent project management and defined goals.

Drafting of legal documents

We draft guidelines, work instructions, operating and service agreements, declarations of consent and commitment, lists of procedures and contracts on a daily business.

Personality and continuity

We do not provide you with just any resource, but with the right colleague for you – permanently and without unpleasant changes.

GDPR - General Data Protection Regulation
GDPR Legal Consultation - KINAST Attorneys at Law
GDPR Data Protection - KINAST Legal Consultation
General Data Protection Regulation - GDPR Law

Keep your business on the right track when it comes to GDPR compliance

Maintaining GDPR is an ongoing challenge as the legal landscape is constantly changing. With our know-how and expertise our clients can tackle every new legal challenge in data privacy such as international data transfer assessments as well as hardware devices and the use of Artifical Intelligence (AI).

Feel free to contact us today for a free, no obligation consultation.

Send this page to a colleague?


Frequently asked questions

We understand that many clients still have questions about the GDPR and international data protection law. We’ve answered some of the most frequently asked questions here. If you have more specific or specialist questions, feel free to contact us, and one of our Lawyers or Data Protection Officers will get back to you as soon as possible.

The GDPR is a EU law that was implemented on May 25th, 2018, and requires organizations to safeguard personal data and uphold the privacy rights of anyone in EU territory.

In general, any organization that processes the personal data of EU citizens must comply with the GDPR.

The GDPR enables regulatory authorities in each EU member state to issue sanctions and fines to organizations they find in violation of GDPR requirements. The maximum penalty is € 20,000,000 or 4 % of global revenue, whichever is higher. Regulators can also issue sanctions, such as bans on data processing or public reprimands.

Companies can comply with the GDPR by implementing technical and organizational measures to protect personal data they control. The first step is to conduct a GDPR assessment to determine what personal data they control, where they are located, and how they are secured. Companies also need to adhere to the privacy principles outlined in the GDPR, such as having valid legal bases in place when processing personal data, for instance, obtaining consent. It may also be required to appoint a DPO.

Ask us for a quote

Please provide our team with a few details about your company. This makes it easier for us to assign the correct expert for your needs

Let's talk

Simply leave your details here and one of our lawyers or data protection experts will get back to you as soon as possible.

Media enquiries

Simply leave your details here and one of our marketing team will get back to you soon.

Partnership enquiries

Simply leave your details here and one of our marketing team will get back to you soon.