Data Protection Compliance Check

Services
Industries
Pricing
Resources
Resources

Free legal resources to help you start or run your business in Germany.
Company
Company

LEXR is specialized in delivering customer-focused legal services for businesses.
- About us
- Careers
- Team
Contact
+49 30 46 777 29 80 Our operating hours are 9:00-17:00 Mon-Fri

Please select your location and language below.

Data protection compliance check

Whether you are an innovative startup or a successful SME, we offer an industry-specific data protection package that uses our pragmatic, best-practice approach to help your business comply with data protection regulations (especially EU-GDPR and the Swiss data protection act (FADP)). With our comprehensive analysis and hands-on support, we help business owners gain peace of mind and customer confidence when it comes to data protection.

Benefits of a LEXR data protection compliance check

Identify risks

Quickly identify risk areas and receive actionable recommendations tailored to your business. We always take into account the specific risk position, industry and company size, and provide tailor-made implementation proposals.

Meet compliance requirements

Meet first essential compliance requirements for national and international data protection laws (the EU’sG DPR, the Swiss FADP). Gain peace of mind, avoid fines, and increase customer confidence with comprehensive data protection risk analysis.

Implement best practice guidelines

As additional deliverables to our compliance check, our experts create easy-to-understand and user-friendly processes, policies, and templates that are efficient to use in day-to-day operations.

Book a free call

Data protection compliance checks by LEXR

What is included?

Our packages provide a quick overview of the current state of your organization’s data protection implementation and identifies risk-based ways to meet necessary compliance requirements.

Starter Package

The right package for anyone who wants to get a quick initial overview of the current state of data protection in the company and only needs simple best practice guidelines.

Included in the package are:

One-and-a-half-hour kick-off workshop with a LEXR expert for initial stocktaking. The current overall situation is analysed, risk profiles of the company are defined and all questions regarding data protection are answered.
Summary of the most important results and to-dos by e-mail.
Discussion of the results in a thirty-minute workshop with a LEXR expert after our delivery and clarification of open questions.
Additionally, we provide the first steps of your implementation journey, if needed. These include:
- Creation/adaptation of the privacy policy and cookie policy.
- Creation of a policy for dealing with data breaches.
- Creation of a policy for dealing with data subject rights.
- Guidelines on the legally compliant handling of marketing topics.

Price: EUR 2’800 excl. VAT

Advanced Package

The right package for all those who want a comprehensive analysis and an extensive report of the current status of data protection implementation in the company. Our comprehensive GAP analysis is submitted in a PDF format, which also documents the current status of data protection externally (e.g., for upcoming audits or due diligence analyses). In addition, you will receive customized best practice guidelines and new or reviewed privacy and cookie policies, if needed.

The package includes:

One-and-a-half-hour kick-off workshop with a LEXR expert for initial stocktaking. The current overall situation is analysed, risk profiles of the company are defined, and next project steps are coordinated with the relevant stakeholders.
Extensive GAP analysis and a report of the current status with clear, risk-based instructions for action involving the most important stakeholders from the areas of marketing, HR, etc.
Roadmap with time horizon to quickly close discovered risks.
Discussion of the results in a 30-minute workshop with a LEXR expert and clarification of open questions.
Additionality we take the first implementation steps with you, ensuring that you are set on the right track. These include, if necessary:
- Adaptation of the privacy policy and the cookie policy.
- Creation of a company tailored policy for dealing with data breaches.
- Creation of a company tailored policy for dealing with data subject rights.
- Provide you with guidelines on the legally compliant handling of marketing topics.
- Provide you with a template for a record of processing activities incl. tips and tricks to fill out the template.
- Provide you with a template for a data processing agreement according to the company’s needs (GDPR- and FADP-compliant).

Price: EUR 5’600 excl. VAT

Process for data protection compliance checks

1

Kick-off workshop

Discussion of the status quo, creation of a risk profile and answer all open questions relating to data protection.
2

Analysis by LEXR

Analysis of the risks in the company and elaboration of the necessary to-dos.
3

Presentation of the results and guidelines

Depending on the package booked, emailing of the agreed documents and guidelines, including a proposal for further action.
4

Discussion of results

Presentation of the results of the analysis, clarification of open questions and outlook.

Next steps in your data protection journey

For other outstanding tasks identified in the assessment, LEXR has a team of legal experts that can assist you. They can do so on an hourly or monthly basis, depending on the needs your company:

Tailored expert support

LEXR provides you with its team of data protection experts, for more complex and specific projects. These can include filling in your record of processing activities, retention and deletion concepts, as well as any other tasks specific to your operations that were identified in your assessment.

Our pricing page

Data protection expert monthly subscription

LEXR also provides you with a data protection expert monthly subscription, that guides your daily operations and solves your ad hoc problems that may arise. Upon request, LEXR’s experts may also fulfil the role of data protection officer/advisor to your company.

Learn more

Other data protection services

FAQ

When do I need to have a DPA?

A DPA is needed whenever you transfer personal data to a service provider that acts under your instructions for the specific purposes you have defined – what is called a processor. The same need appears if your company acts as a service provider for another company.
What does a DPA need to include?

Under the EU-GDPR, there are certain topics that need to be covered. These are defined in Art. 28 EU-GDPR and include the purpose, duration and nature of the processing, the need for the processor’s employee and staff to be under a duty of confidentiality and the processor’s obligation to only act under the instructions of the controller, assist the controller in complying with data subjects’ rights request, the security of the personal data and, in general, with the obligations enshrined in the EU-GDPR.

Under Swiss law, however, the controller needs to ensure that the processor can guarantee the security and integrity of the personal data that is transferred to it. Furthermore, the agreement shall define that the processor can only use a sub-processor with the previous authorisation of the controller and that controllers need to be informed in case of data breaches.
Can my service provider transfer the personal data to another service providers?

It can, but it needs to obtain the authorisation from the controller, as defined in the DPA. This can be done on a case-by-case basis, where the processor requests the authorisation from the controller every time they want to engage with a new sub-processor. It can also be done with a general authorisation included in the DPA, where the controller allows the processor to engage with new sub-processors for the future.
Are there other agreements related to data protection that I need to pay attention to?

In certain cases, personal data is not transferred to a processor (meaning a service provider that acts under the instructions of the controller), but to another company that, jointly with yours, also determines the purposes and means of the processing. In these cases and under the EU-GDPR, this relationship also needs to be governed by a contract, where the joint controllers determine their respective responsibilities and, in particular, how they will comply with data subjects’ rights and how they will provide the appropriate privacy notices to them.

About us

We’re a growing team of 30+ legal professionals. Some of our experts include:

1

Sebastian advises on the comprehensive implementation of national and international data protection regulations as well as on the implementation of future regulations in the digital field. He is particularly interested in international data transfers and new technologies such as AI.

Sebastian Schneider, Head of Privacy & Digital Regulation, Legal Expert
2

Lars focuses his legal practice on contract, intellectual property, and financial market regulation law. He advises tech companies on the legal set-up and negotiation of complex and day-to-day contracts, IP strategy and execution as well as financial market law matters.

Lars Rohrberg, Legal Expert
3

Yannick’s professional practice is focused on Mergers and Acquisitions. He advises Swiss and international founders, tech companies, and investors on all types of M&A transactions.

Yannick Bucher, Senior Legal Counsel
5

Christian is an entrepreneur and lawyer with a focus on the intersection between technology and law. He regularly speaks, publishes, and advises on blockchain-related topics and is specialized in financial market regulation.

Christian Meisser, CEO & Legal Expert
6

Elie is the Head of Mergers and Acquisitions at LEXR. He is focused on advising Swiss and international founders, start-ups, companies of diverse sizes, and investors in all types of M&A transactions, including namely sales, purchases, mergers, demergers, carve-outs, management buy-outs, joint ventures, and many others.

Elie Bourdilloud, Head of M&A and Legal Expert
7

Florian advises clients in the fields of Blockchain, DLT, Digital Assets, and FinTech, predominantly focusing his practice on financial market regulation and corporate law matters. He also lectures on legal and compliance issues related to Digital Assets, DLT, and DeFi.

Florian Prantl, Senior Legal Counsel
8

Flurin assists companies in regulatory and corporate matters, focusing on issues in Blockchain, DLT, Digital Assets, and FinTech. He particularly supports businesses in tokenizing their shares.

Flurin Albonico, Junior Legal Counsel
10

Klara is part of our corporate team and supports our customers with transactions throughout their company lifecycle – from incorporations to employee stock options plans and the legal aspects for different means of raising funds.

Klara Weismann, Legal Counsel
12

Maja is a Junior Legal Counsel in the IP & Contracts Team. She assists customers and the team in the field of tech contract law, intellectual property, and data protection.

Maja Rajic, Junior Legal Counsel
13

With his expertise in financial market regulation, Max supports corporate clients in their fiat or crypto-related endeavours. Furthermore, he is familiar with the regulatory and AML-related duties of Swiss and European financial institutions and the every-day application of corporate law.

Maximilian Krähenbühl, CTO & Legal Expert
14

Michele is focused on corporate and commercial law and has a strong background in M&A transactions. At LEXR he advises Swiss and international founders, start-ups, and investors – from incorporation to the first investment rounds, risk financing, complex business transactions, and exits.

Michele Vitali, Head of Startup Financing & Venture Capital, Legal Expert
17

Silvan is our tax counsel. He specialises in corporate taxation of fintech, asset management and crypto and has substantial experience in the setup of investment funds, management companies, banks and structured ICOs, stable coins as well as more traditional financial instruments.

Silvan Amberg, Tax Counsel
18

Thomas focuses on Intellectual Property, Data Protection & IT Contract Law and advises companies on commercial strategies, Intellectual Property protection and technology-related legal issues. As head of the in-house team, he is responsible for advising and supporting our clients in their day-to-day business.

Thomas Kuster, Head of IP & Contracts, Legal Expert
22

Yoann’s focus is on advising clients on HR issues. He also assists with corporate and IP matters, as well as contractual and data protection issues.

Yoann Garraux, Legal Counsel
23

As a Junior Legal Counsel in the FinReg team, Andrin focuses on advising companies on matters regarding blockchain, DLT, digital assets and FinTech.

Andrin Hold, Junior Legal Counsel
24

Liza, a member of our Corporate team, concentrates on mergers and acquisitions. She offers advice to both Swiss and international founders, tech companies, and investors across a spectrum of M&A transactions and corporate matters.

Liza Pham, Junior Legal Counsel
25

Nicoletta focuses on contract law, and Intellectual Property. She advises customers on trademarks, the strategic set-up of IP contracts, as well as day-to-day contract matters.

Nicoletta Iurilli, Junior Legal Counsel
27

Selina is part of our corporate team and focuses on mergers and acquisitions. She advises She provides guidance to Swiss and international founders, tech companies, and investors on various M&A transactions.

Selina Stiefel, Junior Legal Counsel
28

Julia is an expert in data protection law and advises companies on all aspects of implementing existing and future regulations in the digital sector as well as on labor law issues.

Julia Peidli, Senior Legal Counsel
29

Nadine advises founders and startups in all stages of a company’s development, focusing on corporate law issues. Nadine has extensive experience in advising on VC transactions, shareholder agreements and employee stock option plans (VSOP/ESOP) as well as corporate governance issues.

Nadine Saalbach, Head of Startup Financing & Venture Capital
32

Jana uses her expertise in corporate and commercial law to assist founders and investors with incorporation, financing, and exit strategies. Her experience as a startup founder prior to joining LEXR uniquely positions her to understand and effectively address clients’ challenges.

Jana Huwyler, Legal Counsel