Since 25 May 2018, the EU General Data Protection Regulation (GDPR) has formed the foundation of European and national data protection practice alongside the amended Federal Data Protection Act (BDSG). Since then, companies have been threatened with fines of up to four percent of the previous year's global turnover for failing to maintain data protection-compliant processes. Companies must also prove that they meet the requirements of the regulation - an effort that should not be underestimated. When implementing the data protection requirements in the company, an interdisciplinary approach is needed to answer the associated organisational, legal and technical questions. An active approach is required when setting up the data protection management system.

Our KPMG experts support you in the development, implementation and monitoring of such a practical data protection management system. 


Companies must determine their data protection goals and risks and create a corresponding framework. This includes a structural and procedural organisation, control processes, coordinated control measures and audit-proof documentation. KPMG Forensic supports you in the design and implementation of a data protection management system. In addition, KPMG Forensic is the point of contact for carrying out data protection status checks to determine the implementation status as well as for questions regarding the implementation of data protection requirements in projects, such as the introduction of cloud services.

IT Compliance

The GDPR requires data controllers to have in-depth technical knowledge of personal data protection. Companies must ensure that their measures to guarantee the security of data processing correspond to the state of the art. Together with our IT compliance experts, we support you in aligning your measures such as encryption methods, pseudonymisation and anonymisation with the current state of science and technology and in closing possible security gaps through the use of appropriate technical and organisational measures.

Cyber Security

Numerous technical and organisational interfaces must be continuously reassessed in accordance with the GDPR. New attack vectors are constantly emerging in networked systems. Last but not least, a mass problem arises with regard to personal data, which can only be controlled through consistent information lifecycle management. KPMG Cyber Security helps companies to design state-of-the-art security measures. In doing so, our experts always keep an eye on the current methods of attackers.


Our lawyers at KPMG Law* specialize in data protection law and support companies with legal issues, such as the formulation of declarations of consent, order processing agreements or dealing with information obligations.

* Legal services are provided by KPMG Law Rechtsanwaltsgesellschaft mbH

Your contacts