This is some text inside of a div block.

Data protection for startups

  • Data protection as a service
  • Your certified data protection officer
  • Individual counsel
Request advice now

Why do start-ups need a data protection officer?

Even if start-ups do not necessarily work with personal data or have a correspondingly large number of employees, it is still very important that they have a data protection officer. 

Often, for example:

  • on private laptops
  • with private smartphones
  • with a cloud for data storage

worked, which can very easily lead to a data breach. That is why it is important to take appropriate measures, such as: The conclusion of order processing contracts with external service providers. In order to master or simplify these and many other challenges, it is advisable to seek a data protection advisor.

Choose heyData and benefit from your personal and professional contact, who ensures data protection compliance at all levels and at the highest level.


“The cooperation with heyData clearly reflected the principle of data protection - trustworthy, reliable and transparent. It quickly turned out that heyData works professionally and that the criteria are taken into account in every detail. Thanks to heyData's support, we feel looked after and in good hands at all times ”

Konrad von Lendis


Do I need a data protection officer?
What are personal data?
How does heyData work?
How long is the contract term?
What is done in the data protection audit?
Do I need a data protection officer?

If you and your company meet one or more of the following criteria, then YES:
- Your company employs more than 20 people
- The employees regularly process automated data
- Special categories of personal data are processed in the company, such as ethnic origin, political opinion, religious conviction, health, the person's sex life
- Business-related personal data is transmitted, collected, processed or used and this represents a core activity of the company (this is the case with almost all companies that are related to personnel, e.g. software, recruiting, headhunting, consulting, etc.) 

What are personal data?

According to the GDPR, personal data is all information that relates to an identifiable or identified natural person. The persons concerned can be identified if they can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, a location or other features. In practice, this includes all data that can be assigned to a person in any way. Examples of this are telephone numbers, ID numbers, account details, license plates, customer numbers, e-mail addresses or postal addresses.

How does heyData work?

As soon as you have decided to work with heyData, after an initial needs analysis, we will carry out a data protection audit with your company in order to understand the processes of your company holistically - this process is digitally accompanied and supervised by the data protection advisor. We will then work with you to prepare the necessary documentation and, if necessary, adapt the website of your company according to our instructions, should there be a need for changes in order to achieve conformity. Depending on the package, we are then involved in a wide variety of processes in your company that require the expertise of a data protection officer to protect you in all matters; this usually extends to HR, marketing, product but also business development processes.

How long is the contract term?

The regular contract term is 24 months.

What is done in the data protection audit?

The data protection audit is intended to examine the processes of your company and to identify the essential points of data processing. You will then receive documentation of this so that the positions, the type of data processed and the persons responsible are also available as a diagram at any time.