This is some text inside of a div block.

Data protection for IT consulting-undertake

Request advice now

Why is the GDPR so relevant for IT consulting companies?

IT companies work with personal data on a daily basis, as they offer, for example, SaaS solutions with which they can view the company's personal data. These include, among others

  • Employee data (first name, last name, ...)
  • Customer data (finances, ...)

Here, the mere insight into the data counts as processing it, which can almost never be excluded. This processing falls under the GDPR, which is why it must be protected with special contractual provisions. 

What you have to pay special attention to

IT companies in particular have to pay close attention to the correct legal implementation of the GDPR, as the main part of their business model is digitized and / or takes place online. Accordingly, a data protection declaration corresponding to the current legal situation must be found on the website. 

IT consulting companies often count as processors according to Article 4 of the GDPR. In this case, the customers must conclude an order processing contract with the company, in which there are certain regulations on the handling of personal data. 

An external data protection officer can be very helpful when drawing up these contracts, but also with technical and organizational measures, etc. This not only maintains an overview of all data protection matters, but also provides information on current changes and is available at any time if you have any questions.

Choose heyData and benefit from your personal and professional contact, who ensures data protection compliance at all levels and at the highest level.


Do I need a data protection officer?
What are personal data?
How does heyData work?
How long is the contract term?
What is done in the data protection audit?
Do I need a data protection officer?

If you and your company meet one or more of the following criteria, then YES:
- Your company employs more than 20 people
- The employees regularly process automated data
- Special categories of personal data are processed in the company, such as ethnic origin, political opinion, religious conviction, health, the person's sex life
- Business-related personal data is transmitted, collected, processed or used and this represents a core activity of the company (this is the case with almost all companies that are related to personnel, e.g. software, recruiting, headhunting, consulting, etc.) 

What are personal data?

According to the GDPR, personal data is all information that relates to an identifiable or identified natural person. The persons concerned can be identified if they can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, a location or other features. In practice, this includes all data that can be assigned to a person in any way. Examples of this are telephone numbers, ID numbers, account details, license plates, customer numbers, e-mail addresses or postal addresses.

How does heyData work?

As soon as you have decided to work with heyData, after an initial needs analysis, we will carry out a data protection audit with your company in order to understand the processes of your company holistically - this process is digitally accompanied and supervised by the data protection advisor. We will then work with you to prepare the necessary documentation and, if necessary, adapt the website of your company according to our instructions, should there be a need for changes in order to achieve conformity. Depending on the package, we are then involved in a wide variety of processes in your company that require the expertise of a data protection officer to protect you in all matters; this usually extends to HR, marketing, product but also business development processes.

How long is the contract term?

The regular contract term is 24 months.

What is done in the data protection audit?

The data protection audit is intended to examine the processes of your company and to identify the essential points of data processing. You will then receive documentation of this so that the positions, the type of data processed and the persons responsible are also available as a diagram at any time.