Data Protection

Our Services

The collection and usage of person-related data is part of most business transactions. Therefore, many companies are challenged to integrate the handling of data in compliance with data protection standards into their business operations in an effective and sustainable way. As an IT service provider of hereogeneous system landscapes, the steep GmbH has extensive practical knowledge. Our qualified data protection team will support you in all questions concerning data protection.

Inventory and Analyses

We analyse your current data protection level.

In doing so, we examine your procedures and business processes as well as your IT systems, based on the currently valid data protection law and the current state of technology. We point out weaknesses and provide you with a risk assessment. Furthermore, we develop a catalogue of measures with you for rectification of deficiencies.

The interaction of our data protection experts and specialists in the field of IT-Security and IT-Infrastructure allows us to examine your data processing from a legal and technical point of view. This way, we can also actively support you in the implementation of our recommendations of action. We document all results for you in a structured situational analysis. This way, you receive a comprehensive overview of the current status in your company.


We support you in the determination and implementation of your data protection goals in various areas and projects. Our project experience enables us to develop individually tailored solutions for a compliant implementation of your projects.

Support in Projects and Specialist Departments:

  • We support your management and specialist departments in the compliant implementation of new processes and projects.
  • We support you from the very start (e.g. choice of service provider) via implementation within the company, up to regular checks or running processes.
  • We closely cooperate with the specialist departments to support them in typical fields of problems and to develop practice-oriented solutions – for example in the Human Resources Department with regard to payroll processes.

Outsourcing and International Data Transfer: 

More and more companies are outsourcing their business processes to external service providers or branch offices in Germany or abroad. Topics such as cloud computing and other new technologies become increasingly popular. We support you in your outsourcing projects and consult you with regard to the respective data protection requirements. Upon request, we also check your external service providers to make sure that your desired goals are maintained everywhere and remain compliant with data protection. 

Support of Internal Data Protection Officer: 

Our qualified data protection team supports your internal data protection officer in exercising his rights and tasks. Our data protection team consists of experts from all relevant fields of expertise (among others, lawyers and computer scientists). Your data protection officer profits from this broad know-how to coordinate your individual requirements and framework conditions of your company comprehensively.


Regularly it can be observed that employees involved in data processing are surprisingly negligent with the data entrusted to them. Often, however, these are not intentional actions, but rather ignorance or negligence of employees, which lead to violations of data protection. 

We provide your employees with necessary knowledge and know-how  concerning data protection – regardless of whether you want to inform them, raise their awareness or motivate them to comply with data protection regulations. In doing so, we the development of or seminars is targeted towards your requirements and needs. Our seminars are based on our long-standing experience in the field of data protection and thus offer a high practical relevance as well as noumerous best-practice approaches and solutions. Our focus lies on actual recommendations for daily implementation. 

Ou seminars can focus on the following topics:

  • General data protection training for all employees
  • Changes caused by the Generla Data Protection Regulation
  • Data protection for executives
  • Employee data protection for Human Resources Departments
  • Data protection for work councils
  • Data protection for employees in IT department

 A consolidation and extension of the training documents to individual requirements in your company is always possible. Upon request we develop seminars on further specific topics in the field of data protection.

Documentation and Accountability

Companies are obliged to provide various documentations in the field of data protection, in order to prove that you are acting in compliance with data protection. 

The following aspects can be part of a documentation:

  • Procedure registers / registers of processing activities
  • Prior checks
  • Technical and organizational measures
  • Data protection strategies
  • Data protection incidents
  • Declarations of consent

We advise and support you in the preparation of all necessary documents for your documentation. This way, you can prove your legal conformity of processing from a legal as well as technical and organizational point of view.

Testing and Optimization of Technical and Organizational Measures

In many cases, data protection is closely connected to requirements of data security.

In this context, the information technologies employed for data storage and processing as well as their respective protective measures play an important role.

We analyse your data security in various control areas. By means of a close interaction between data protection and IT-Security, our compliance-team is able to determine the security of your data from a legal, organizational and technical point of view. Furthermore, we advise you in the determination of your data protection and security goals. We actively support you in the optimization of your IT landscape protection, in order to secure its availability, integrity and confidentiality based on the current state of technology. Thus, you receive a consultation, based on the assessment of risks, in order to determine your protection requirements.

Additionally, we support you in the management of documentation and certificates, so that suitable technical and organizational measures are available.

Only if your data is adequately protected against unintended evens or intended attachs, such as deletion, alteration or theft, you can meet legal requirements, as well as requirements by customers and contractors.

Development and Implementation of Data Protection Concepts and Regulations

A data protection concept summarizes all information necessary for a data protection assessment for processing person-related data in your company. The data protection conept points out the significance of data protection in your company and serves as a guideline for employees with regard to processing person-related data.

Upon request, the data protection concept can be presented to the customer to explain how you manage and implement data protection in your company.

General Data Protection Regulation (GDPR)

As of 25 May, 2018, the regulations of the General Data Protection Regulation (GDPR) will become effective and the existing regulations of the Federal Data Protection Act (BDSG) will be replaced. Companies are obliged to implement these new data protection regulations and to adapt the existing data protection organization.

Our qualified data protection team helps you to create an inventory of the existing data protection organization and analyses which changes and measures need to be taken in oder to remain compliant in the future.

External Data Protection Officer

For more than ten years, the steep GmbH has been working in the field of External Data Protection Officers and has extensive practical knowledge as an IT-service provider of heterogeneous landscapes. Our qualified data protection team will support you in all questions concerning data protection.

Within the structure and implementation of a practice-oriented and legally compliant data protection organisation, the External Data Protection Officer acts as a competent and reliable contat person within your company. He consults and supports the management as well as specialist departments in all matters concerning data protection.

Contact Persons

Ralf Otten

Head of Sales IT Services
+49 228 6681 625

Harald Assenmacher

+49 228 6681 576

Katrin Eisele

Head of IT-Service Management
+49 731 933 1777

For further information please visit our download section