In my former career as a German diplomat in the EU Coordination Unit of the Federal Foreign Office, I witnessed the beginning of complex and what were to become extraordinarily long negotiations of the General Data Protection Regulation (GDPR) among European Union member states from within the negotiation machinery. I then relocated to the United States to take up a leadership role organizing multi-stakeholder meetings and high-level discussions between Germany, the EU member state most fervently in favor of strict data protection rules, and tech companies in Silicon Valley.
After leaving the Foreign Service in 2015, I have used this experience to specialize in GDPR advice. I completed training with the International Association of Privacy Professionals, and early 2017, passed the Certified International Privacy Professional (Europe) CIPP/E exam and have since then continuously expanded my expertise and training.
Partnering with technology law practices and strategy consulting firms in Europe and the US, I advise US and EU businesses on data strategy, particularly with regards to the GDPR, and related communication issues.
My services include
- advising smaller U.S. technology companies entering Europe for the first time on the policy landscape and challenges they’re likely to face there.
- strategic advice for executive-level decisions (board of directors, management) regarding data strategy, privacy by design, and building sustainable businesses in markets that are impacted by privacy and data protection concerns,
- communication issues related to data protection:
advising technology companies based in the US on how to talk about privacy in the context of the evolving regulatory environment,
developing policy communications strategies for European technology companies entering the U.S,
crisis communication in cases of data breaches,
- assessing client compliance requirements and aligning compliance strategy with business goals,
- advising clients on a broad range of aspects of their privacy and data protection program (policy, procedures, training, tools), legal frameworks, cross-border data flow, privacy impact assessments, data mapping, vendor agreements,
- data management using OneTrust software (certified Privacy Management Professional).