Björn Bausch

Auditor

Limburg, Germany

Experience

Apr 2024 - Present
1 year 4 months
Lorem ipsum dolor sit amet

Chemiekonzern

  • Introduction and implementation of NIS-2
  • Basic assessment of NIS-2 impact
  • NIS-2 registration
  • Conducting an as-is analysis
  • Creating requirements specifications
  • Monitoring NIS-2 compliance
  • Establishing reporting processes under NIS-2
  • Risk analysis and security for information systems
  • Handling security incidents
  • Continuity and recovery, backup management, crisis management
  • Supply chain security, facility-to-facility security, vendor security
  • Security in development, procurement, and maintenance; vulnerability management
  • Evaluating cybersecurity effectiveness and risk management
  • Cybersecurity and cyber hygiene training
  • Cryptography and encryption
  • Personnel security, access control, and asset management
  • Multi-factor authentication and continuous authentication
  • Secure communication (voice, video, text)
  • Secure emergency communications
Oct 2023 - Apr 2024
7 months
Germany

Auditor

Deutsche Messdienstgesellschaft mbH

  • Data protection audit
  • The audit focused on assessing and evaluating the data protection compliance of Deutsche Messdienstgesellschaft mbH and its 15 subsidiaries at the time, according to data protection requirements, especially the EU GDPR, and checking group-wide data protection rules for legal compliance.
  • Methods used:
  • Document reviews (privacy statements, information duties under Articles 13 & 14 GDPR, policies and guidelines, records of processing activities, data processing agreements, IT policies, instructions, confidentiality agreements, employee data protection commitments, documentation of past incidents, etc.)
  • Reviewing past audit reports (internal and external)
  • Reviewing the data protection management system (DSMS)
  • Interviews with stakeholders
  • Questionnaires and checklists
  • Site visits
  • etc.
  • After the audit, a detailed report was prepared showing the current data protection level of Deutsche Messdienstgesellschaft mbH and confirming GDPR compliance based on the audit.
  • Project languages: German, English.
  • Technologies and methods: Data Protection Auditor, DSMS, ISMS, EU GDPR, GDPR, BDSG_nF, ISO27001, ISO19011.
Jul 2023 - Dec 2023
6 months
Germany

Auditor

Techem Energy Service GmbH

  • Data protection audit
  • The audit focused on assessing and evaluating the data protection compliance of Techem Germany and its subsidiaries according to data protection requirements, especially the EU GDPR, and checking Techem Group-wide data protection rules for compliance.
  • Methods used:
  • Document reviews (privacy statements, information duties under Articles 13 & 14 GDPR, policies and guidelines, records of processing activities, data processing agreements, IT policies, instructions, confidentiality agreements, employee data protection commitments, documentation of past incidents, etc.)
  • Reviewing past audit reports (internal and external)
  • Reviewing the data protection management system (DSMS)
  • Interviews with stakeholders
  • Questionnaires and checklists
  • Site visits
  • etc.
  • After the audit, a detailed report was prepared showing the current data protection level of Techem Germany and confirming GDPR compliance based on the audit.
  • Project languages: German, English.
  • Technologies and methods: Data Protection Auditor, DSMS, ISMS, EU GDPR, GDPR, BDSG_nF, ISO27001, ISO19011.
Dec 2022 - Dec 2023
1 year 1 month
Austria

Auditor

Techem Mess- und Wassertechnik (Österreich)

  • Data protection audit
  • The audit focused on assessing and evaluating the data protection compliance of Techem Austria according to data protection requirements, especially the EU GDPR, and checking Techem Group-wide data protection rules for compliance.
  • Methods used:
  • Document reviews (privacy statements, information duties under Articles 13 & 14 GDPR, policies and guidelines, records of processing activities, data processing agreements, IT policies, instructions, confidentiality agreements, employee data protection commitments, documentation of past incidents, etc.)
  • Reviewing past audit reports (internal and external)
  • Reviewing the data protection management system (DSMS)
  • Interviews with stakeholders
  • Questionnaires and checklists
  • Site visits
  • etc.
  • After the audit, a detailed report was prepared showing the current data protection level of Techem Austria and confirming GDPR compliance based on the audit.
  • Project languages: German, English.
  • Technologies and methods: Data Protection Auditor, DSMS, ISMS, EU GDPR, GDPR, BDSG_nF, ISO27001, ISO19011.
Sep 2020 - Feb 2021
6 months
Germany

Senior Project Manager EU GDPR

Energiedienstleister

  • EU GDPR / DSMS adaptation
  • Program lead and consultant for GDPR adaptation at an international energy service company (€900 M revenue, 6,000 employees). Tasks included:
  • Setting up GDPR project structure
  • Coordinating project streams and departments
  • Status tracking and reporting to the board
  • Stakeholder management
  • Advising departments and IT
  • Leading workshops for as-is analysis, concept, and recommendations for GDPR adaptation (to-be)
  • Project languages: German, English.
  • Technologies and methods: MS Office, Data Protection Officer, DSMS, ISMS, EU GDPR, GDPR, BDSG.
Jan 2018 - Present
7 years 7 months

External Data Protection Officer, Information Security Officer, Project Manager, Whistleblower Officer

Diverse Kunden der öffentlichen Hand, kleine und Mittelständische Unternehmungen

  • Data protection (EU GDPR, DSMS), compliance
  • Serving as external data protection officer for public institutions (cities and municipalities) and small to medium companies, with focus on:
  • Taking on mandates as external DPO
  • Taking on mandates as external ISO
  • Leading kick-off workshops and gap analyses, defining project prep
  • Conducting as-is analyses
  • Project management and leading teams
  • Implementing and running DSMS under EU GDPR
  • Implementing and running ISMS under ISO27001 and BSI IT-Grundschutz
  • Conducting trainings and awareness
  • Creating records of processing activities
  • Conducting risk analyses under BSI 200-3
  • Emergency management under BSI 200-4
  • Conducting and creating risk assessments and DPIAs
  • Creating and implementing various data protection and security concepts (policies, deletion concepts, data processing agreements, breach concepts, emergency plans, etc.)
  • Conducting data protection audits
  • Advising on automation and AI/ML
  • Advising on NIS-2
  • Project languages: German, English.
  • Technologies and methods: MS Office, Data Protection Officer, DSMS, ISMS, EU GDPR, BDSG, ISO27001, ISO19011, HDSIG, BSI IT-Grundschutz Practitioner.
Jan 2018 - Present
7 years 7 months

External Data Protection Officer, GDPR Project Manager

Techem Group

  • EU GDPR introduction, DSMS
  • Consultant to support a global energy group (19 companies, 6,500 employees) with GDPR rollout. Tasks:
  • GDPR project management
  • External group data protection officer
  • Leading kick-off workshops, planning subprojects
  • Managing DSMS under GDPR
  • Creating and rolling out data protection concepts (deletion, data processing, IT policies, breach procedures, etc.)
  • Conducting and coordinating data protection audits
  • Considering GDPR, BDSG_new, TKG, TMG, IT Security Act
  • Training and gathering requirements from works council (Techem AT)
  • Preparing ISO/IEC 27001 certification (information security) for Techem AT
  • Project languages: German, English.
  • Technologies and methods: MS Office, Data Protection Officer, DSMS, ISMS, EU GDPR, GDPR, BDSG_nF, ISO27001, ISO19011.
Aug 2017 - Present
8 years

Managing Director and External Data Protection Officer

b-pi sec GmbH

  • Founder of a consultancy for data protection and information security
  • Data protection, information security
  • Managing information security management and serving as external DPO for various clients. Tasks included:
  • Disciplinary and technical leadership
  • Data protection projects and DSMS under GDPR
  • Considering BDSG, TKG, TMG, IT Security Act
  • ISMS implementation under ISO27001 & BSI-Grundschutz
  • Vulnerability management and forensic analysis
  • IT security rollouts
  • Conducting as-is analyses in data protection and security
  • Expert assessments
  • Training
  • Advising on automation and AI/ML
  • Project language: German.
  • Technologies and methods: MS Office, EU GDPR, GDPR, BDSG, BSI IT Grundschutz, ISO27001, ISMS, ISO19011.
May 2017 - Dec 2017
8 months

External Consultant

KfW Bankengruppe

  • IT audit management, audit planning, IT compliance, IT security, IT governance
  • Support for IT security audits under the 2017 audit plan. Tasks:
  • Project prep and organization
  • Supporting audit execution and follow-up
  • Leading kick-off workshops, defining prep and audit activities
  • Leading result presentations, mediating between auditors and units
  • Conducting data protection on-site/pre checks within audits
  • Initiating risk analysis on findings, validating remediation measures
  • DSMS under EU GDPR
  • Considering BDSG, BDSG_new, TKG, TMG, IT Security Act
  • Project language: German.
  • Technologies and methods: MS Office, SAP ERP, documentation, audit, SOX, process-oriented auditing.
Jan 2015 - Jan 2017
1 year 1 month

Head

Cyber Security Beratungsfirma

  • IT forensics, cyber security, external DPO
  • Building and leading the Digital Forensics & Cyber Security department and serving as external DPO. Tasks:
  • Disciplinary and technical leadership
  • Vulnerability management and forensics
  • IT security rollouts
  • Conducting as-is analyses
  • Expert assessments
  • Data protection projects and DSMS under GDPR
  • Considering BDSG, TKG, TMG, IT Security Act
  • ISMS implementation under ISO27001 & BSI-Grundschutz
  • Training
  • Project language: German.
  • Technologies and methods: MS Office, EU GDPR, ISMS, ISO27001, BSI IT Grundschutz.
Dec 2015 - Jan 2019
3 years 2 months

Head of Department

Verband Europäischer Sachverständiger und Gutachter e.V.

  • IT security and data protection
  • Contributing to and building current IT security and data protection projects. Tasks:
  • Department head for data protection & compliance
  • GDPR, BDSG, TKG, TMG, IT Security Act
  • Training
  • Forensics
  • Regional lead RLP & NRW
  • Seminar development
  • Project language: German.
  • Technologies and methods: MS Office, IKS, GRC, ISMS, DSMS.
Mar 2010 - Dec 2015
5 years 10 months

IT Manager

Krankenkasse BBK Braun-Gillette

  • IT organization, digitalization, IT security
  • Overall responsibility for IT at a statutory health insurer. Tasks:
  • Migrating servers to a new data center
  • Creating workflows
  • Disciplinary and technical leadership
  • System upgrades
  • IT security and data protection management (BDSG, TKG, TMG, IT Security Act)
  • Implementing a new backup solution
  • Implementing DMS with d.velop d.3
  • Staff training and documentation
  • Setting up servers
  • BI rollout with COGNOS, custom analyses and reports
  • Implementing workflows and CMS software
  • Developing and documenting access concepts
  • Team leadership, migration oversight, escalation management
  • Discussing sourcing and cloud strategies, defining interfaces
  • Project language: German.
  • Technologies and methods: COGNOS, d.velop d.3 DMS, CMS, SAP ERP.
Jul 2009 - Nov 2009
5 months
Germany

Consultant Network Engineer

Syzygy Deutschland Media & Werbeagentur

  • Cyber security, networking, backup, recovery
  • Building a VMware environment with backup. Tasks:
  • Planning and implementing VMware projects
  • Team leadership
  • ESX4 rollout and VM support
  • Internal training
  • Backup planning and Symantec Veritas Backup Exec 12.5 rollout
  • Network planning and support
  • Installing and maintaining Windows servers and client systems
  • Remote support
  • Discussing sourcing and cloud strategies, defining interfaces
  • Project language: German.
  • Technologies and methods: MS Office, Windows, VMware, Symantec, ESX4.
Mar 2008 - Mar 2009
1 year 1 month

Management Consultant

IT-Strategieberatung

  • Supporting and advising various clients
  • Project management and complex IT solution rollouts
  • BlackBerry integrations, AVAYA switch deployments
  • Windows server migrations
  • Modern video conferencing and backup solutions
  • IT strategy and management for international real estate groups and law firms
  • Planning and delivering client IT training
  • Proposal management, budgeting, controlling
  • Managing internal and external vendors
  • Maintaining and migrating complex IT solutions
  • Cross-domain integrations
  • BlackBerry server implementations
  • Backup solution rollout and control
  • Integrating ticketing systems
  • Microsoft environment maintenance and remote support
  • Firewall installations and VPN setups
  • Discussing sourcing and cloud strategies, defining interfaces
  • Project languages: German, English.
  • Technologies and methods: MS Office, Windows Server, BlackBerry.
Sep 2005 - Mar 2008
2 years 7 months

Interim IT Director

Versicherung

  • IT restructuring and digital transformation
  • Planning and realigning IT. Tasks:
  • Integrating the IT department into the group
  • Designing IT infrastructure
  • Deploying and allocating hardware and software
  • Workforce planning and scheduling
  • Curriculum development, staff motivation and leadership
  • Organizational planning and presentation development
  • Creating system documentation
  • Developing, organizing, and delivering user seminars and training
  • Discussing sourcing and cloud strategies, defining interfaces
  • Project languages: German, English.
  • Technologies and methods: SAP ERP, Windows, MS Office, process and lean management.
Sep 2001 - Jun 2005
3 years 10 months

Senior Consultant

Deutsche Bahn AG

  • Structuring IT for training and evaluation
  • Supporting, operating, and enhancing the intranet/internet application OPEN
  • Planning and configuring ICT systems
  • Setting up, operating, and managing systems per client needs
  • Troubleshooting with modern expert systems
  • User and system consulting
  • System documentation
  • Developing and delivering user training
  • Designing complex training projects to meet strategic goals
  • New business models and org structures for training
  • E-learning integration
  • Evaluation and controlling methods
  • Project management for EvaSys implementation
  • Discussing sourcing and cloud strategies, defining interfaces
  • Project languages: German, English.
  • Technologies and methods: Windows, SAP, MS Office, VOIP, ICT, e-learning, EvaSys.

Summary

Björn Bausch is the owner of a consultancy for data protection, information security, and compliance. At the same time, he is a true expert in all three core areas. Besides advising clients as an external data protection and information security officer, he regularly gives specialist presentations and often serves as a keynote speaker. Developing and supporting the implementation of DSMS and ISMS systems is as natural to Mr. Bausch as guiding teams in carrying out measures and projects.

Languages

German
Native
English
Advanced

Certifications & licenses

Auditor

DEKRA

BAIT / KAIT / VAIT - Supervisory Requirements

BSI IT-Grundschutz Practitioner

Compliance Officer

TÜV

IT Expert Systems and Technology

EU GDPR & BDSG New

KBW

Data Protection Specialist

DEKRA

Whistleblower Protection Officer

ISO 27001 Foundation

PECB

IT Forensic Analyst

PRINCE2

IT Forensics Expert