Natalya Spuling

Consulting Activities

Inzell, Germany

Experience

Mar 2024 - Feb 2025
1 year

Consulting Activities

An international chemical company

  • Preparing documentation to meet legal requirements for the deletion of personal data.
  • Creating practical process descriptions.
  • Implementing legal deletion requirements in coordination with IT and business units.
Feb 2024 - Jun 2024
5 months

Consulting Activities

A public sector insurance institution

  • Revising privacy statements.
  • Advising on consent processes across the group, consent management, and social data protection, and conducting risk analyses.
Aug 2023 - Nov 2023
4 months

Consulting Activities

A telecommunications company

  • Creating and supporting the implementation of deletion concepts and deletion processes.
  • Conducting case-based data protection training for business units.
  • Supporting the optimization of data protection processes.
Sep 2022 - Oct 2023
1 year 2 months

Consulting Activities

A bank (B2C)

  • Data protection advice for outsourcing management.
  • Implementing Schrems II and conducting Transfer Impact Assessments.
  • Revising data protection policies and privacy statements.
  • Creating and maintaining required documentation and records of processing activities.
  • Supporting the handling of data subject requests and data protection incidents.
  • Creating and revising deletion concepts.
  • Conducting data protection impact assessments and balancing interests.
  • Working closely with business units and the bank’s data protection officer.
Apr 2021 - Jul 2023
2 years 4 months

Consulting Activities

A federal agency for administration digitization

  • Advising on digitizing administrative services.
  • Advising on defining and implementing regulatory form requirements.
  • Identifying data protection issues in the digitization of administrative forms.
Sep 2020 - Dec 2021
1 year 4 months

Consulting Activities

A leading market research group: B2C; consulting surveys (B2C)

  • Advising on consent management, UWG, and ePrivacy.
  • Advising on data protection questions in market research.
  • Advising on data transfers to third countries.
  • Advising on Workday.
Mar 2020 - Jan 2022
1 year 11 months

Consulting Activities

A world-leading manufacturer of acoustic hearing aids

  • Creating data protection documentation.
  • Supporting and advising on the implementation of OneTrust.
  • Providing daily data protection advice.
Jul 2019 - Feb 2025
5 years 8 months
Inzell, Germany

Self-employed lawyer, consultant, and certified corporate data protection officer

  • Creating deletion, role, access, and authorization concepts.
  • Creating and revising data protection concepts.
  • Drafting and reviewing consent texts.
  • Advising on consent management.
  • Implementing the GDPR in Europe and third countries, especially Switzerland.
  • Employee data protection.
  • Data protection advice for a customer’s subsidiary in Austria and the UK; advice for a corporate headquarters in Switzerland.
  • Creating and implementing deletion concepts for various systems, e.g., Salesforce, CRM, SAP, etc.
  • Designing and implementing additional data protection processes such as access and deletion processes.
  • Handling data subject rights (access, rectification, etc.).
  • Creating data protection documentation, e.g., consent forms, template letters for granting data subject rights, AV agreements, privacy statements for websites, and privacy notices for different categories of data subjects.
  • Creating Binding Corporate Rules.
  • Supporting the conduct of data protection impact assessments.
  • Working with data protection authorities.
  • Advising on data processing agreements and assessing the data protection suitability of processors.
  • Advising on and reviewing data protection clauses in other contracts.
  • Legal review of data protection issues with international aspects.
  • Reviewing special research regulations for data protection matters.
  • Data protection advice on other legal frameworks (TKG, TMG, SGB, StrlSchVO, TTDSG, etc.).
  • Reviewing service providers and technical and organizational measures under data processing.
  • Creating a data protection activity report with further implementation recommendations.
  • Training staff, management, and executives, including specialized training for areas/departments like IT, HR, IT security, etc.
  • Advising on supervisory authority audits and inquiries.
  • Drafting, advising on, and supporting works agreements, policies, consent forms, guidelines, and instructions for compliant data protection behavior.
  • Supporting compliance with GDPR information obligations, among others.
Apr 2018 - Jun 2019
1 year 3 months

Attorney (employed)

A law firm specialized in data protection law

  • Creating records of processing activities for controllers and processors, including procedural documentation.
  • Conducting data protection gap analyses (current vs. target).
  • Creating data protection policies for companies and groups.
  • Developing deletion and authorization concepts.
  • Developing data protection concepts for employee data.
  • Preparing training materials for employee data protection training.
  • Developing group-wide data protection management systems.
  • Handling data subject requests under Art. 15-22 GDPR.
  • Handling data breach inquiries.
Jan 2018 - Mar 2018
3 months

Corporate Counsel in the group legal department

Brainlab AG (software-driven medical technology)

  • Revising and negotiating research and development contracts with a focus on medical device law.
  • Working on the GDPR implementation project with a focus on patient and employee data protection.
Feb 2015 - Dec 2017
2 years 11 months

Legal Counsel

EXTEDO GmbH (software provider for pharmaceutical market authorization)

  • Drafting, negotiating, and managing confidentiality agreements, including data protection provisions in individual countries for pharmaceutical companies.
  • Legal advice on public tenders.
  • Drafting, negotiating, and managing customer, partner, and procurement contracts for software licensing, software maintenance, SaaS, hosting, and professional services, including data protection provisions in individual countries.
  • Legal support for the US subsidiary.

Summary

Industries: Pharma, Digital Health, Medical Technology, Automotive, Banking, Public Companies, Authorities, Telecommunications, Insurance, Medical and Healthcare

Data protection tools knowledge: PrIME, OneTrust

Languages

German
Native
English
Advanced
Ukrainian
Advanced

Education

Oct 2011 - Nov 2014

Higher Regional Court Munich

Second State Law Exam · Legal Clerkship · Munich, Germany

Oct 2010 - Sep 2011

Kyushu University Graduate School of Law

LL.M · Law · Fukuoka, Japan

Mar 2008 - May 2014

FernUniversität Hagen

B.Sc. · Economics · Hagen, Germany

...and 3 more

Certifications & licenses

Public Data Protection Officer

TÜV Rheinland

Corporate Data Protection Officer

TÜV SÜD

Certified Information Privacy Professional (CIPP/E)

Data Protection in Healthcare

TÜV SÜD

Data Protection Auditor

TÜV NORD

Information Security Foundation according to ISO/IEC 27001

TÜV SÜD

Information Security Officer according to ISO/IEC 27000 series

TÜV SÜD

Medical Devices Regulation

TÜV SÜD

Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions