Natalya S. - Consulting Services

Go to Website

Inzell, Germany

Experience

Mar 2024 - Feb 2025

1 year

Consultant

An international chemical company

Created documentation to meet legal requirements for deletion of personal data.
Developed practical process descriptions.
Implemented legal deletion requirements in coordination with IT and business units.

Feb 2024 - Jun 2024

5 months

Consultant

A public sector insurance institution

Revised privacy policies.
Advised on consent processes in the group, consent management, and social data protection; conducted risk analyses.

Aug 2023 - Nov 2023

4 months

Consultant

A telecommunications company

Created and supported the development and implementation of deletion concepts and deletion processes.
Conducted case-based data protection trainings for business units.
Assisted in optimizing data protection processes.

Sep 2022 - Oct 2023

1 year 2 months

Consultant

A bank (B2C)

Provided data protection advice on outsourcing management.
Implemented Schrems II and conducted Transfer Impact Assessments.
Revised data protection policies and privacy notices.
Created and maintained required documentation and records of processing activities.
Assisted in handling data protection requests and incidents.
Developed and updated deletion concepts.
Conducted data protection impact assessments and balancing assessments.
Worked closely with business units and the bank's data protection officer.

Apr 2021 - Jul 2023

2 years 4 months

Consultant

A federal agency for digitalizing public administration

Advised on digitalizing administrative services.
Consulted on defining and implementing official form requirements.
Identified data protection issues in the digitalization of administrative forms.

Sep 2020 - Dec 2021

1 year 4 months

Consultancy activities

A leading market research corporation: B2C; consulting surveys (B2C)

Advice on consent management, UWG, ePrivacy
Advice on data protection issues in market research
Advice on third-country transfers
Advice on Workday

Mar 2020 - Jan 2022

1 year 11 months

Consultancy activities

A world-leading manufacturer of acoustic hearing aids

Creation of data protection documentation
Support and advice on the implementation of OneTrust
Day-to-day advice

Jul 2019 - Feb 2025

5 years 8 months

Inzell, Germany

Self-employed lawyer, consultant and certified company data protection officer

Creation of deletion, role, access and authorization concepts
Creation and revision of data protection concepts
Creation and review of consent texts
Advice on consent management
Implementation of the GDPR in Europe and third countries, especially Switzerland
Employee data protection
Data protection advice for a client’s subsidiary in Austria and the UK; data protection advice for a corporate headquarters in Switzerland
Creation and implementation of deletion concepts for various systems, such as Salesforce, CRM, SAP, etc.
Design and implementation of other data protection processes such as information request and deletion processes
Handling data subject rights (access, rectification, etc.)
Creation of data protection documentation, such as consents, template letters for granting data subject rights, DPAs, privacy policies for the website, privacy notices for different categories of data subjects
Creation of Binding Corporate Rules
Support in carrying out data protection impact assessments
Cooperation with data protection supervisory authorities
Advice on data processing agreements and assessment of the data protection suitability of processors
Advice and review of data protection clauses in other contracts
Legal review of data protection matters with an international context
Review of specific research regulations for data protection issues
Data protection advice on other legal frameworks (TKG, TMG, SGB, StrlSchVO, TTDSG, etc.)
Review of service providers and technical and organizational measures in the context of data processing
Preparation of a data protection activity report with further implementation recommendations
Training employees, management and executives, including specialized training for specific areas/departments such as IT, HR, IT security, etc.
Advice during supervisory authority audits and inquiries
Drafting, advising on and supporting works agreements, policies, consent forms, guides and instructions for data protection compliance
Support in fulfilling information obligations under the GDPR, among others.

Apr 2018 - Jun 2019

1 year 3 months

Lawyer (employed)

A law firm specialized in data protection law

Creation of records of processing activities for controllers and processors, including process documentation
Conducting data protection gap analyses (actual vs. target)
Drafting data protection policies for companies and groups
Development of deletion and authorization concepts
Development of data protection concepts for employee data protection
Preparation of training materials for employee data protection training
Development of group-wide data protection management systems
Handling data subject requests under Art.15-22 EU GDPR
Handling inquiries related to data breaches

Jan 2018 - Mar 2018

3 months

Corporate Counsel in the group legal department

Brainlab AG (software-driven medical technology)

Review and negotiation of research and development agreements, focusing on medical device law
Contribution to the GDPR implementation project with a focus on patient and employee data protection

Feb 2015 - Dec 2017

2 years 11 months

Legal Counsel

EXTEDO GmbH (software provider for drug approval for the pharmaceutical industry)

Drafting, negotiating, and managing confidentiality agreements, including data protection clauses in individual countries for pharmaceutical companies
Legal advice on public tenders
Drafting, negotiating, and managing customer, partner, and procurement contracts in software licenses, software maintenance, SaaS, hosting, and professional services, including data protection clauses in individual countries
Legal support for the US subsidiary

Summary

Industries: Pharma, Digital Health, Medical Technology, Automotive, Banking, Public Companies, Government Agencies, Telecommunications, Insurance, Medical and Healthcare

Data protection tools knowledge: PrIME, OneTrust