Patrick Upmann
Interim Management | Consulting & Implementation | Data Deletion in SAP
Experience
Apr 2024 - Aug 2024
5 months Berlin, Germany
Interim Management | Consulting & Implementation | Data Deletion in SAP
BSR (Berliner Stadtreinigung)
- Topics: Business analysis, data protection, data management, stakeholder management, concept design
- This project focused on developing and implementing a strategic approach to data deletion in SAP systems. The goal was to identify relevant data and structures during a system takeover to ensure both data privacy and IT system efficiency while minimizing downtime and meeting regulatory requirements.
- Developed a comprehensive data deletion approach for SAP systems, considering legal and business needs.
- Ensured efficient and structured data transfer to the new system.
- Optimized system efficiency and reduced downtimes during migration.
- Created functional and technical concepts to guarantee compliant and sustainable data management.
- Topic preparation: In-depth study of "data deletion" to lay the groundwork for structured data migration.
- Defined project structure: Set roles, interfaces, and organization.
- Regulatory requirements: Analyzed data privacy and business rules to define deletion criteria.
- Methodology: Developed scenarios and approaches for data cleansing and deletion.
- Deletion concepts: Created functional and technical deletion blueprints with clear guidelines.
- Set deletion criteria: Defined which data and structures to delete or transfer.
- Responsibilities: Clarified team and stakeholder roles.
- Ongoing activities analysis: Identified and recorded existing data deletion efforts.
- Effort, cost, and timeline planning: Estimated resources, time, and budget.
- Implementation initiatives: Developed and executed measures to apply deletion strategies.
- IT system efficiency: Analyzed infrastructure to find optimization potential for data deletion and transfer.
- Technology trends: Evaluated new tools that support data cleansing.
- Cost-benefit analysis: Assessed financial impact of data cleanup and new solutions.
- Risk management: Identified implementation risks and defined mitigation measures.
- This project laid the foundation for compliant and sustainable data transfer to a new SAP system. A clear data deletion approach met privacy requirements, cut downtimes, and boosted system efficiency. The findings and recommendations help companies build a future-proof data strategy aligned with legal and business needs.
Mar 2024 - Oct 2024
8 months Germany
Interim Management | Consulting & Implementation | Customer Data
E.ON Deutschland
- Topics: Business analysis, data protection, customer journey, data management, stakeholder management
- E.ON places high value on excellent customer experience, especially in consent management, using customer data to personalize communication, and ensuring compliant outreach across all business units. A new “Customer Approach Excellence” function was introduced in customer experience management. A new customer platform was also planned to better leverage collected data for sales, including new areas like solar, heating, and smart home.
- Implemented the Customer Approach Excellence function: coordinated and improved customer communication across E.ON Deutschland.
- Optimized customer data usage: increased efficiency and impact of up- and cross-selling.
- Ensured legal compliance: set up a clean, automated consent management process.
- Fostered synergies: translated business requirements into cross-unit technical solutions.
- Supported subprojects: assisted with One Customer ID, the new customer approach function, and boosting opt-in rates.
- Requirements gathering: worked with sales and consent teams to define and align use cases.
- Compliance check: closely coordinated with legal to meet regulatory rules.
- Stakeholder and project management: communicated with stakeholders and prepared management-ready presentations.
- Business analysis was key: identified and specified unit needs, developed use cases balancing business goals and legal constraints, and aligned them with legal. Extensive stakeholder management ensured efficient project delivery.
- Launching the new customer approach function and platform at E.ON improved customer experience. By smartly using data and ensuring compliance, communication efficiency and impact rose significantly. Close work with business units and strong business analysis helped achieve project goals, allowing E.ON to better meet customer needs and seize new sales opportunities.
Feb 2024 - Mar 2024
2 months Germany
Interim Management | Consulting & Implementation | EU Data Act (Concept Project)
Volkswagen Group Germany
- Topics: Data governance, data protection, data access, data management, stakeholder management
- This project focused on detailed analysis of the EU Data Act and in-vehicle data access rules and their impact on the digital B2B service ecosystem, especially services like Fleet Interface and Connect Pro. The aim was to develop a deep understanding of potential risks and opportunities these regulations pose to the overall planned ecosystem.
- Analyzed implications of the EU Data Act and in-vehicle access rules for digital services and the ecosystem.
- Assessed scenarios, risks, and opportunities regarding competition, third-party interactions, and market environment.
- Developed solid recommendations for designing and adapting digital B2B products and services.
- In-depth study of the EU Data Act and in-vehicle access rules, focusing on services like Fleet Interface and Connect Pro.
- Reviewed legal frameworks and their impact on the ecosystem.
- Created and evaluated scenarios illustrating the future of digital B2B services under the new rules.
- Identified and assessed risks and opportunities, including competitive factors and market conditions.
- Proposed risk mitigation and opportunity-capturing strategies.
- Prepared analysis and recommendations in professional presentations for internal and external communication.
- Trends and developments: Studied current and future trends in digital B2B services, including regulatory changes.
- Competition analysis: Detailed review of the competitive landscape to identify positioning and advantages.
- Stakeholder analysis: Mapped needs and expectations of stakeholders, including customers, partners, and regulators.
- Customer feedback: Collected and analyzed feedback on existing services to spot improvements and requirements.
- Technology landscape review: Assessed IT infrastructure and tech for digital service delivery.
- Tech trends: Looked at new technologies that could enhance efficiency, security, and user focus.
- Cost-benefit analysis: Measured financial impact of new strategies, tech, and process improvements.
- This project prepared companies strategically for challenges and opportunities from the EU Data Act and in-vehicle access rules. Through thorough analysis and planning, it laid the groundwork for adapting digital B2B services to new regulations, helping companies future-proof their offerings and gain market advantage.
Jan 2024 - Dec 2025
1 yearFounder
AI Governance Network (AIGN)
- As founder of the AI Governance Network (AIGN), he shapes the international debate on ethical AI, governance standards, and compliance frameworks.
- His network fosters the exchange of best practices and integration of responsible AI solutions in complex corporate settings.
Sep 2023 - Dec 2023
4 months Germany
Interim Management | Consulting | IT Project Lead for Privacy Implementation
Viridium Group
- Topics: Data governance, data protection, data access, data management, stakeholder management
- This project focused on leading and coordinating IT privacy measures to ensure compliance with GDPR and other privacy laws for two core systems. It included strategy development and implementation, collaboration with internal and external stakeholders, analysis and improvement of existing systems’ privacy compliance, and ongoing monitoring and enhancement of privacy practices.
- Ensured GDPR compliance in IT systems.
- Identified and fixed privacy risks and weaknesses in core systems.
- Validated effectiveness of privacy measures in IT projects.
- Updated the privacy management system per new legal and technological developments.
- Privacy strategy: Developed and implemented comprehensive privacy strategies.
- Stakeholder management: Worked with IT, testing and release teams, data protection officers, and external consultants.
- Privacy analysis: Assessed systems and processes for compliance and improvement potential.
- Risk management: Identified privacy risks and defined remediation steps.
- Monitoring and reporting: Continuously tracked privacy measures and produced management reports.
- Project planning: Created detailed plans with goals, timeline, resources, budget, and milestones.
- Resource management: Efficiently allocated personnel, budget, and equipment.
- Quality assurance: Ensured project deliverables met standards.
- Budget management: Tracked and controlled expenses.
- Compliance and security: Ensured adherence to laws, regulations, and policies in privacy and IT security.
- This project built a robust privacy environment, securing core system data and strengthening user trust while minimizing breach risks.
Jan 2022 - Oct 2023
10 months Germany
Interim Management | Consulting | IT Project Management for Data Governance
Uniper SE
- Topics: Data governance, data protection, data access, data management, stakeholder management, compliance
- This project focused on identifying and analyzing business, legal, and compliance requirements for data retention within an organization. The goal was to design, implement, and manage tailored retention policies in Microsoft 365 (M365) to ensure proper data retention and deletion according to set timelines.
- Analyzed data retention requirements from business, legal, and compliance angles.
- Developed retention policies meeting identified needs.
- Implemented and applied policies to relevant M365 data sources.
- Ensured policy functionality and compliance.
- Requirements analysis: Mapped business, legal, and compliance needs.
- Policy design: Defined retention periods and end-of-life actions.
- Policy implementation: Used M365 features for automated data management.
- Policy assignment: Applied rules to emails, documents, and chats.
- Testing: Verified policy effectiveness and correctness.
- Monitoring and management: Regularly reviewed and updated policies.
- Audit and compliance checks: Conducted audits to confirm adherence.
- Documentation: Maintained details on policies, implementation, and management.
- This project ensured the organization managed data per business, legal, and compliance demands. Tailored M365 retention policies safeguarded data integrity and privacy, minimized retention risks, and supported long-term compliance.
Jun 2022 - Sep 2022
4 months Munich, Germany
Interim Management | Consulting | IT Project Management for Information Security (KAG)
MEAG Munich Ergo Asset Management
- Topics: Information security, ISO 27001, NIST, KAG, compliance, data protection
- This project aimed to analyze and optimize the data landscape of investment firms (KAG). By examining existing data infrastructure and uncovering specific needs, it developed and implemented custom data processing workflows, covering reporting, risk and performance analysis, and legal requirements. It also included privacy and security measures and advice on data processing trends.
- Reviewed current data infrastructure to spot improvements.
- Captured KAG-specific data processing needs.
- Designed and implemented tailored data workflows.
- Optimized processes for effectiveness and efficiency.
- Ensured privacy and data security per legal rules.
- Advised on emerging data processing trends.
- Data landscape analysis: Examined infrastructure, sources, and workflows.
- Requirements gathering: Collected KAG needs on reporting, risk/performance, and legal compliance.
- Process design: Built custom data processing workflows.
- Implementation: Supported rollout via configuration, programming, and training.
- Monitoring and optimization: Continuously reviewed processes for improvement.
- Privacy and security: Advised on measures to protect data.
- Trend consulting: Updated KAG on new developments and recommended adjustments.
- Documentation and reporting: Delivered comprehensive docs and regular progress reports.
- Client support: Provided ongoing advice and assistance to internal and external KAG clients.
- This project enabled investment firms to streamline data processes for better quality and decision-making while ensuring privacy and security. Continuous adaptation and optimization keep them competitive long-term.
Sep 2021 - Aug 2023
2 years Germany
Interim Management | Consulting | IT Project Management for Privacy & Information Security
Mobility Inside Platform GmbH
- Topics: Data governance, privacy, data access, data management, stakeholder management, ISMS, information security, ISO 27001, BSI IT-Grundschutz
- This project focused on strategic planning and implementing privacy, data security, and IT security measures. Considering internal and external, legal and regulatory requirements, it aimed to build a robust security architecture to protect sensitive data and ensure compliance with standards and best practices.
- Defined strategic goals and priorities for privacy and IT security.
- Developed and implemented a comprehensive privacy framework.
- Set clear roles, responsibilities, and processes; introduced an ISMS.
- Rolled out technical and organizational measures for privacy and security.
- Boosted employee awareness and skills in privacy and IT security.
- Established processes for incident management.
- Strategic planning: Defined goals, legal and regulatory needs.
- Privacy concept: Drafted detailed policies, roles, and measures.
- Policies and procedures: Created clear guidelines aligned with law and best practice.
- Technical and organizational measures: Deployed encryption, access controls, and backups.
- Monitoring and audits: Set up regular checks.
- Incident management: Developed effective response procedures.
- Reporting and communication: Built communication channels.
- Documentation: Maintained privacy incident and process records.
- Risk assessment: Conducted security risk analyses.
- Security framework: Developed a BSI-based framework with policies and controls.
- Security tech and controls: Implemented firewalls, antivirus, and access systems.
- BSI IT-Grundschutz: Applied the compendium for high security standards.
- This project set the stage for a secure, compliant IT environment.
Jul 2021 - Sep 2021
3 months Germany
Interim Management | Consulting | IT Project Management for Data Analysis
Condor
- Topics: Data governance, privacy, data access, data management, stakeholder management
- The goal was to design and optimize the "My Account" area for an airline, delivering a user-friendly, secure, and differentiated online experience. By conducting a needs analysis, benchmarking competitors, and creating a customer-centric concept, the project aimed to add value. Technical implementation and security compliance were key.
- Understood user needs through customer and stakeholder interviews.
- Identified best practices and differentiation via competitor analysis.
- Developed a detailed, user-centered concept for "My Account."
- Advised on technical implementation.
- Ensured data protection and security compliance.
- Needs analysis: Interviewed customers and stakeholders to gather feature requirements.
- Competitor analysis: Reviewed other airlines’ My Account areas for best practices and differentiation.
- Concept design: Built a concept based on findings, focusing on user needs.
- Technical advice: Helped teams choose tech and design interfaces for an intuitive experience.
- Security advice: Guided on data protection and security standards.
- This project aimed to turn the airline’s My Account section into a key element of customer experience, offering direct, secure, personalized access. The mix of user focus, technical know-how, and security created a competitive edge, boosting satisfaction and loyalty under privacy compliance.
Mar 2021 - Oct 2021
8 months Wollerau, Switzerland
Interim Management | Consulting | IT Project Management for Data Strategy on an eCommerce Platform
R&D Vorwerk International
- Topics: Data governance, privacy, data access, data management, stakeholder management
- This project involved a detailed analysis of the current subscription platform to understand its technologies, data structures, and privacy mechanisms. The goal was planning and executing a migration to a new platform, with a focus on privacy compliance. Tasks included defining migration needs, selecting a target platform with strong privacy features, implementing the migration, and validating data.
- Analyzed current subscription platform for tech, data structures, and privacy controls.
- Defined migration requirements with privacy focus.
- Developed a detailed migration plan to safeguard customer data.
- Selected and assessed a target platform for privacy compliance.
- Advised on privacy best practices during and after migration.
- Monitored migration to ensure privacy rules were met.
- Performed data validation to prevent loss or breaches.
- Platform analysis: Investigated system landscape in depth.
- Requirement gathering: Worked with stakeholders to define privacy-driven needs.
- Migration planning: Created a plan minimizing data risks and meeting laws.
- Target selection: Evaluated platforms’ privacy and security features.
- Privacy consulting: Shared best practices for a secure migration.
- Migration implementation: Oversaw to match plan and privacy specs.
- Data checks: Conducted thorough checks before, during, and after migration.
- This project ensured the subscription platform migration strictly followed privacy laws, protecting customer data. Careful planning, platform choice, and continuous monitoring minimized risks and ensured compliance now and in the future.
Jan 2020 - Feb 2021
2 months Germany
Interim Management | Consulting | IT Project Management for Data Analysis
Aldi International
- ALDI Pay → Concept for launching an ALDI Pay credit card
- Project was discontinued
Nov 2020 - Jun 2021
8 months Germany
Interim Management | Consulting | IT Project Management for Information Security & Data Protection for eCommerce Platform ONE
Volkswagen Group Germany
- Topics: Data governance, privacy, data access, data management, stakeholder management, metadata, information security
- This project focused on designing and implementing IT governance and compliance processes for the VW Group’s eCommerce platform "ONE.SHOP." The aim was to build a full compliance framework covering GDPR, FOSS (free and open-source software), and IT security. Key tasks included developing IT security measures, modeling privacy processes, and implementing deletion concepts.
- Established data governance and compliance processes, including approval workflows.
- Ensured IT security per BSI IT-Grundschutz and ran penetration tests.
- Created GDPR-compliant system documentation for ONE.SHOP.
- Modeled privacy processes for transparency and compliance.
- Developed and applied deletion concepts per GDPR and retention rules.
- Process design: Developed GDPR, FOSS, and IT security workflows and set up approvals for platform features.
- Security measures: Deployed BSI-based measures and ran penetration tests to fix vulnerabilities.
- GDPR documentation: Created and deployed system maps meeting GDPR.
- Privacy modeling: Used ARIS or Visio BPMN to visualize processes.
- Deletion concepts: Defined data categories and flows; set retention rules.
- Implementation: Coordinated technical and procedural deletion rule rollout in systems and processes.
Apr 2019 - Nov 2020
1 year 8 months Munich, Germany
Interim Management | Consulting | IT Project Management for Privacy & Information Security
MEAG Munich Ergo Asset Management
- Topics: Data governance, privacy, data access, data management, stakeholder management, ISMS, ISO 27001, NIST, compliance, archiving
- This project aimed to improve IT security and GDPR compliance in SAP and non-SAP systems. It included building and integrating an information security management system (ISMS), identifying ISMS measures, auditing software/hardware compliance, data flow analysis, and implementing archiving and deletion concepts. It also covered KRITIS (critical infrastructure) topics, app GDPR checks, and SAP BW archiving and deletion packages.
- Built a robust ISMS.
- Ensured IT security and GDPR compliance across SAP and non-SAP systems.
- Conducted data flow analyses and compliance audits.
- Implemented archiving and deletion concepts, especially for SAP.
- Supported KRITIS-related security tasks.
- Ensured data protection in use and archiving.
- ISMS setup: Integrated and expanded ISMS with security measures.
- GDPR processes: Introduced and reviewed GDPR-aligned workflows.
- Software/hardware checks: Verified compliance with policies.
- Data flow analysis: Mapped flows for SaaS and BPO services.
- Archiving solutions: Used OpenText for SAP modules (BW/FI/CO/REFX) per GDPR-ILM.
- Test management: Developed anonymization and blocking for SAP REFX, BW, and ERP.
- KRITIS support: Advised on critical infrastructure security.
- App GDPR analysis: Evaluated apps for GDPR compliance and scoped actions.
- SAP BW archiving: Designed and rolled out archiving and deletion packages.
- This project enabled high IT security and data protection across the landscape. ISMS, archiving, deletion, and continuous process review minimized breach risks and ensured compliance.
Dec 2017 - Feb 2019
1 year 3 months Germany
Interim Management | Consulting | IT Project Management for Online Shop Rollout in Switzerland & Spain
Media Markt Saturn Germany
- Topics: Data governance, privacy, stakeholder management, migration
- This project covered planning, developing, and rolling out an eCommerce platform, including migrating data from Switzerland and Spain to the cloud and redesigning the MyAccount area. It involved coordinating internal teams and external partners, risk management, quality assurance, training, and monitoring platform performance. Integrating a payment provider and ensuring efficient data flow were also key.
- Created a detailed timeline and project plan for rollout.
- Ensured seamless integration through teamwork with internal and external partners.
- Minimized risks and challenges during rollout.
- Conducted thorough testing for platform quality and function.
- Organized training for staff and partners.
- Monitored and improved platform performance post-launch.
- Data migration: Moved existing Swiss and Spanish data to the cloud for central handling.
- Payment integration: Connected a payment provider for smooth transactions.
- Data flow optimization: Developed efficient processes.
- Project planning: Identified milestones and resources.
- Coordination: Collaborated with development, marketing, sales, customer service, logistics, and external IT, payment, and logistics partners.
- Risk management: Analyzed risks and defined mitigation plans.
- Quality assurance: Ran tests before go-live.
- Training: Prepared and delivered stakeholder training.
- Performance monitoring: Tracked performance to boost user experience and business outcomes.
- This project delivered a powerful eCommerce platform with efficient, user-friendly shopping. Careful planning, collaboration, and ongoing optimization helped the company meet goals and secure lasting success.
Oct 2017 - Dec 2017
3 months Germany
Interim Management | Consulting | IT Project Management for App Rollout
Deutschlandcard - Bertelsmann
- Analysis, concept design, and project planning
- Business strategy and objectives
- Technology selection
- Budget and resource planning
- Requirements analysis
- Process modeling
- Data analysis
Jul 2017 - Sep 2017
3 months Germany
Interim Management | Consulting | IT Project Management for Digital Freight Schedule Process
Deutsche Bahn Next Digital Lab
- Digital transformation → Future concept
- Analysis & concept for digitizing Germany’s freight rail services
Feb 2016 - Apr 2016
3 months Germany
Interim Management | Consulting | IT Project Management for eCommerce Portal
Ergo Insurance
- Supported expansion of the IT customer portal in registration and authentication, self-service features like contract data display, contract services, claims service, and tracking; customer-oriented offers; increased user numbers through incentives and marketing; mobile services.
- Assisted program management with program steering.
Jul 2015 - Dec 2015
6 months Germany
Interim Management | Consulting | IT Project Management for Receivables Management Concept
Deutsche Bahn
- Analysis and planning of an IT marketing concept for receivables management (subscription model)
Dec 2014 - May 2015
6 months Germany
Interim Management | Consulting | IT Project Management for eCommerce Portal
Verivox
- Analysis, planning, support, execution, and launch of the online banking channel on the platform.
Apr 2014 - Jun 2014
3 months Germany
Interim Management | Consulting | IT Project Management for American Express Credit Card Rollout
Payback Germany
- Planning, support, execution, and launch of the PAYBACK American Express credit card for PAYBACK, dm, and Kaufhof
Summary
Patrick Upmann is an experienced interim manager and strategic consultant with over 20 years of expertise in data strategy, data protection, data governance, artificial intelligence (AI), and information security. He develops future-proof data strategies and supports companies in the compliant implementation of regulations such as the EU AI Act, the EU Data Act, and ISO 27001/42001. As founder of the "AI Governance Network" (AIGN) and with over 7,000 LinkedIn followers, he shapes the international discourse on ethical AI, governance standards, and compliance frameworks. His network promotes best-practice exchange and the integration of responsible AI solutions in complex corporate environments. By combining innovation with regulatory security, Patrick Upmann is a sought-after expert in digital transformation. He blends technical expertise with strategic vision and builds scalable AI governance models that prepare companies for the future. Patrick Upmann stands for the link between business analysis and project management. He helps companies navigate a dynamic regulatory environment like the EU AI Act and emerging technologies such as AI and data ethics. His ability to merge compliance with innovation makes him a go-to expert for digital transformation.
Languages
German
Native
Similar Freelancers
Discover other experts with similar qualifications and experience