Patrick U.

Interim Manager & Consultant for Data, AI & Regulatory Governance

Avatar placeholder
Grasbrunn, Germany

Experience

Apr 2024 - Aug 2024
5 months
Berlin, Germany

Interim Management | Consulting & Implementation | Data Deletion in SAP

BSR (Berlin City Cleaning)

  • Topics: Business analysis, data protection, data management, stakeholder management, concept design
  • This project focuses on developing and implementing a strategic approach to data deletion in SAP systems. The goal is to identify relevant data and structures during system migration to ensure both data protection and IT system efficiency. At the same time, downtime should be minimized and regulatory requirements met.
  • Developing a comprehensive strategy for data deletion in SAP systems, considering data protection laws and business requirements.
  • Ensuring efficient and structured transfer of data into the new system.
  • Optimizing system efficiency and reducing downtime during the migration.
  • Creating functional and technical designs to ensure legally compliant and sustainable data management.
  • Topic preparation: In-depth review of the "data deletion" field to lay the groundwork for a structured data migration.
  • Defining the project structure: Setting roles, interfaces and the project’s organizational structure.
  • Regulatory requirements: Analyzing data protection regulations and business needs to define deletion criteria.
  • Approach: Developing scenarios and methods for data cleansing and deletion.
  • Deletion strategies: Crafting functional and technical deletion plans that guide implementation and set clear standards.
  • Setting deletion criteria: Defining which data and structures should be deleted or transferred.
  • Responsibilities: Clarifying responsibilities within the project team and among stakeholders.
  • Analysis of ongoing activities: Identifying and documenting current efforts in the "data deletion" area.
  • Effort, cost and timeline planning: Estimating resources, time and budget.
  • Implementation initiatives: Developing and executing measures to carry out the defined deletion strategies.
  • IT system efficiency: Reviewing the existing IT infrastructure to find optimization opportunities for data deletion and transfer.
  • Technology trends: Evaluating new technologies and tools that can support the data cleansing process.
  • Cost-benefit analysis: Assessing the financial impact of data cleansing and new solution approaches.
  • Risk management: Identifying potential risks during implementation and creating measures to mitigate them.
  • This project lays the foundation for a sustainable and legally compliant data migration to a new SAP system. With a clear data deletion approach, data protection requirements are met, downtime is reduced and the new system’s efficiency is increased. The results and recommendations will help companies develop a future-proof data strategy that meets both legal and business needs.
Mar 2024 - Oct 2024
8 months
Germany

Interim Management | Consulting & Implementation | Customer Data

E.ON Germany

  • Topics: Business analysis, data protection, customer journey, data management, stakeholder management
  • E.ON places great value on excellent customer experience, especially in managing customer consents, using customer data to personalize communication, and legally compliant, accurate customer outreach across all business areas. Against this background, the Customer Experience Management team introduced a new customer engagement excellence function. A new customer platform will also be implemented to better use collected customer data for sales, especially in new areas like solar, heating and smart home.
  • Implementation of the customer engagement excellence function: coordinating and improving customer communication across the company.
  • Optimizing the use of customer data: increasing the efficiency and effectiveness of up- and cross-selling measures.
  • Ensuring compliance: providing a clean and automated consent process management.
  • Promoting synergies: implementing business requirements technically across departments.
  • Supporting subprojects: assisting various projects in customer data and digital sales, e.g. One Customer ID, the new engagement function and increasing the advertising opt-in rate.
  • Requirements gathering and definition: working with sales and consent management teams to develop and align use cases.
  • Compliance review: close coordination with the legal department to ensure regulatory requirements are met.
  • Stakeholder and project management: coordinating and communicating with stakeholders and preparing management-ready presentations.
  • In this project, business analysis played a key role in identifying and defining the different needs of business units. Use cases were developed that consider both business goals and legal frameworks. Aligning these use cases with the legal department was essential to ensure compliance. Extensive stakeholder management activities were also carried out to coordinate the various interests and requirements and ensure efficient project delivery.
  • Introducing the new customer engagement excellence function and the new customer platform at E.ON was a major step in improving customer experience. By using customer data strategically and ensuring compliance, the efficiency and effectiveness of customer communication were significantly increased. Close collaboration with different business units and thorough business analysis helped achieve project goals. The new systems and processes allow E.ON to better meet customer needs and capitalize on new sales opportunities.
Feb 2024 - Mar 2024
2 months
Germany

Interim Management | Consulting & Implementation | EU Data Act (Concept Project)

Volkswagen Group Germany

  • Topics: data governance, data protection, data access, data management, stakeholder management
  • This project focuses on a detailed study and analysis of the impact of the EU Data Act and the access-to-vehicle data regulations on the ecosystem of digital B2B services, especially services like Fleet Interface and Connect Pro. The goal is to develop a thorough understanding of the potential opportunities and risks these rules bring to the planned holistic ecosystem.
  • Analyzing the implications of the EU Data Act and access-to-vehicle regulations for digital services and the overall planned ecosystem.
  • Assessing possible scenarios, risks and opportunities arising from these rules, especially regarding competition, third-party interactions and the market environment.
  • Developing solid recommendations for designing and adapting digital B2B products and services.
  • In-depth review of the EU Data Act and access-to-vehicle provisions, with a special focus on effects for digital services like Fleet Interface and Connect Pro.
  • Evaluating legal frameworks and their influence on the proposed ecosystem.
  • Creating and evaluating different scenarios that envision the future of digital B2B services under the new rules.
  • Identifying and assessing potential risks and opportunities, including consideration of competition factors and market conditions.
  • Developing strategies to minimize risks and capitalize on identified opportunities.
  • Preparing analysis results and recommendations in professional presentation materials for internal and external communication.
  • Trends and developments: studying current trends and future developments in digital B2B services, including impacts of law changes like the EU Data Act and access-to-vehicle regulations.
  • Competitive analysis: detailed review of the competitive landscape to understand the company’s positioning and identify potential competitive advantages.
  • Stakeholder analysis: identifying and analyzing the needs and expectations of stakeholders, including end customers, partners and regulators.
  • Customer feedback: collecting and analyzing feedback on existing digital services to spot improvement areas and new requirements.
  • Inventory of the current technology landscape: analyzing existing IT infrastructure and technologies used for delivering digital services.
  • Technology trends: evaluating new technologies and solutions that could improve service efficiency, security and customer focus.
  • Cost-benefit analysis: assessing the financial impact of implementing new strategies, technologies and process improvements.
  • This project aims to prepare companies strategically for the challenges and opportunities from the EU Data Act and access-to-vehicle provisions. With solid analysis and strategic planning, it lays the groundwork for successfully adapting digital B2B services to the new regulatory framework. The findings and recommendations will help companies make their digital offerings future-proof and secure competitive advantages in a changing market environment.
Jan 2024 - Dec 2024
1 year

Founder

Al Governance Network (AIGN)

  • As founder of the Al Governance Network (AIGN), he currently shapes the international discussion on ethical AI, governance standards and compliance frameworks.
  • His network promotes exchange on best practices and the integration of responsible AI solutions in complex corporate environments.
Sep 2023 - Dec 2023
4 months
Germany

Interim Management | Consulting | IT Project Management for Data Protection Implementation

Viridium Group

  • Topics: data governance, data protection, data access, data management, stakeholder management
  • This project focuses on leading and coordinating IT data protection measures to ensure compliance with the GDPR and other relevant data protection laws for two core systems. It includes developing and implementing data protection strategies, working closely with internal and external stakeholders, analyzing and improving the compliance of existing IT systems, and continuously monitoring and enhancing data protection practices.
  • Ensuring GDPR compliance in IT systems.
  • Identifying and fixing data protection risks and vulnerabilities in the core systems.
  • Ensuring the effectiveness of data protection measures in IT projects.
  • Updating the data protection management system in line with new legal and technological developments.
  • Strategy development: creating and implementing data protection strategies aimed at full legal compliance.
  • Stakeholder management: working closely with the IT department, test and release teams, data protection officers and external consultants to ensure consistent data protection practices.
  • Data protection analysis: reviewing existing IT systems and processes for data protection compliance and spotting areas for improvement.
  • Risk management: identifying data protection risks and vulnerabilities and developing measures to address them.
  • Monitoring and reporting: continuously tracking data protection measures and producing reports and documentation for management.
  • Project planning: creating a detailed project plan including goals, timeline, resources, budget and milestones.
  • Resource management: efficiently allocating and managing staff, budget and equipment.
  • Quality assurance: ensuring project results meet established quality standards.
  • Budget management: monitoring and controlling project expenses to stay within budget.
  • Compliance and security: ensuring all relevant laws, regulations and company policies on data protection and IT security are met.
  • This project aims to create a robust data protection environment that guarantees the security and privacy of data in core systems by ensuring compliance with the GDPR and other relevant data protection laws. By working closely with all stakeholders and continuously improving data protection practices, the project will help build user trust and minimize the risk of data breaches.
Jan 2023 - Oct 2023
10 months
Germany

Interim Management | Consulting | IT Project Management for Data Protection

Uniper SA

  • Topics: Data Governance, Data Protection, Data Access, Data Management, Stakeholder Management, Compliance
  • This project focuses on identifying and analyzing the business, legal, and compliance requirements for data retention within an organization. The goal is to design, implement, and manage tailored retention policies that meet the identified requirements. These policies should be applied in the Microsoft 365 (M365) environment to ensure proper retention and deletion of data according to the set time frames.
  • Analyze data retention requirements from business, legal, and compliance perspectives.
  • Develop retention policies that meet the identified requirements.
  • Implement and assign retention policies to relevant data sources in M365.
  • Ensure the functionality and compliance of the retention policies.
  • Requirements analysis: Identify and analyze in detail the business, legal, and compliance-related requirements for data retention.
  • Policy design: Draft retention policies, including setting retention periods for different data types and defining actions at the end of those periods.
  • Policy implementation: Use M365 features to apply the developed retention policies and enable automated data retention management.
  • Policy assignment: Apply retention policies to the appropriate data sources within M365, such as emails, documents, and chats.
  • Policy testing: Conduct tests to verify the effectiveness and correct operation of the retention policies.
  • Monitoring and management: Regularly review and adjust the implemented policies to keep them up to date and aligned with changing requirements.
  • Audits and compliance checks: Perform audits and reviews to ensure adherence to the retention policies and legal requirements.
  • Documentation: Create and maintain detailed documentation of the retention policies, their implementation, and management processes.
  • This project ensures that the organization manages its data effectively in line with business, legal, and compliance requirements. By developing and implementing customized retention policies in the M365 environment, data integrity and security are maintained while minimizing risks related to data retention. Comprehensive user training and regular policy reviews ensure sustainable compliance and data management within the organization.
Jun 2022 - Sep 2022
4 months
Munich, Germany

Interim Management | Consulting | IT Project Management for Information Security IDV for a KAG

MEAG Munich Ergo Asset Management

  • Topics: Information security, ISO 27001, NIST, KAG, Compliance, Data Protection
  • This project aims to thoroughly analyze and optimize the data landscape of investment management companies (KAG). By examining the existing data infrastructure and identifying specific requirements, custom data processing workflows are developed and implemented. This includes reporting requirements, risk and performance analysis, and legal regulations. The project also covers the implementation of data protection and data security measures and consulting on current trends in data processing.
  • Analyze the existing data infrastructure to identify areas for improvement.
  • Identify the KAG’s specific data processing requirements.
  • Develop and implement tailored data processing workflows.
  • Optimize data processing workflows to increase effectiveness and efficiency.
  • Ensure data protection and data security compliance according to legal requirements.
  • Provide consulting on current trends and developments in data processing.
  • Data landscape analysis: Examine the existing data infrastructure, data sources, and processing workflows to determine the current state.
  • Requirements gathering: Capture the KAG’s specific needs for data processing, including reporting, risk and performance analysis, and legal compliance.
  • Data process design: Develop custom data processing workflows tailored to the KAG’s needs.
  • Implementation: Support the rollout of the developed workflows through programming, tool configuration, and staff training.
  • Monitoring and optimization: Continually review the implemented processes to ensure their effectiveness and identify improvement opportunities.
  • Data protection and security: Advise on implementing measures that ensure data protection and security.
  • Trend consulting: Inform the KAG about the latest developments in data processing and recommend adjustments to these trends.
  • Documentation and reporting: Create comprehensive documentation and provide regular updates on data processing progress.
  • Client consulting and support: Offer ongoing advice and support for the KAG’s internal and external clients.
  • By completing this project, investment management companies are enabled to design their data processing workflows efficiently and effectively. This not only leads to improved data quality and decision-making, but also ensures compliance with data protection and security rules. Continuous adjustment to current trends and process optimization contribute to the KAG’s long-term competitiveness.
Sep 2021 - Aug 2023
2 years
Germany

Interim Management | Consulting | IT Project Management for Data Protection and Information Security

Mobility Inside Plattform GmbH

  • Topics: Data Governance, Data Protection, Data Access, Data Management, Stakeholder Management, ISMS, Information Security, ISO 27001, BSI IT Baseline Protection
  • This project focuses on the strategic planning and implementation of measures in data protection, data security, and IT information security. Taking into account internal and external requirements, including legal and regulatory rules, the project aims to establish a robust security architecture that protects sensitive data while ensuring compliance with relevant standards and best practices.
  • Define strategic goals and priorities for data protection and IT security.
  • Develop and implement a comprehensive data protection concept.
  • Establish clear roles, responsibilities, and processes for data protection and IT security. Introduce ISMS.
  • Implement technical and organizational measures to ensure data protection and data security.
  • Increase employee awareness and skills in data protection and IT security.
  • Set up effective processes for managing data protection incidents and security incidents.
  • Strategic planning: Define strategic goals and focus areas, including legal and regulatory requirements.
  • Data protection concept: Draft a detailed concept covering processes, policies, roles and responsibilities, and technical and organizational measures.
  • Data protection policies and procedures: Develop clear policies and procedures that meet legal requirements and best practices.
  • Implement technical and organizational measures: Use technologies and processes like data encryption, access controls, and data backup procedures.
  • Monitoring and audit: Set up mechanisms for regular review and evaluation of data protection and security measures.
  • Incident management: Establish processes for effectively handling data protection incidents.
  • Reporting and communication: Develop communication channels.
  • Documentation: Create and maintain documentation for data protection processes and incidents.
  • Risk assessment: Conduct security risk assessments to identify potential threats and vulnerabilities.
  • Security framework: Develop a BSI IT security framework that includes all relevant policies, procedures, and technical controls.
  • Security technologies and controls: Implement security measures like firewalls, antivirus software, and access control systems.
  • BSI IT baseline protection preparation & implementation: Apply the BSI IT Baseline Protection catalog to ensure a high level of security.
  • This project lays the foundation for a secure and data protection–compliant IT environment.
Jul 2021 - Sep 2021
3 months
Germany

Interim Management | Consulting | IT Project Management for Data Analysis

Condor

  • Topics: Data Governance, Data Protection, Data Access, Data Management, Stakeholder Management
  • The goal of this project is to develop and optimize an airline's "My Account" section to offer a user-friendly, secure, and distinctive online customer experience. By carrying out a thorough needs analysis, considering competitive standards, and creating a concept tailored to customer needs, the project aims to add value for users. The technical implementation and compliance with security standards are the main focus.
  • Understand user needs through customer and stakeholder interviews.
  • Identify best practices and differentiation opportunities through competitive analysis.
  • Develop a detailed, user-centered concept for the "My Account" section.
  • Advise and support the technical implementation of the concept.
  • Ensure compliance with data protection regulations and security standards.
  • Needs analysis: Conduct interviews with customers and stakeholders to determine the desired features and information in the "My Account" section.
  • Competitive analysis: Review "My Account" sections of competitor airlines to identify best practices and potential areas for differentiation.
  • Concept design: Create a detailed concept based on the findings from the needs and competitive analysis, focusing on user needs.
  • Technical advisory: Support technical teams in choosing suitable technologies and developing user interface designs to ensure an intuitive and efficient user experience.
  • Security advisory: Advise on implementing data protection rules and security standards to secure customer data in the "My Account" section.
  • This project aims to make the airline's "My Account" section a central part of the customer experience, offering direct, secure, and personalized access to essential information and services. By combining user focus, technical expertise, and a strong emphasis on security, it creates a competitive advantage that boosts customer satisfaction and loyalty. All with data protection in mind.
Mar 2021 - Oct 2021
8 months
Wollerau, Switzerland

Interim Management | Consulting | IT Project Management for Data Strategy for an eCommerce Platform

R&D Vorwerk International

  • Topics: Data Governance, Data Protection, Data Access, Data Management, Stakeholder Management
  • This project includes a thorough analysis of the current subscription platform to gain a clear understanding of the technologies used, data structures, and existing data protection mechanisms. The goal is to plan and carry out a migration to a new subscription platform, with special focus on meeting data protection requirements. This involves identifying specific migration requirements, selecting a suitable target platform based on its data protection features, implementing the migration, and conducting post-migration data checks.
  • Analyze the current subscription platform to determine technologies, data structures, and data protection mechanisms.
  • Identify specific migration requirements with a focus on data protection.
  • Develop a detailed migration plan to protect customer data.
  • Select and evaluate a target platform based on its ability to meet data protection requirements.
  • Advise on data protection best practices during and after the migration.
  • Monitor the migration to ensure compliance with data protection regulations.
  • Conduct data checks to prevent data loss or breaches.
  • Current platform analysis: Perform a comprehensive review of the existing subscription platform to gain in-depth understanding of the system landscape.
  • Requirements gathering: Identify specific migration requirements, especially regarding data protection, by closely collaborating with relevant stakeholders.
  • Migration planning: Create a detailed migration plan that minimizes risks to customer data and meets all relevant data protection laws.
  • Target platform selection: Support the choice of the optimal target platform, including a thorough evaluation of its data protection and security features.
  • Data protection consulting: Provide expert advice on best practices in data protection to ensure a secure migration.
  • Migration implementation: Oversee the migration implementation to ensure adherence to the migration plan and data protection guidelines.
  • Data validation: Perform extensive data checks before, during, and after the migration to guarantee data integrity and safety.
  • This project ensures that the subscription platform migration follows strict data protection rules, prioritizing the security and privacy of customer data. Through careful planning, choosing the right target platform, and continuous migration monitoring, risks are minimized and compliance with current and future data protection requirements is guaranteed.
Jan 2021 - Feb 2021
2 months
Germany

Interim Management | Consulting | IT Project Management for Data Analysis

Aldi International

  • ALDI Pay --> design for introducing an ALDI Pay credit card
  • Project was discontinued
Nov 2020 - Jun 2021
8 months
Germany

Interim Management | Consulting | IT Project Management for Information Security & Data Privacy for the ONE eCommerce Platform

Volkswagen Group Germany

  • Topics: Data governance, data privacy, data access, data management, stakeholder management, metadata, information security
  • This project focuses on designing and implementing IT governance and compliance processes for the Volkswagen Group's "ONE.SHOP" eCommerce platform. The goal is to create a comprehensive compliance framework that meets GDPR, FOSS (Free and Open Source Software), and IT security requirements. Core tasks include developing IT security measures, modeling data privacy processes, and implementing data deletion strategies.
  • Establishing data governance and compliance processes, including approval workflows.
  • Ensuring IT information security according to the IT baseline protection and conducting penetration tests.
  • Implementing GDPR-compliant IT system documentation for the "ONE.SHOP" eCommerce platform.
  • Modeling data privacy processes to ensure transparency and compliance.
  • Creating and implementing deletion policies in line with GDPR and legal retention requirements.
  • Designing data governance and compliance processes: developing procedures to ensure GDPR, FOSS, and IT security standards are met. Setting up approval workflows for new and existing eCommerce platform features.
  • Information security measures: implementing security controls based on IT baseline protection, including penetration tests to identify and fix vulnerabilities.
  • GDPR-compliant IT system documentation: developing and rolling out system documentation that meets GDPR requirements and clearly records data processing activities.
  • Data privacy process modeling: using ARIS or Visio-BPMN to visualize and model relevant data privacy processes to ensure compliance and transparency.
  • Creating deletion concepts: developing strategies for data removal that comply with legal retention periods, including identifying data categories and analyzing data flows.
  • Implementing deletion requirements: coordinating the technical and procedural implementation of deletion policies in the eCommerce platform's IT systems and business processes.
Apr 2019 - Nov 2020
1 year 8 months
Munich, Germany

Interim Management | Consulting | IT Project Management for Data Privacy and Information Security

MEAG Munich Ergo Asset Management

  • Topics: Data governance, data privacy, data access, data management, stakeholder management, ISMS, ISO 27001, NIST, compliance, archiving
  • This project focuses on improving IT information security and achieving GDPR compliance in a company's SAP and non-SAP systems. It includes building and integrating an Information Security Management System (ISMS), capturing ISMS-relevant measures, checking software and hardware compliance, conducting data flow analyses, and implementing archiving and deletion concepts. It also involves supporting KRITIS (critical infrastructure) topics, analyzing applications for GDPR compliance, and designing and implementing archiving and deletion packages in SAP BW systems.
  • Establishing a robust Information Security Management System (ISMS).
  • Ensuring IT security and GDPR compliance in SAP and non-SAP systems.
  • Performing data flow analyses and checks to comply with documented policies.
  • Implementing archiving and deletion concepts, especially for SAP systems.
  • Supporting the handling of KRITIS-related security topics.
  • Ensuring data privacy compliance in data usage and archiving.
  • Building an ISMS: integrating and enhancing an ISMS, including capturing and implementing IT security measures.
  • Implementing GDPR-compliant processes: introducing and reviewing processes to ensure GDPR adherence in SAP and non-SAP systems.
  • Software/hardware compliance checks: reviewing and ensuring that all used software and hardware components meet established policies.
  • Creating data flow analyses: carrying out analyses for SaaS and business process outsourcing services to identify data flows and their compliance with privacy requirements.
  • Implementing archiving solutions: using tools like OpenText for archiving in SAP modules (BW/FI/CO/REFX) and complying with GDPR SAP ILM policies.
  • Test management for blocking and anonymization concepts: developing and executing strategies for blocking and anonymizing personal data in SAP systems, especially REFX, SAP BW, and ERP.
  • Supporting KRITIS topics: advising and helping implement information security measures in critical infrastructures.
  • GDPR compliance analyses: evaluating applications for GDPR conformity and deriving necessary actions.
  • Archiving and deletion in SAP BW systems: designing and implementing packages for archiving and targeted deletion of data in SAP BW systems to meet GDPR.
  • By implementing this project, the company can achieve a high level of IT security and data privacy compliance across its SAP and non-SAP system landscape. Introducing an ISMS, implementing archiving and deletion policies, and continuously reviewing and adjusting IT security and privacy processes help minimize the risk of data breaches and effectively meet compliance requirements.
Dec 2017 - Feb 2019
1 year 3 months
Germany

Interim Management | Consulting | IT Project Management for Online Shop Rollout in Switzerland & Spain

Media Markt Saturn Germany

  • Topics: data governance, data privacy, stakeholder management, migration
  • This project covers planning, development, and rollout of an e-commerce platform, including migrating existing data from Switzerland and Spain to the cloud and redesigning the My Account section. It involves coordinating internal teams and external partners, risk management, quality assurance, training staff and partners, and monitoring platform performance. Connecting a payment service provider and ensuring efficient data flow are also part of the project.
  • Developing a detailed timeline and project plan for the e-commerce platform rollout.
  • Ensuring seamless integration and platform functionality by collaborating with internal teams and external partners.
  • Minimizing risks and challenges during the rollout process.
  • Conducting thorough tests to ensure platform quality and functionality.
  • Organizing training sessions for staff and external partners to support platform usage.
  • Monitoring and improving platform performance after rollout.
  • Migrating data to the cloud and integrating a payment service provider to optimize data flow and processes.
  • Project planning: creating a comprehensive timeline and project plan, identifying milestones and resources.
  • Coordination and collaboration: closely aligning with development, marketing, sales, customer service, and logistics, as well as coordinating with external partners like IT service providers, payment providers, and logistics companies.
  • Risk management: analyzing potential risks and developing strategies to minimize them.
  • Quality assurance: performing platform tests to ensure stability and functionality before go-live.
  • Training and training management: preparing and delivering training for all relevant stakeholders to ensure effective platform use.
  • Performance monitoring: continuously tracking platform performance to improve user experience and business outcomes.
  • Data migration: moving existing data from Switzerland and Spain to the cloud to enable centralized data storage and processing.
  • Payment provider integration: connecting a payment service provider to handle transactions and improve payment processes.
  • Optimizing data flow and processes: developing and implementing efficient data flows and processes to support business operations.
  • By successfully implementing this project, a powerful e-commerce platform is established that delivers an efficient and user-friendly online shopping experience. Careful planning and execution, close collaboration with all stakeholders, and continuous platform optimization help achieve the company's goals and secure long-term business success.
Oct 2017 - Dec 2017
3 months
Germany

Interim Management | Consulting | IT Project Management for App Rollout

Deutschlandcard - Bertelsmann

  • Analysis, design, and project planning
  • Business strategy and goal setting
  • Technology selection
  • Budget and resource planning
  • Requirements analysis
  • Process modeling
  • Data analysis
Jul 2017 - Sep 2017
3 months
Germany

Interim Management | Consulting | IT Project Management for Digital Freight Traffic Scheduling Process

Deutsche Bahn Next Digital Lab

  • Digital transformation --> Future concept
  • Analysis & concept development of digitalizing freight transport in Germany
Feb 2016 - Apr 2016
3 months
Germany

Interim Management | Consulting | IT Project Management for eCommerce Portal

Ergo Versicherungen

  • Professional support in expanding the IT customer portal in the areas of registration and authentication, self-service features like contract data display, contract services, claims processing and tracking, customer-focused offerings, increasing user numbers through incentives and advertising, and mobile services.
  • Support for program management in steering the program
Jul 2015 - Dec 2015
6 months
Germany

Interim Management | Consulting | IT Project Management for Receivables Management Concept

Deutsche Bahn

  • Analysis and planning of an IT marketing concept for receivables management (subscription model)
Dec 2014 - May 2015
6 months
Germany

Interim Management | Consulting | IT Project Management for eCommerce Portal

Verivox

  • Analysis, planning, support, execution and introduction of the online banking channel on the online platform.
Apr 2014 - Jun 2014
3 months
Germany

Interim Management | Consulting | IT Project Management for American Express Credit Card Rollout

Payback Deutschland

  • Planning, support, execution and rollout of the PAYBACK American Express credit card for PAYBACK, dm drugstore and Kaufhof

Summary

Shaping governance – between business, IT and regulation.

Patrick Upmann brings together business, technical and regulatory views and challenges into practical governance structures. He helps companies turn complex EU rules—like the AI Act, Data Act, DORA, NIS2 and GDPR—into measurable, auditable governance and accountability frameworks. With over 25 years of experience in data governance, compliance and governance, he builds integrated systems that link data, AI and resilience in one model—strategically, from a regulatory view and in practical terms.

Focus: He turns regulatory complexity into clear accountability systems, data-driven processes and trustworthy AI structures.

Systemic governance—connecting data, AI and resilience.

By 2026, companies face a new reality: DORA, NIS2, the EU AI Act, Data Act and GDPR do not stand alone—they form an integrated governance system. Data governance lays the foundation: data quality, ownership and control processes. DORA and NIS2 secure resilience and IT continuity, on which critical data and AI processes depend. The EU AI Act builds on these structures and demands proven accountability, risk management and model transparency.

He designs governance architectures and implementation programs that connect these regulatory pillars strategically and embed them operationally—from the data base through resilience structures to responsible AI. He supports organizations end-to-end—from strategic design to hands-on implementation, awareness training and cultural embedding. The result: sustainable compliance, measurable responsibilities and trust in data-driven systems.

Client benefits

He offers companies clear direction and effective risk avoidance in an ever more complex regulatory environment—with the strategic vision and hands-on mindset that push governance projects forward. As a bridge between business, IT and regulation, he links strategy to action and translates governance needs into scalable technical and organizational structures. By implementing relevant regulations and standards in an integrated way, he creates a uniform governance system instead of isolated measures—efficient, measurable and compatible with existing systems. This way, companies make visible progress in a short time, reduce audit and reputation risks and gain lasting control, trust and competitive strength.

Positioning

He develops governance structures that tie data, AI and resilience together—and turn compliance into a real competitive edge. He integrates requirements from the EU AI Act, Data Act, DORA, NIS2 and GDPR into organizational and technical control models, including AI risk assessments, model inventories and AI governance office design. Companies hire him when they need clear responsibilities, lasting compliance and governance security—at the crossroads of business, IT and regulation.

Skills

  • Core Competence**

  • Isms

  • Iso 27001/42001

  • Bsi It Baseline Protection

  • Nis1 Basic Requirements

  • Nis2 Control Frameworks

  • Eu Ai Act

  • Data Act

  • Data Governance Act

  • Data Governance Frameworks

  • Role Models

  • Asset Management

  • Gdpr

  • Dora

  • Nis2

  • Kritis

  • Policy-design & Regulatory Mapping

  • Ai Accountability

  • Explainability

  • Audit- & Compliance-readiness

  • Ai Risk Management

  • Data Protection By Design

  • Ai Ethics

  • Operational Resilience

  • Incident- & Crisis Response

  • Third Party Risk

  • Dora-testing

  • Nis2-reporting (24h/72h/final Report)

  • Data Ownership

  • Data Quality

  • Lifecycle Logging

  • Business Continuity

  • Supplier & Third-party Security

  • Management

  • Operating Model & Stewardship

  • Industry Expertise – Finance & Insurance**

  • Nis1/bsi Basic Requirements

  • Isms

  • Ict-risk

  • Dora-readiness

  • Data Governance

  • Operational-resilience-frameworks

  • Third-party Risk

  • Industry Expertise – Energy**

  • Data Governance

  • Consent Management

  • Ai Readiness

  • Nis2-governance

  • Critical-infrastructure-compliance

  • Industry Expertise – Automotive & Mobility**

  • Eu Data Act

  • In-vehicle Data

  • Ai Governance

  • Data-act-compliance

  • Usage Control

  • Industry Expertise – Retail & E-commerce**

  • Sap Data Governance

  • Reporting

  • Data Quality

  • Consent Automation

  • Ai Transparency

  • Industry Expertise – Public Sector / Critical Infrastructures**

  • Bsi

  • Nis2

  • Resilience Programs

  • Digital Resilience

  • Nis2-implementation Support

  • Public-sector Governance

  • Ai Governance Implementation Under Eu Ai Act And Data Governance Act

  • Consulting For Authorities & Regulators

  • Competencies – Governance & Regulation**

  • Eu Ai Act

  • Data Act

  • Data Governance Act

  • Gdpr

  • Dora

  • Nis2

  • Iso 27001/42001

  • Ai Office Governance Register

  • Competencies – Architecture & Organization**

  • Governance Operating Models

  • Raci

  • Policy Design

  • Audit & Control

  • Process Alignment

  • Governance Implementation & Change Enablement

  • Setting Up Ai Governance Offices & Committee Structures (Ai Governance Board, Risk Committees, Reporting To Executive Board/supervisory Board)

  • Competencies – Data & Ai**

  • Data Catalogs

  • Data Lineage

  • Data Quality Management

  • Ai Accountability

  • Explainability

  • Ethical Ai

  • Ai Risk & Impact Assessments (Including Ai And Fundamental Rights Impact Assessments)

  • Ai Model Inventory & Lifecycle Governance (Documentation, Registry, Monitoring, Bias/fairness Checks)

  • Competencies – Security & Resilience**

  • Isms

  • Bsi It Baseline Protection

  • Operational Resilience

  • Incident Response

  • Business Continuity

  • Third-party Risk

  • Regulatory Reporting Processes (Dora/nis2 Reporting Channels) & Integration Into Isms/operational Resilience

  • Competencies – Technologies & Tools**

  • Sap S/4hana

  • Sap Ilm

  • M365 Compliance

  • Snowflake

  • Power Bi

  • Databricks

  • Servicenow Grc

  • Onetrust

  • Colibra

  • Atlan

  • Atlassian

  • Mlflow

  • Azure Ai Governance

  • Vertex Ai Governance

  • Keycloak

  • Hashicorp Vault

  • Dirx (Iam)

  • Saml (Sso)

Languages

German
Advanced
Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions

Similar Freelancers

Discover other experts with similar qualifications and experience

Sandra K.
Sandra K.

Webinar Leader - Blackout Prevention and Preparation

View Profile
Agnieszka K.
Agnieszka K.

AI Ethics & Governance Consultant

View Profile
Martin L.
Martin L.

Senior Consultant

View Profile
Andreas G.
Andreas G.

Senior Strategy Advisor Workstream Enablement

View Profile
Biju K.
Biju K.

Freelance AI Strategist & Governance Expert

View Profile
Martin M.
Martin M.

Product Owner AI Learning Platform

View Profile
Michael T.
Michael T.

Advisor

View Profile
Burkhard H.
Burkhard H.

Consultant for Data Protection, AI, Compliance and Organizational Development

View Profile
Thomas M.
Thomas M.

Requirements Engineer (SPC) - ONE.CRM VW Salesforce Solution

View Profile
Erlijn V.
Erlijn V.

Science communicator and change manager

View Profile
Claudia H.
Claudia H.

IT Consulting & Coaching

View Profile
Christian F.
Christian F.

Freelance Interim Manager, Head of Operations & Service

View Profile
Matthias O.
Matthias O.

Test Manager

View Profile
Beate P.
Beate P.

Interim Head of Service

View Profile
Andreas E.
Andreas E.

AI Coach and Consultant

View Profile
Carolyn S.
Carolyn S.

Senior Business Development Manager

View Profile
Carsten W.
Carsten W.

Managing Consultant - IT Outsourcing-Services (IT, Voice, Data)

View Profile
Julia P.
Julia P.

CFO & Managing Director

View Profile
Andreas A.
Andreas A.

Project Manager for Network and Infrastructure Project Migration EU/US/MEX

View Profile
Ute V.
Ute V.

MSFT Copilot Champion (AI) - DACH

View Profile
Sascha S.
Sascha S.

Lecturer for Generative AI, Freelance Part-Time Associate

View Profile
Maher S.
Maher S.

Compliance Officer

View Profile
Christian S.
Christian S.

Operation Manager

View Profile
Adriana V.
Adriana V.

Board Member – Data Governance & Digital Strategy

View Profile
Lars J.
Lars J.

Project Manager & Data Privacy/Compliance Manager

View Profile
Lucien andré R.
Lucien andré R.

Founder and Managing Partner

View Profile
Onik M.
Onik M.

SAP SuccessFactors & S4HANA Consultant

View Profile
Ronald F.
Ronald F.

IT Consultant & Continuing Education

View Profile
Marc S.
Marc S.

Consultant / Interim / Freelance

View Profile
Alexander S.
Alexander S.

Owner and Managing Director

View Profile