Let’s be honest: No one starts a company because they love data privacy.

Well – maybe I did. That’s why I handle it for you.

Book your free intro call

Is this where you are right now?

You’ve built something that’s starting to take off.

Your product works, your team is growing, and you’re beginning to see real traction in the market.

You’ve refined your offer, you’re attracting bigger clients, and things are finally running smoother behind the scenes.

You’re starting to think long-term, setting up better systems, hiring experts, and planning your next steps for international growth.

And Europe is on your radar. Maybe you already are in Europe.

But one thing keeps slipping down the to-do list

Is it time to finally deal with that whole GDPR thing?

But you’re not quite sure where to start. Meanwhile, your team is busy shipping features, onboarding clients, and preparing for the next funding round. So that GDPR task keeps getting moved to “later.”

You’ve postponed it long enough, but every time a client asks for a Data Processing Agreement or a European partner mentions compliance, you’re reminded that it’s still not done.

Here’s the thing:

Scaling into Europe is absolutely possible, but when GDPR and compliance remain half-done, the risk starts to follow you.
Fines, partner audits, customer doubts; they’re never urgent until they suddenly are.

And it doesn’t have to be that way.

Your legal partner for EU expansion

Hi, I’m Kolja Strübing – German lawyer and data protection officer (DPO) with 5 years of work experience. I’m specializing in data protection, IT law, and information security.

In the past, I have been lawyer and CEO of a legal start up, then DPO and data privacy consultant. Later, as head of the data data privacy and information security department in a consulting company, I have led compliance projects for clients in Europe, the US, and Asia.
 
Now, I help international companies in achieving compliance with EU regulations. 

A quick reality check

As a lawyer working with international tech companies and fast-growing startups, I often see the same situation: Teams know they have to “do something about GDPR”; they just don’t know where to start. At the same time, GDPR – fines can be up to 20 Mio. € or 4 % of the annual turnover, whichever is higher. 

The truth is, filling out endless compliance checklists and using pre-made templates won’t get you anywhere if you don’t know what they are for.
What you need is a clear, practical structure that fits your business and scales with it.

If you’re scaling in Europe, now is the right time to build the legal foundation that supports your growth instead of slowing it down.

This looks like:
✍️ Making sure your GDPR setup actually matches how your product and data flows work.
✍️ Reviewing your commercial contracts, data processing agreements, and vendor terms before you expand.
✍️ Setting up a consistent legal framework that keeps your product launch-ready for new markets.

You don’t want to lose a deal or delay an investor meeting because of a missing clause or an outdated privacy setup. 

Good legal protection should be clear, practical, and affordable, something that makes your next step easier, not harder.

I help you understand exactly what you need to operate confidently in the European market.

My services 

Data Protection Compliance (GDPR)

Advising international companies on the implementation and further development of GDPR requirements:

  • Data processing and joint controllership agreements
  • Privacy notices, internal policies, and training
  • International and Third Country Data Transfers
  • Data protection management systems (DPMS)
  • Data Protection Impact Assessments (DPIA)

Data Act 

Supporting companies in implementing the EU Data Act and developing transparent, legally sound data structures:

  • Analysis of data flows and access rights
  • Drafting of data sharing and access agreements
  • Governance structures for data access, use, and sharing
  • Integration of GDPR, Data Act, the protection of trade secrects, AI Act etc. into a coherent data strategy

AI Law

Advising on the requirements of the AI Act for the use and development of AI systems:

  • Classification of AI systems (including high-risk systems)

  • Creation of internal policies, risk analyses, and compliance documentation

  • Contract drafting in line with AI Act requirements

  • Training on legal obligations and accountability in order to obtain AI – literacy (Art. 4 AI Act)

Data Protection Officer (DPO as a Service)

Full service as Data Protection Officer:

  • Acting as external DPO under Art. 37 ff. GDPR

  • Ongoing legal support for management, product, and IT teams

  • Advice on communication with supervisory authorities 

  • Advice on data subject requestes
  • Data protection training

IT Contract Law

Legal support for software development, cloud, and outsourcing projects:

  • IT and SaaS agreements

  • Software licensing and development contracts

  • General terms and conditions (GTCs)

  • Outsourcing and service level agreements

  • IT project contracts involving data protection and information security

Website Check

I review your website in regard to:

  • Cookies and Tracking Tools
  • Pictures, videos & Copyright
  • Legal Texts, e.g. privacy policy and imprint
  • Data Protection Principles
  • E-commerce law
  • email Marketing
  • and the needs in your individual case

 

Let’s get in touch

 

3 + 13 =