Data protection with Dieter

lets you work focused works without prior knowledge creates immediate security does not steal your time and is not annoying provides all necessary documents & processes

lets you work focused
works without
prior knowledge
creates immediate
does not steal your time
and is not annoying

Dieter works with or without a data protection officer (DPO). Developed for small businesses looking for a reliable, legally compliant and cost-effective data protection solution. Data protection as a service! Simple, digital and always available.

How Dieter works

Play video

"Click by click" to GDPR compliance.

  • Making your company GDPR compliant is not a state, but a process. We support you in this as your official and TÜV-certified data protection officer.
  • The necessary appointment and notification of the data protection officer takes just a few minutes thanks to automated processes.
  • Even if you are not legally obliged to appoint a data protection officer, Dieter is the perfect solution to fulfill all legal obligations. We offer various data protection packages for this purpose.
  • We know the GDPR challenges of small businesses! Our tailor-made solutions help start-ups, freelancers, retailers, medical practices, craft businesses and other SMEs.
  • Full flexibility! You decide when and where you want to take time for "data protection". Take care of the most urgent problems first and then let Dieter guide you through all other requirements.
  • Just 5 minutes a week is enough to complete a subtask and make your company compliant with data protection regulations in the long term.

Did you know?

The appointment of a data protection officer is required by law if your company has at least 20 employees who regularly process personal data. It is important to note that part-time employees, temporary staff or interns are fully taken into account when calculating the number of employees.

The appointment may also be mandatory for companies which, due to their nature, scope and/or purposes, require extensive, regular and systematic monitoring of data subjects or if the core activity consists of the extensive processing of special categories of data (Art. 9 GDPR).

We analyze whether your company is affected by this in a free data protection check-up at the beginning. You can start this immediately and test Dieter 's functions.

All companies must meet the requirements of GDPR . This applies regardless of the number of employees and therefore even for sole traders and solo self-employed persons.

These companies must also comply with the general data protection principles (such as lawfulness, transparency, purpose limitation, data minimization, etc.), inform data subjects about data processing and implement technical and organizational measures to protect personal data. In addition, "small" companies are also obliged to keep a register of all processing activities and a deletion concept, introduce processes for the correct handling of data protection violations and much more.

With Dieter, you no longer have to worry. We'll take care of everything you need to fulfill your legal obligations.

The appointment of an internal data protection officer has the advantage that he or she regularly knows the company well and has direct access to the necessary information. However, effective ways must also be found here as to how this information can be translated into legally required measures. It should also be noted that in this constellation (irrespective of any special protection against dismissal that needs to be examined) there is a dependency between the employee and the employer. This can quickly lead to a conflict of interest that negatively affects both the core activity and the activity as a DPO. In addition, the employer is responsible for compensating for short or long-term absences of the DPO internally.

The appointment of an external data protection officer initially excludes the disadvantages mentioned above. Here it is possible to conclude a fixed-term contract, communicate on an equal footing and change the service provider if necessary. A good data protection officer should always consider the needs of the company and bring them into line with the legal obligations. The experience required for this is a basic prerequisite for professional external DPOs to provide successful advice.

The appointment of a data protection officer is a legal act that can be compared to an appointment. Through the appointment, the data protection officer is officially appointed in his or her function and thus assumes rights and obligations. To ensure that the organization is sufficiently protected, the necessary formalities must be observed and the appointment must be carried out properly.

The data protection officer must notify the competent data protection supervisory authority. This authority is responsible for monitoring compliance with data protection regulations and acts as a point of contact for data protection matters. It is important to ensure that the notification is made properly and that all the necessary information is included.

Almost all German companies use services from companies (Google, Microsoft, Meta, Amazon, etc.) with which an international data protection contract (SCC/JC) must be concluded. In addition, digital service providers necessarily "receive" personal data from their clients for the service they offer. In these cases, it is imperative to check whether and with whom so-called order processing agreements (AVVs) must be concluded. Dieter takes over this check and also always provides the correct contract.

Warning letters due to GDPR violations have increased steadily in recent years. This is exemplified by the numerous warnings for the GDPR-compliant use of Google Fonts in the summer of 2022. Irrespective of the fact that some of these warnings were not lawful, they were based on a decision by the LG Munich in January 2022. In addition, the European Court of Justice (ECJ) ruled at the end of 2022 that consumer associations are generally entitled to issue warnings for a GDPR violation. These (and other) court decisions suggest further waves of warning letters. These can affect all companies that do not take care of their legal obligations.

A GDPR-compliant website is the first step in effectively protecting yourself from warning letters. In 2022, there were already countless warnings due to the unlawful use of Google fonts. Dieter not only takes care of your data protection concerns, but also creates your Legal notice.

The data protection supervisory authorities have started to carry out random audits. For companies with fewer than 20 employees, the statistical risk of being affected by one is over 10:1.

In Germany, around 85% of all German companies were victims of a cyber attack in 2022. Each affected company incurred average costs of around €20,000 per incident. In addition, around 20% of customers terminate their contracts with affected companies or delete their accounts. Implementing mandatory technical and organizational measures (TOMs) alone significantly reduces the risk of being affected.

79% of Internet users are afraid of "data misuse". And quite rightly so! Because since 2022, personal data has been legally equivalent to a currency. Awareness of this is growing all the time. This data should be just as secure as a bank account. And that is what the implementation of the GDPR ensures.

More than 2/3 of the participants in a study on "Consumer data and data protection" (commissioned by McKinsey & Company) stated that they would no longer want to be a customer of or work with a company that does not protect their data or passes it on without a legal basis. It also proves that responsible handling of personal data and compliance with all legal obligations is a clear competitive advantage.

It refers to the fact that every person has the right to determine for themselves what personal (and therefore very private) data about them is collected, stored and used. It also provides the opportunity to prevent abuse, fraud and discrimination. Data protection is thus an essential component of the (fundamental) right to informational self-determination under the German Basic Law. This right protects the privacy, identity and freedom of every person and is therefore essential for a democratic society. Respecting it should be a matter of course for every company.

What our customers say:

"Data protection, but simple! Dieter takes you by the hand right from the start and guides you through the entire data protection process. For us, the all-in-one tool we were looking for and found with Dieter."

Information Technology and Services

"Data protection for SMEs is quickly done with Dieter. Dieter explains everything you need to know in an entertaining conversation. If he needs information to create a document (e.g. Privacy Policy), he asks at the appropriate time. This doesn't give the dusty impression of a long form with blocks of text at the end. "

"The intuitive guidance allows you to work through each topic step by step. You can stop at any point and continue later if you are interrupted. All in all, a really good solution for SMEs. Once you have entered everything, everything is securely organized digitally and can be accessed/presented at any time. I'm really very happy to have found this software." 

"Data protection should be implementable for every company! Without prior knowledge, affordable and with a small investment of time. That's exactly what this service offers."

Damian W.
Manager in the field: AI

That's why Dieter!

Dieter does the data protection. And you do your work.

All required GDPR documents

Dieter creates all the necessary documents for the implementation of GDPR, such as your privacy policy or the register of processing activities. The complex requirements of GDPR are converted in a comprehensible manner and queried using simple yes/no answer options.

The right processes for the job

Dieter doesn't leave you on your own, but tells you what to do, when and how. Only with the right processes can you achieve effective data protection and save time and money in the process. You too can benefit from our automated solutions for your company.

Making decisions without prior knowledge

The integrated data protection management system enables an immediate start without prior knowledge. Dieter guides you clearly through all legal requirements and collects your results in one place. Complete your tasks "step by step" and in just 10 minutes per week.

Still undecided?
Book your privacy journey now and check in with Dieter.

Sometimes you just want to strap on your rucksack and set off on an adventure. You pack up and see what happens. It is often unclear when you will arrive where and how. In this case, that's not a problem. The journey itself is the destination.

However, this "backpack strategy" is not recommended on your journey to fulfill all data protection requirements. You should know exactly which stages to take and when.

We plan your trip like a good travel agency. All inclusive, of course. Dieter takes on the role of your tour guide and accompanies you from the very beginning. That may sound a bit boring. But do you really want to experience an adventure with an uncertain outcome?


DIETER was developed by a lawyer and data protection officer, a UX designer and business economist as well as a data scientist and full-stack web developer.

In addition to a long-standing friendship, we are connected by an increasing number of inquiries on data protection issues and thus a clear realization: Existing solutions are very time-consuming and cost-intensive and still usually do not deliver satisfactory results.

Principles of simply Legal GmbH


We are convinced that all people should spend as much time as possible in their lives on "activities of pleasure". Meeting the legal requirements of the GDPR is certainly not one of them for most. That's why we work to keep this (necessary and) annoying part as small as possible for our customers.


Every individual is often capable of much more than he or she gives himself or herself credit for. We can make a small contribution to the empowerment of the individual by breaking through the sovereignty principle of so-called legal experts. A large part of (data protection) law can be automated and can be mastered by anyone without prior knowledge.


The new digital contract law (Section 312 (1a) and Section 327 (3) of the German Civil Code) equates the transfer of personal data for supposedly free online services with a monetary payment. This means a legal equation of money and data. Your money should be as safe as possible. So should your data.



We rethink "law" and therefore look for the simplest solution to meet all data protection requirements. In this way, our customers achieve GDPR-compliant processes in the long term and can start with the real "pain points". The level of data protection in each company builds up piece by piece. Our customers receive fundamentally effective protection against penalties from day one.