DatenschutzExperte24
EN/DE Book a slot
1:1 consulting · GDPR & EU AI Act

Use AI — without the legal risk.

Whether you build with AI yourself or use an AI provider: in this 1:1 consultation we put your project on a GDPR- and EU-AI-Act-sound footing — concrete, tailored to your case, without a fog of legal jargon.

Book a consultation 45 min · 150 € · by video call
What we talk about

How I secure your AI project.

You bring the question — I bring the answer. Typical topics:

GDPR foundations for AI projects

Legal bases, purpose limitation, data minimisation — the foundation every AI project needs to stand on legally.

EU AI Act: obligations & deadlines

Which risk class applies to you, what becomes mandatory and when (incl. the AI literacy obligation, Art. 4) — and what that means concretely for your project.

Selecting & vetting AI providers

OpenAI, Copilot, US clouds & co.: DPA, third-country transfer, TIA, purpose limitation. Which provider is viable — and what to watch for in the contract.

GDPR-compliant development environment

For in-house developers: how to set up a dev/training environment in which personal data is cleanly separated, anonymised and logged.

Training data & legal bases

Where does the data come from, and on what legal basis? Scraping, customer data, fine-tuning — what is allowed, what is not, and how you document it.

Automated decisions & profiling

Art. 22 GDPR: when your AI enters sensitive territory (scoring, selection, evaluation) and how you ensure transparency and human oversight.

Staff & shadow AI

Your team is already using ChatGPT — with or without approval. Policies, training and a secure framework, instead of letting data leak out uncontrolled.

DPIA & documentation

Data Protection Impact Assessment, records of processing activities, evidence — audit-proof and without bureaucratic overkill.

How it works

From enquiry to video call.

  1. 01

    Enquiry & contact

    You leave your contact details — this records your enquiry, even if you book later.

  2. 02

    Describe your concern

    You briefly describe what it is about. This lets me prepare specifically — no warm-up needed in the call.

  3. 03

    Choose a slot

    You pick a free 45-minute slot from the online calendar.

  4. 04

    Pay

    150 € conveniently via payment link — after that your slot is firmly reserved.

  5. 05

    Video call

    45 minutes 1:1 by video. Plain talk, concrete next steps, no sales pitch.

Choose a slot — 45 min · 150 €
Why work with me

Karl Pusch — technology & GDPR in one person.

Certified Data Protection Officer & Auditor

Verified qualification (TÜV Rheinland) — no half-knowledge picked up on the side.

In practice since 2016

100+ projects delivered, from sole traders to mid-sized companies.

AI & data protection from a single source

I understand the technology AND GDPR practice — that combination is rare.

Pragmatic, not theoretical

Solutions that work in everyday operations — not a binder for the drawer.

Verified qualification

Certified by TÜV Rheinland.

TÜV Rheinland — Verified qualification, ID 0000026192 TÜV Rheinland — Verified qualification, ID 0000033788 TÜV Rheinland — Verified qualification, ID 0000059462

Data protection, compliance and audit consulting — not legal advice.

Frequently asked questions

GDPR & EU AI Act — answered briefly.

What does GDPR and AI consulting with Karl Pusch cost?

The consultation lasts 45 minutes, takes place via video call and costs 150 €. In that time you work through your specific AI or data protection project and receive a risk assessment plus a prioritised action list. There is no sales pressure and no hidden follow-up costs.

What is the EU AI Act and when does it apply?

The EU AI Act (AI Regulation) is the EU-wide framework for the use of AI and classifies systems by risk. The AI literacy obligation under Art. 4 has applied since 02.02.2025; the penalty provisions have been applicable since 02.08.2025, and national enforcement starts from 02.08.2026. For companies, this means concrete action is needed right now.

Do I need a DPA if my staff use ChatGPT?

Usually yes: if an AI provider such as OpenAI processes personal data on your behalf, a data processing agreement (DPA) under Art. 28 GDPR is required. Without a DPA and without a verified legal basis, the use is open to challenge under data protection law. In the consultation we clarify exactly which contracts and settings you need.

When is a Data Protection Impact Assessment (DPIA) mandatory?

A DPIA under Art. 35 GDPR is required when a processing operation is likely to result in a high risk to the rights and freedoms of data subjects, for example with large-scale processing of sensitive data or systematic evaluation. Many AI projects fall into this category. In the call we check whether your project requires a DPIA.

Is this legal advice?

No. Karl Pusch is a data protection expert and certified Data Protection Officer (DPO), but not a lawyer. The consulting provides expert orientation, a risk assessment and concrete measures, but does not replace a case-by-case legal review by an attorney.

What concretely do I have in hand after the 45 minutes?

You leave the call with a clear assessment of the biggest data protection and AI Act risks of your project and a prioritised list of next steps. So you know what to do first, instead of getting lost in bureaucracy.

Still unsure? Start with the free AI compliance check.

Let's put your AI project on solid ground.

45 minutes 1:1, 150 € — focused on your situation. Afterwards you know what to do.

Book a consultation