A serious data protection consultation should always begin with an audit to determine which data protection deficits an organization has and which measures need to be implemented. Audits can be carried out e.g. on company, department and application level. The data protection requirements can be projected almost equally on every level. During an audit it can be determined, for example, whether and which gaps exist in the data protection documentation, which existing technical and organizational measures do not meet the legal requirements or whether and to what extent active business processes and applications need to be optimized under data protection aspects.