Patrick Upmann - Interim Manager & Consultant for...

Q: Where is Patrick based?

Patrick is based in Grasbrunn, Germany .

Q: What languages does Patrick speak?

Patrick speaks the following languages: German (Advanced) .

Q: How many years of experience does Patrick have?

Patrick has at least 8 years of experience. During this time, Patrick has worked in at least 18 different roles and for 18 different companies . The average length of individual experience is 5 months . Note that Patrick may not have shared all experience and actually has more experience.

Q: What is Patrick's latest experience?

Patrick's most recent position is Interim Management | Consulting & Implementation | Data Deletion in SAP at BSR (Berliner Stadtreinigung) .

Q: What companies has Patrick worked for in recent years?

In recent years, Patrick has worked for BSR (Berliner Stadtreinigung) , E.ON Germany , Volkswagen Group Germany , Al Governance Network (AIGN) , and Viridium Group .

Q: Which industries is Patrick most experienced in?

Patrick is most experienced in industries like Information Technology , Professional Services , and Banking and Finance . Patrick also has some experience in Retail , Energy , and Automotive .

Q: Which business areas is Patrick most experienced in?

Patrick is most experienced in business areas like Information Technology , Project Management , and Business Intelligence . Patrick also has some experience in Legal , Quality Assurance , and Strategy .

Q: Which industries has Patrick worked in recently?

Patrick has recently worked in industries like Information Technology , Professional Services , and Energy .

Q: Which business areas has Patrick worked in recently?

Patrick has recently worked in business areas like Information Technology , Project Management , and Legal .

Recommended expert

Grasbrunn, Germany

Experience

Apr 2024 - Aug 2024

5 months

Berlin, Germany

Interim Management | Consulting & Implementation | Data Deletion in SAP

BSR (Berliner Stadtreinigung)

Topics: Business Analysis, Data Privacy, Data Management, Stakeholder Management, Conceptualization
This project focuses on developing and implementing a strategic approach for data deletion in SAP systems. The goal is to identify the relevant data and structures during system migration to ensure both data privacy and IT system efficiency. At the same time, downtime should be minimized and regulatory requirements met.
Development of a comprehensive approach for data deletion in SAP systems, considering data privacy and business requirements.
Ensuring efficient and structured data transfer to the new system.
Optimizing system efficiency and reducing downtimes during migration.
Creating functional and technical concepts to ensure compliant and sustainable data management.
Topic preparation: Detailed study of the "data deletion" area to lay the foundation for a structured data migration.
Definition of project structure: Setting roles, interfaces and the project's organizational structure.
Regulatory requirements: Analysis of data privacy regulations and business requirements to define deletion criteria.
Approach: Developing possible scenarios and methods for data cleansing and deletion.
Deletion concepts: Creating functional and technical deletion concepts that structure the implementation and provide clear guidelines.
Setting deletion criteria: Defining which data and structures to delete or transfer.
Responsibilities: Clarifying responsibilities within the project team and among stakeholders.
Analysis of ongoing activities: Identifying and collecting existing activities in the "data deletion" area.
Effort, cost and timeline planning: Creating estimates for resources, effort and budget.
Implementation initiatives: Developing and executing concrete measures to apply the defined deletion strategies.
IT system efficiency: Analyzing the existing IT infrastructure to identify optimization potential for data deletion and transfer.
Technology trends: Evaluating new technologies and tools that can support the data cleansing process.
Cost-benefit analysis: Assessing the financial impact of data cleansing and the introduction of new solution approaches.
Risk management: Identifying potential risks during implementation and developing appropriate mitigation measures.
This project lays the foundation for a sustainable and compliant data transfer to a new SAP system. With a clear approach to data deletion, it meets data privacy requirements, reduces downtimes and increases the efficiency of the new system. The results and recommendations will help companies develop a future-proof data strategy that meets legal and business needs.

Mar 2024 - Oct 2024

8 months

Germany

Interim Management | Consulting & Implementation | Customer Data

E.ON Germany

Topics: Business Analysis, Data Privacy, Customer Journey, Data Management, Stakeholder Management
E.ON places great value on excellent customer experience, especially regarding managing customer consents, using customer data to personalize customer communication, and legally compliant, precise customer outreach across all business areas. For this reason, a new customer outreach excellence function was introduced in customer experience management. In addition, a new customer platform will be implemented to better use collected customer data for sales purposes, especially for new business areas like solar, heating and smart home.
Implementation of the customer outreach excellence function: Coordinating and improving customer communication across the entire E.ON group.
Optimizing the use of customer data: Increasing the efficiency and effectiveness of up- and cross-selling measures.
Ensuring legal compliance: Providing a clean and automated consent process management.
Promoting synergies: Implementing business requirements technically across departments.
Supporting subprojects: Assisting various projects in customer data and digital sales, e.g., One Customer ID, the new customer outreach excellence function, and increasing the advertising opt-in rate.
Requirements gathering and definition: Working with the sales and consent management departments to develop and align use cases.
Legal compliance review: Close coordination with the legal department to ensure compliance with regulatory requirements.
Stakeholder and project management: Coordinating and communicating with various stakeholders and preparing management-ready presentations.
In this project, business analysis played a central role in identifying and defining the different requirements of the business areas. Use cases were developed that took into account both business objectives and legal frameworks. Aligning these use cases with the legal department was essential to ensure compliance. Extensive stakeholder management activities were also carried out to coordinate the various interests and requirements of those involved and to ensure efficient project execution.
The introduction of the new customer outreach excellence function and the new customer platform at E.ON marks a significant step toward improving customer experience. Through the targeted use of customer data and by ensuring legal compliance, the efficiency and effectiveness of customer communication was greatly enhanced. Close collaboration with different business areas and comprehensive business analysis helped achieve the project’s goals successfully. The new systems and processes allow E.ON to better meet customer needs and to effectively leverage new sales opportunities.

Feb 2024 - Mar 2024

2 months

Germany

Interim Management | Consulting & Implementation | EU Data Act (Concept Project)

Volkswagen Group Germany

Topics: Data Governance, Data Privacy, Data Access, Data Management, Stakeholder Management
This project focuses on a detailed study and analysis of the impacts of the EU Data Act and the regulations on Access to In-Vehicle data on the ecosystem of digital B2B services, specifically services like Fleet Interface and Connect Pro. The goal is to develop a comprehensive understanding of the potential opportunities and risks arising from these regulatory frameworks for the planned holistic ecosystem.
Analyzing the implications of the EU Data Act and Access to In-Vehicle regulations for digital services and the entire planned ecosystem.
Evaluating possible scenarios, risks and opportunities from these regulations, especially regarding competition, third-party interactions and the market environment.
Developing solid recommendations for designing and adapting digital B2B products and services.
In-depth examination of the EU Data Act and the Access to In-Vehicle provisions, with a special focus on impacts for digital services like Fleet Interface and Connect Pro.
Evaluating the legal frameworks and their influence on the planned ecosystem.
Developing and assessing different scenarios that depict the future of digital B2B services in the context of the new regulations.
Identifying and evaluating potential risks and opportunities arising from the regulations, including consideration of competitive factors and market conditions.
Developing strategies to minimize risks and capitalize on identified opportunities.
Preparing analysis results and recommendations in professional presentation materials for internal and external communication.
Trends and developments: Studying current trends and future developments in digital B2B services, including the impacts of legal changes like the EU Data Act and Access to In-Vehicle.
Competitive analysis: Detailed evaluation of the competitive landscape to understand the company’s positioning and identify potential competitive advantages.
Stakeholder analysis: Identifying and analyzing the needs and expectations of stakeholders, including end customers, partners and regulators.
Customer feedback: Collecting and analyzing customer feedback on existing digital services to identify improvement potential and new requirements.
Inventory of the current technology landscape: Analyzing existing IT infrastructure and technologies used for delivering digital services.
Technology trends: Assessing new technologies and solutions that have the potential to improve service efficiency, security and customer focus.
Cost-benefit analysis: Evaluating the financial impact of implementing new strategies, technologies and process improvements.
This project aims to strategically prepare companies for the challenges and opportunities arising from the EU Data Act and the Access to In-Vehicle provisions. Through solid analysis and strategic planning, it creates the foundation for a successful adaptation of digital B2B services to the new regulatory frameworks. The results and recommendations will help companies shape their digital offerings in a future-proof way and secure competitive advantages in a changing market environment.

Jan 2024 - Dec 2024

1 year

Founder

Al Governance Network (AIGN)

As the founder of the 'AI Governance Network' (AIGN), he currently shapes the international discourse on ethical AI, governance standards and compliance frameworks.
His network promotes the exchange of best practices and the integration of responsible AI solutions into complex corporate environments.

Sep 2023 - Dec 2023

4 months

Germany

Interim Management | Consulting | IT Project Management for IT Data Privacy Implementation

Viridium Group

Topics: Data Governance, Data Privacy, Data Access, Data Management, Stakeholder Management
This project focuses on leading and coordinating IT data privacy measures to ensure compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws for two core systems. It includes developing and implementing data privacy strategies, close collaboration with internal and external stakeholders, analyzing and improving the data privacy compliance of existing IT systems, as well as continuous monitoring and improvement of data privacy practices.
Ensuring GDPR compliance in the IT systems.
Identifying and addressing data privacy risks and vulnerabilities in the core systems.
Ensuring the effectiveness of data privacy measures in IT projects.
Updating the data privacy management system according to new legal and technological developments.
Strategy development: Creating and implementing data privacy strategies aimed at full compliance with data protection laws.
Stakeholder management: Close collaboration with the IT department, testing and release teams, data protection officers and external consultants to ensure consistent data privacy practices.
Data privacy analysis: Analyzing existing IT systems and processes for data privacy compliance and identifying improvement potential.
Risk management: Identifying data privacy risks and vulnerabilities and developing measures to address them.
Monitoring and reporting: Continuously monitoring data privacy measures and creating reports and documentation for management.
Project planning: Developing a detailed project plan including objectives, timeline, resources, budget and milestones.
Resource management: Efficient allocation and management of personnel, budget and equipment.
Quality assurance: Ensuring that project results meet established quality standards.
Budget management: Monitoring and controlling project expenses to stay within budget.
Compliance and security: Ensuring compliance with all relevant laws, regulations and company policies in data privacy and IT security.
This project aims to create a robust data privacy environment that ensures the security and privacy of data in the core systems by ensuring compliance with the GDPR and other relevant data protection laws. Through close collaboration with all stakeholders and continuous improvement of data privacy practices, the project will help build user trust and minimize the risk of data breaches.

Jan 2023 - Oct 2023

10 months

Germany

Interim Management | Consulting | IT Project Management for Data Protection

Uniper SA

Topics: Data Governance, Data Protection, Data Access, Data Management, Stakeholder Management, Compliance
This project focuses on identifying and analyzing the business, legal, and compliance requirements for data retention within an organization. The goal is to design, implement, and manage targeted retention policies that meet these requirements. These policies are applied in the Microsoft 365 (M365) environment to ensure proper retention and deletion of data according to set timeframes.
Analyze data retention requirements from business, legal, and compliance perspectives.
Develop retention policies that meet the identified requirements.
Implement and assign retention policies to relevant data sources in M365.
Ensure the functionality and compliance of the retention policies.
Requirement analysis: Identify and analyze in detail the business, legal, and compliance-related requirements for data retention.
Policy design: Create retention policies, including setting retention periods for different data types and defining actions at the end of these periods.
Policy implementation: Use M365 features to apply the developed retention policies for automated data retention management.
Policy assignment: Apply retention policies to the right data sources in M365, like emails, documents, and chats.
Policy testing: Run tests to check the effectiveness and correct operation of the retention policies.
Monitoring and management: Regularly review and adjust the implemented policies to keep them up to date and aligned with changing requirements.
Audit and compliance review: Conduct audits and checks to ensure the retention policies and legal requirements are met.
Documentation: Create and maintain detailed documentation of the retention policies, their implementation, and management processes.
This project ensures that the organization manages its data in line with business, legal, and compliance requirements. By developing and implementing custom retention policies in the M365 environment, data integrity and security are maintained while risks related to data retention are minimized. Comprehensive user training and regular policy reviews ensure sustainable compliance and data management within the organization.

Jun 2022 - Sep 2022

4 months

Munich, Germany

Interim Management | Consulting | IT Project Management for Information Security IDV for an Investment Company (KAG)

MEAG Munich Ergo Asset Management

Topics: Information Security, ISO 27001, NIST, KAG, Compliance, Data Protection
The project aims to thoroughly analyze and optimize the data landscape of investment companies (KAG). By examining the existing data infrastructure and identifying specific needs, tailored data processing workflows are developed and implemented. This includes meeting reporting requirements, risk and performance analysis, and legal guidelines. The project also covers implementing data protection and security measures and advising on current trends in data processing.
Analyze the existing data infrastructure to find improvement opportunities.
Gather the KAGs specific data processing requirements.
Develop and implement custom data processing workflows.
Optimize data processing workflows to boost effectiveness and efficiency.
Ensure data protection and security compliance with legal requirements.
Provide advice on current trends and developments in data processing.
Data landscape analysis: Examine existing data infrastructure, sources, and processes to understand the current state.
Requirements gathering: Collect the KAGs specific needs for data processing, including reporting, risk and performance analysis, and legal compliance.
Workflow design: Develop custom data processing workflows that match the KAGs needs.
Implementation: Support the rollout of the workflows through programming, tool configuration, and staff training.
Monitoring and optimization: Continuously review the implemented processes to ensure they work effectively and find areas for improvement.
Data protection and security: Advise on measures that ensure data protection and security.
Trend advice: Inform the KAG about the latest data processing trends and recommend adjustments.
Documentation and reporting: Create detailed documentation and regular progress reports on the data processing.
Client consulting and support: Provide ongoing consulting and support for internal and external clients of the KAG.
This project enables investment companies to make their data processing workflows efficient and effective. It improves data quality and decision-making and ensures compliance with data protection and security rules. Continuous adaptation to current trends and process optimization contributes to the long-term competitiveness of the KAG.

Sep 2021 - Aug 2023

2 years

Germany

Interim Management | Consulting | IT Project Management for Data Protection and Information Security

Mobility Inside Plattform GmbH

Topics: Data Governance, Data Protection, Data Access, Data Management, Stakeholder Management, ISMS, Information Security, ISO 27001, BSI IT Grundschutz
The project focuses on the strategic planning and implementation of measures in data protection, data security, and IT information security. Considering internal and external requirements, including laws and regulations, the project aims to establish a robust security architecture that protects sensitive data and ensures compliance with relevant standards and best practices.
Define strategic goals and priorities for data protection and IT security.
Develop and implement a comprehensive data protection concept.
Set clear roles, responsibilities, and processes in data protection and IT security. Introduce ISMS.
Implement technical and organizational measures to ensure data protection and data security.
Increase employees awareness and skills around data protection and IT security.
Establish effective processes for handling data protection and security incidents.
Strategic planning: Define strategic goals and focus areas, including legal and regulatory requirements.
Data protection concept: Draft a detailed concept covering processes, policies, roles, responsibilities, and technical and organizational measures.
Policies and procedures: Develop clear policies and procedures that meet legal requirements and best practices.
Implementation of measures: Use technologies and processes like encryption, access controls, and data backup.
Monitoring and audit: Set up mechanisms for regular review and assessment of data protection and security measures.
Incident management: Establish processes for effective handling of data protection and security incidents.
Reporting and communication: Develop communication channels.
Documentation: Create and maintain documentation on data protection processes and incidents.
Risk assessment: Conduct security risk assessments to identify potential threats and vulnerabilities.
Security framework: Develop a BSI IT security framework that covers all relevant policies, procedures, and technical controls.
Security technologies and controls: Implement measures like firewalls, antivirus software, and access control systems.
BSI IT Grundschutz preparation and implementation: Apply the BSI IT Grundschutz compendium to ensure a high security level.
This project lays the foundation for a secure and data protection compliant IT environment.

Jul 2021 - Sep 2021

3 months

Germany

Interim Management | Consulting | IT Project Management for Data Analysis

Condor

Topics: Data Governance, Data Protection, Data Access, Data Management, Stakeholder Management
The goal of this project is to develop and optimize the "My Account" section of an airline to provide a user-friendly, secure, and personalized online customer experience. By conducting a thorough needs analysis, considering industry standards, and creating a customer-focused concept, we aim to add value for users. Technical implementation and meeting security standards are key focus areas.
Understand user needs through customer and stakeholder interviews.
Identify best practices and differentiation opportunities through competitive analysis.
Develop a detailed, user-centered concept for the "My Account" section.
Advise and support technical implementation of the concept.
Ensure compliance with data protection rules and security standards.
Needs analysis: Conduct interviews with customers and stakeholders to determine desired features and information in the "My Account" section.
Competitive analysis: Study other airlines' "My Account" sections to find best practices and potential differentiation areas.
Concept design: Create a detailed concept based on the needs and competitive analysis, focusing on user needs.
Technical advice: Support technical teams in selecting technologies and designing user interfaces for an intuitive and efficient user experience.
Security advice: Advise on implementing data protection and security standards to keep customer data safe in the "My Account" section.
This project aims to make the "My Account" section a central part of the customer experience by offering direct, secure, and personalized access to necessary information and services. Combining user focus, technical expertise, and a strong security focus creates a competitive advantage that boosts customer satisfaction and loyalty, all while respecting data protection.

Mar 2021 - Oct 2021

8 months

Wollerau, Switzerland

Interim Management | Consulting | IT Project Management for Data Strategy for an eCommerce Platform

R&D Vorwerk International

Topics: Data Governance, Data Protection, Data Access, Data Management, Stakeholder Management
This project includes a detailed analysis of the current subscription platform to fully understand the technologies, data structures, and existing data protection mechanisms. The goal is to plan and carry out a migration to a new subscription platform with special attention to data protection requirements. This includes identifying specific migration needs, selecting a suitable target platform for its data protection features, and implementing the migration followed by data validation.
Analyze the current subscription platform to determine technologies, data structures, and data protection mechanisms.
Identify specific migration requirements with a focus on data protection.
Develop a detailed migration plan to protect customer data.
Select and evaluate a target platform based on its ability to meet data protection requirements.
Advise on data protection best practices during and after migration.
Monitor the migration to ensure compliance with data protection regulations.
Conduct data validation to prevent data loss or breaches.
Current platform analysis: Perform a thorough review of the existing subscription platform to deeply understand the system landscape.
Requirements gathering: Identify specific migration needs, especially for data protection, by working closely with stakeholders.
Migration planning: Create a detailed migration plan that minimizes risk to customer data and complies with all relevant data protection laws.
Target platform selection: Help choose the best target platform, including a thorough assessment of its data protection and security features.
Data protection advice: Provide expertise on best practices in data protection to ensure a secure migration.
Migration implementation: Monitor the migration process to ensure it follows the plan and data protection rules.
Data validation: Conduct comprehensive data checks before, during, and after migration to guarantee data integrity and protection.
This project ensures the subscription platform migration fully complies with data protection rules, with customer data security and privacy as top priorities. Careful planning, choosing the right target platform, and ongoing migration monitoring minimize risks and ensure compliance with current and future data protection requirements.

Jan 2021 - Feb 2021

2 months

Germany

Interim Management | Consulting | IT Project Management for Data Analysis

Aldi International

ALDI Pay --> Concept for introducing an ALDI Pay credit card
Project was discontinued

Nov 2020 - Jun 2021

8 months

Germany

Interim Management | Consulting | IT Project Management for Information Security & Data Protection for the eCommerce platform

Volkswagen Group Germany

Topics: Data Governance, Data Protection, Data Access, Data Management, Stakeholder Management, Metadata, Information Security
This project focuses on the design and implementation of IT governance and compliance processes for the Volkswagen Group’s eCommerce platform "ONE.SHOP". The goal is to create a comprehensive compliance framework that meets the requirements of the GDPR, FOSS (Free and Open Source Software) and IT security. Core elements include developing IT security measures, modeling data protection processes and implementing data deletion concepts.
Establishment of data governance and compliance processes, including approval workflows.
Ensuring IT information security according to the IT baseline protection standard and conducting penetration tests.
Implementation of GDPR-compliant IT system documentation for the eCommerce platform "ONE.SHOP".
Modeling data protection processes for transparency and compliance.
Creation and implementation of data deletion concepts according to the GDPR and legal retention periods.
Design of data governance and compliance processes: developing procedures to ensure compliance with the GDPR, FOSS and IT security standards. Setting up approval workflows for new and existing features of the eCommerce platform.
Information security measures: implementing security measures according to the IT baseline protection standard, including carrying out penetration tests to identify and fix security gaps.
GDPR-compliant IT system documentation: developing and implementing documentation that meets the GDPR requirements and provides clear records of data processing activities.
Modeling data protection processes: using ARIS or VISIO-BPMN to visualize and model relevant data protection processes to ensure compliance and transparency.
Creation of data deletion concepts: developing concepts for data deletion that meet legal retention requirements. This includes identifying data categories and analyzing data flows.
Implementation of data deletion specifications: coordinating the technical and procedural implementation of deletion requirements in the IT systems and business processes of the eCommerce platform.

Apr 2019 - Nov 2020

1 year 8 months

Munich, Germany

Interim Management | Consulting | IT Project Management for Data Protection & Information Security

MEAG Munich Ergo Asset Management

Topics: Data Governance, Data Protection, Data Access, Data Management, Stakeholder Management, ISMS, ISO 27001, NIST, Compliance, Archiving
This project focuses on improving IT information security and achieving GDPR compliance in a company’s SAP and non-SAP systems. It includes building and integrating an Information Security Management System (ISMS), capturing ISMS-related measures, checking software and hardware compliance, creating data flow analyses and implementing archiving and deletion concepts. Additionally, the project covers support for KRITIS (critical infrastructures) topics, analyzing applications for GDPR compliance and designing and implementing archiving and deletion packages in SAP BW systems.
Establishment of a robust Information Security Management System (ISMS).
Ensuring IT security and GDPR compliance in SAP and non-SAP systems.
Conducting data flow analyses and controls to meet documented guidelines.
Implementation of archiving and deletion concepts, especially for SAP systems.
Support for handling KRITIS-relevant security topics.
Ensuring data protection compliance in the use and archiving of data.
Building an ISMS: integrating and further developing an ISMS, including capturing and implementing IT security measures.
Implementing GDPR-compliant processes: introducing and reviewing processes to ensure GDPR compliance in SAP and non-SAP systems.
Software and hardware compliance checks: reviewing and ensuring that all used software and hardware components meet established guidelines.
Creating data flow analyses: performing analyses for SaaS and business process outsourcing services to identify data flows and ensure they meet privacy requirements.
Implementation of archiving solutions: using solutions like OpenText for archiving in SAP modules (BW/FI/CO/REFX) and complying with GDPR-SAP ILM guidelines.
Test management for blocking and anonymization concepts: developing and implementing concepts for blocking and anonymizing personal data in SAP systems, especially REFX, SAP BW and ERP.
Support for KRITIS topics: advising and supporting implementation to ensure information security in critical infrastructures.
GDPR compliance analyses: analyzing applications for their consistency with GDPR and deriving necessary measures.
Archiving and deletion in SAP BW systems: designing and implementing packages for archiving and targeted deletion of data in SAP BW systems to meet GDPR requirements.
Through this project, the company is empowered to maintain a high level of IT security and data protection compliance across its SAP and non-SAP system landscape. The introduction of an ISMS, the implementation of archiving and deletion concepts, and the ongoing review and adjustment of IT security and data protection processes help minimize the risk of data breaches and effectively meet compliance requirements.

Dec 2017 - Feb 2019

1 year 3 months

Germany

Interim Management | Consulting | IT Project Management for Online Shop Rollout in Switzerland & Spain

Media Markt Saturn Germany

Topics: Data Governance, Data Protection, Stakeholder Management, Migration
The project includes planning, development and rollout of an e-commerce platform, including migrating existing data from Switzerland and Spain to the cloud and redesigning the MyAccount section. It involves coordinating internal teams and external partners, risk management, quality assurance, training employees and partners, and monitoring platform performance. Integrating a payment service provider and ensuring efficient data flow are also part of the project.
Developing a detailed timeline and project plan for the e-commerce platform rollout.
Ensuring seamless platform integration and functionality by collaborating with internal teams and external partners.
Minimizing risks and challenges in the rollout process.
Conducting thorough tests to ensure platform quality and functionality.
Organizing training for employees and external partners to support platform adoption.
Monitoring and improving platform performance after the rollout.
Migrating data to the cloud and integrating a payment service provider to optimize data flow and processes.
Project planning: creating a comprehensive timeline and project plan, identifying milestones and resources.
Coordination and collaboration: close alignment with development, marketing, sales, customer service and logistics as well as external partners like IT service providers, payment providers and logistics companies.
Risk management: analyzing potential risks and developing strategies for mitigation.
Quality assurance: performing platform tests to ensure stability and functionality before go-live.
Training and organization: preparing and conducting training for all relevant stakeholders to ensure effective platform use.
Performance monitoring: continuously monitoring platform performance to enhance user experience and business results.
Data migration: transferring existing data from Switzerland and Spain to the cloud for centralized data storage and processing.
Payment service integration: integrating a payment service provider to handle transactions and improve payment processes.
Optimizing data flows and processes: developing and implementing efficient data flows and processes to support business operations.
By successfully implementing this project, a powerful e-commerce platform is established, offering an efficient and user-friendly online shopping experience. Careful planning and execution, close collaboration with all stakeholders and continuous platform optimization help achieve the company’s goals and ensure long-term business success.

Oct 2017 - Dec 2017

3 months

Germany

Interim Management | Consulting | IT Project Management for App Rollout

Deutschlandcard - Bertelsmann

Analysis, design and project planning
Business strategy and goal setting
Technology selection
Budget and resource planning
Requirements analysis
Process modeling
Data analysis

Jul 2017 - Sep 2017

3 months

Germany

Interim Management | Consulting | IT Project Management for the Digital Freight Transport Scheduling Process

Deutsche Bahn Next Digital Lab

Digital transformation --> Future Concept
Analysis & concept design for digitizing freight transport in Germany

Feb 2016 - Apr 2016

3 months

Germany

Interim Management | Consulting | IT Project Management for eCommerce Portal

Ergo Insurance

Functional support in expanding the IT customer portal in registration and authentication; self-service features such as contract data display, contract services, claims service and case tracking; customer-focused offerings; boosting user numbers through incentives and advertising; mobile services.
Supporting program leadership in steering the program

Jul 2015 - Dec 2015

6 months

Germany

Interim Management | Consulting | IT Project Management for Receivables Management Concept Design

Deutsche Bahn

Analysis and planning of an IT marketing concept in the area of receivables management (subscription model)

Dec 2014 - May 2015

6 months

Germany

Interim Management | Consulting | IT Project Management for eCommerce Portal

Verivox

Analysis, planning, support, execution and rollout of the online banking channel on the online platform.

Apr 2014 - Jun 2014

3 months

Germany

Interim Management | Consulting | IT Project Management for the Rollout of the American Express Credit Card

Payback Germany

Planning, support, execution and launch of the PAYBACK American Express credit card for PAYBACK, dm drugstore and Kaufhof

Industry Experience

See where this freelancer has spent most of their professional time.

Experienced in Information Technology, Professional Services, Banking and Finance, Retail, Energy, and Government and Administration.

Information Technology

Professional Services

Banking and Finance

Retail

Energy

Government and Administration

Business Area Experience

See which departments and functions this freelancer has contributed to most.

Experienced in Information Technology, Project Management, Business Intelligence, Legal, Strategy, and Quality Assurance.

Information Technology

Project Management

Business Intelligence

Legal

Strategy

Quality Assurance

Summary

Shaping governance – bridging business, IT and regulation.

Patrick Upmann integrates economic, technical and regulatory perspectives and challenges into actionable governance structures. He supports companies in translating complex EU regulations – such as the AI Act, Data Act, DORA, NIS2 and GDPR – into measurable, auditable governance and accountability frameworks. With over 25 years of experience in data governance, compliance and governance, he develops integrated structures that connect data, AI and resilience in one system – strategically, regulatorily and practically implementable.

Focus: He turns regulatory complexity into clear accountability systems, data-driven processes and trustworthy AI structures.

Systemic governance – the connection of data, AI and resilience.

Companies face a new reality in 2026: DORA, NIS2, EU AI Act, Data Act and GDPR will not stand alone – they form an integrated governance system. Data governance lays the foundation: data quality, ownership and control processes. DORA and NIS2 ensure resilience and IT continuity, on which critical data and AI processes depend. The EU AI Act builds on these structures and requires demonstrable accountability, risk management and model transparency.

He designs governance architectures and implementation programs that strategically connect and operationally anchor these regulatory pillars – from the data foundation through resilience structures to responsible artificial intelligence. He supports organizations holistically – from strategic design through practical implementation to awareness training and cultural embedding. The result: sustainable compliance, measurable responsibilities and trust in data-driven systems.

Customer benefits

He offers companies clear guidance and effective risk avoidance in an increasingly complex regulatory environment – with the strategic foresight and hands-on mentality that really drive governance projects forward. As a bridge between business, IT and regulation, he combines strategy with execution and translates governance requirements into scalable technical and organizational structures. By integrating relevant regulations and standards, a unified governance system emerges instead of isolated measures – efficient, measurable and compatible with existing systems. This way, companies achieve visible progress in a short time, reduce audit and reputation risks, and gain sustainable control, trust and competitive strength.

Positioning

He develops governance structures that connect data, artificial intelligence and resilience – turning compliance into a real competitive advantage. In doing so, he integrates the requirements from the EU AI Act, Data Act, DORA, NIS2 and GDPR into organizational and technical control models, including AI risk assessments, model inventories and AI governance office design. Companies hire him when they need clear responsibilities, sustainable compliance and governance security – at the interfaces of business, IT and regulation.

Skills

Core Competence**
Isms
Iso 27001/42001
Bsi It Baseline Protection
Nis1 Basic Requirements
Nis2 Control Frameworks
Eu Ai Act
Data Act
Data Governance Act
Data-governance-frameworks
Role Models
Asset Management
Gdpr
Dora
Nis2
Critical Infrastructure
Policy-design & Regulatory Mapping
Ai Accountability
Explainability
Audit & Compliance Readiness
Ai Risk Management
Data Protection By Design
Ai Ethics
Operational Resilience
Incident & Crisis Response
Third-party Risk
Dora Testing
Nis2 Reporting (24h/72h/final Report)
Data Ownership
Data Quality
Lifecycle Logging
Business Continuity
Supplier & Third-party Security
Management
Operating Model & Stewardship
Industry Expertise – Finance & Insurance**
Nis1/bsi Baseline Protection Basic Requirements
Isms
Ict-risk
Dora-readiness
Data Governance
Operational-resilience-frameworks
Third-party Risk
Industry Expertise – Energy**
Data Governance
Consent Management
Ai Readiness
Nis2-governance
Critical-infrastructure-compliance
Industry Expertise – Automotive & Mobility**
Eu Data Act
In-vehicle Data
Ai Governance
Data-act-compliance
Usage Control
Industry Expertise – Retail & E-commerce**
Sap Data Governance
Reporting
Data Quality
Consent Automation
Ai Transparency
Industry Expertise – Public Sector / Critical Infrastructures**
Bsi
Nis2
Resilience Programs
Digital Resilience
Nis2-implementation Support
Public-sector Governance
Ai Governance Implementation According To Eu Ai Act And Data Governance Act
Consulting For Authorities & Regulators
Competency Areas – Governance & Regulation**
Eu Ai Act
Data Act
Data Governance Act
Gdpr
Dora
Nis2
Iso 27001/42001
Ai Office Governance Register
Competency Areas – Architecture & Organization**
Governance Operating Models
Raci
Policy Design
Audit & Control
Process Alignment
Governance Implementation & Change Enablement
Setting Up Ai Governance Offices & Committee Structures (Ai Governance Board, Risk Committees, Reporting To Executive Board/supervisory Board)
Competency Areas – Data & Ai**
Data Catalogs
Data Lineage
Data Quality Management
Ai Accountability
Explainability
Ethical Ai
Ai Risk & Impact Assessments (Including Ai And Fundamental Rights Impact Assessments)
Ai Model Inventory & Lifecycle Governance (Documentation, Registry, Monitoring, Bias/fairness Checks)
Competency Areas – Security & Resilience**
Isms
Bsi It Baseline Protection
Operational Resilience
Incident Response
Business Continuity
Third-party Risk
Regulatory Reporting Processes (Dora/nis2 Reporting Channels) & Integration Into Isms/operational Resilience
Competency Areas – Technologies & Tools**
Sap S/4hana
Sap Ilm
M365 Compliance
Snowflake
Power Bi
Databricks
Servicenow Grc
Onetrust
Colibra
Atlan
Atlassian
Mlflow
Azure Ai Governance
Vertex Ai Governance
Keycloak
Hashicorp Vault
Dirx (Iam)
Saml (Sso)

Languages

German

Advanced

Statistics

Experience

Total positions 20

Experience in Information Technology 3 y

Avg length 6 m

Longest experience 1 y 11 m

Global Experience

Countries worked in 2 (Germany, Switzerland)

Primary country Germany

Expertise

Main industries Information Technology, Professional Services, Banking and Finance

Main business areas Information Technology, Project Management, Business Intelligence

Profile

Created

January 2024

Last Update

March 2026

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Do you have questions? Here you can find further information.

Where is Patrick based?

Patrick is based in Grasbrunn, Germany.

What languages does Patrick speak?

Patrick speaks the following languages: German (Advanced).

How many years of experience does Patrick have?

Patrick has at least 8 years of experience. During this time, Patrick has worked in at least 18 different roles and for 18 different companies. The average length of individual experience is 5 months. Note that Patrick may not have shared all experience and actually has more experience.

What roles would Patrick be best suited for?

What is Patrick's latest experience?

Patrick's most recent position is Interim Management | Consulting & Implementation | Data Deletion in SAP at BSR (Berliner Stadtreinigung).

What companies has Patrick worked for in recent years?

In recent years, Patrick has worked for BSR (Berliner Stadtreinigung), E.ON Germany, Volkswagen Group Germany, Al Governance Network (AIGN), and Viridium Group.

Which industries is Patrick most experienced in?

Patrick is most experienced in industries like Information Technology, Professional Services, and Banking and Finance. Patrick also has some experience in Retail, Energy, and Automotive.

Which business areas is Patrick most experienced in?

Patrick is most experienced in business areas like Information Technology, Project Management, and Business Intelligence. Patrick also has some experience in Legal, Quality Assurance, and Strategy.

Which industries has Patrick worked in recently?

Patrick has recently worked in industries like Information Technology, Professional Services, and Energy.

Which business areas has Patrick worked in recently?

Patrick has recently worked in business areas like Information Technology, Project Management, and Legal.

What is the availability of Patrick?

Patrick will be available full-time from April 2026.

What is the rate of Patrick?

Patrick's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.