For the first time, the new German Data Protection Act, which was implemented on 23 May 2001, contains a recommendation for the realisation of data protection audits in private companies. However, a detailed structure of the data protection audits by the legislator has been lacking up to now. The majority of authors in the literature on law demand an adjustment to the already existing environmental protection audit. This working paper, therefore, introduces the idea of the environmental protection audit. Then a possible method for an adjustment of the data protection audit is shown and finally some of its alternatives are discussed.