Data protectionals Leitbild für guten Umgang mit Daten
The topic of data protection has become increasingly present in the public discussion in recent years due to the European General Data Protection Regulation (GDPR), which came into force in 2018. Since May 2018 all companies have had to ensure compliance, otherwise they face penalties. However, compliance with data protection is not just a legal requirement, but has also increasingly become a demand that customers and cooperation partners place on companies. A good data protection concept therefore also offers clear competitive advantages.
To ensure data protection, companies, associations and other institutions are legally obliged to appoint a data protection officer under certain conditions – for example, if more than nine people in a company regularly and automatically process or use personal data.
This could be
- be an in-house data protection officer who knows the company and its processes or
- an external data protection officer who, due to his neutral position, has no conflicts of interest.
We train and advise you or your data protection officer – or take over the legal tasks as external data protection officer for your company – expertly and reliably. Because we are DEKRA-certified “data protection specialists” with many years of experience.
Training as a Data Protection Officer
High demands are placed on company data protection officers. In addition to personal reliability, the legislator has established expertise in data protection as another requirement for the appointment as data protection officer.
These requirements were defined in more detail in the so-called Ulm judgement. They form the basis for the training we provide to become a certified company data protection officer. In addition to the legal requirements, this detailed and practical seminar focuses on IT security and the practical implementation of tasks.
Following this seminar, you can take a DEKRA examination to become a “DEKRA certified specialist for data protection”. Participation is optional and connected to a DEKRA examination fee of € 200. The examination fee is charged directly by DEKRA.
Ulm judgement (Ref.: 5T 153/90-01 LG Ulm)
The judges noted that high demands are placed on expertise in particular. In detail, they stated that data protection officers should be computer experts and well-versed in the application of the provisions of the federal and state data protection laws and all other legislation relating to data protection.
External data protection officer
You want to meet the legal requirements, but no one in your team has the capacity to in addition to their duties familiarise themselves with this specialist field, stay up to date and immediately react to changes? Then hire us as your external data protection officer. We take on the same tasks as an in-house data protection officer – but you draw on our expertise and legal skills in the areas of data protection, competition, labour and contract law, as well as our experience in technical implementation. The neutral view from outside and the conflicts-free performance are further advantages.
As your service provider, we undertake all tasks to meet the legal requirements – with as little effort as possible for your company. Our tried and tested approach:
1. DATA PROTECTION CHECK
First of all, we collect the relevant information on data protection during personal appointments at your premises and analyse the implementation and effectiveness of the current data protection in your company.
2. DATA PROTECTION CONCEPT
Based on the data protection check, we create a data protection concept for your company. It contains important organizational guidelines that must be considered when dealing with personal data. This means that your employees always have access to concrete information on data protection.
3. COMPANY AGREEMENTS
We examine existing company agreements or service instructions regarding their data protection aspects. If important company agreements are missing, such as regulations on dealing with private e-mail or internet use, we will prepare appropriate formulation proposals for you.
We provide the legally required documentation of data protection in your company. To this end, we record the processes and procedures in which personal data are being processed or used in the register of processing activities.
5. EMPLOYEE TRAINING
An important element when it comes to data protection is the staff. The strengths of professional data protection management become apparent in the concrete implementation of the requirements from the data protection concept. Employees are regularly made aware of practical requirements in their working life by means of e-learning.
6. IT SECURITY
Without sufficient IT security, data protection within a company cannot be guaranteed. We will show you the necessary measures, customized to your company and economically appropriate, to protect your data from loss and unauthorized use.
Your company has already appointed a company data protection officer, but with specific issues he is unsure whether he interprets the legal situation correctly, whether the documentation is complete and what risks exist for the company? We advise or train your employees individually according to the requirements of your company. Supporting your in-house data protection officer provides the following advantages for your company:
- the know-how of the external consultant is transferred to the company,
- the in-house data protection officer can make use of the templates provided by the external consultant,
- there is no long-term commitment to an external service provider,
- sensitive data stays within the company and
- the company data protection officer is given a neutral contact person for his or her questions.
74% of the companies rate legal uncertainty as one of the biggest challenges in implementing the GDPR (source: Statista 2021).
So do we – but with each judgement this uncertainty diminishes. We keep an eye on all developments and are always up to date.
FAQ – Data protection within the company
How do I begin launch data protection within the company?
In order to implement the GDPR, it is important to have an overview of the data processing operations. So you should know where data is stored in your company.
When do I need a data protection officer?
In Germany, companies with at least 20 employees processing personal data must appoint a data protection officer.
Which employees count towards the obligation to appoint a data protection officer?
Not only the human resources staff or the accounting department, which change data records, count as being involved with data processing. The retrieval of information must also be counted as processing. This for example also applies to processing by sales or marketing.
To be on the safe side, all employees with access to an e-mail box should be included in the count.
Who may I appoint as data protection officer?
The requirements for the data protection officer are formulated in the General Data Protection Regulation. The person should have both
- and organisational