Data Protection Management
General Data Protection Regulation
The General Data Protection Regulation (GDPR) came into force on 25 May 2018. Throughout Europe, it not only applies to local companies, but also to everyone who wants to offer products and services in the EU. The aim is to regulate the protection of private individuals with regard to the processing of personal data as well as the exchange of data within the EU in a uniform manner and thus make such protection possible. As the many data protection violations in the past have clearly shown, the protection of personal data undoubtedly makes sense. The task is to implement the GDPR in the company in such a way that the data processing that’s required for business purposes can continue. At the same time, a clear signal should be sent to employees, customers and interested parties that the protection of personal data is important to the company. It is therefore our goal to configure data protection and data security in the company in a way that makes sense.
No Data Protection Without Data Security
Without IT data security, data protection is inconceivable. It’s in a company’s own interest to maintain a functioning IT system, protect sensitive data and restrict access to analyses and business data. This will ensure its capacity to work and its competitiveness. The same applies to recovering data and infrastructure, such as after a technical defect or virus attack. The same technical measures that ensure data security in the company can also protect personal data.
We support you in implementing the requirements of the GDPR
In addition to securing your company’s IT through suitable technical and organisational measures within the framework of IT management, we support you with the necessary risk assessment for processing personal data. We determine where personal data is processed, assist in drawing up the processing directory and support you in concluding the necessary contracts with your service providers if they process personal data on your behalf. On request, we also train and sensitise your employees with respect to protecting personal data and data security.
If there are more than nine people in the company who are regularly involved in processing personal data, the company must appoint a data protection officer and report this to the relevant state authority. You can appoint us as your external data protection officer. You also benefit from access to existing model contracts and model directories for processing personal data. These can be easily adapted to your individual company.
An existing management system (e.g. DIN ISO 9001, ISO 14001, ISO 27001, IATF 16949) can be extended relatively easily to a data protection management system at the necessary points as required by the General Data Protection Regulation.