Data protection advisory
The main emphasis of a data protection advisory varies. The objective is to look at your individual situation and to identify the relevant subjects in your company. A lot of the GDPR conditions are similar to the conditions of the Federal Data Protection Act (FDPA) known for years in Germany.
Companies are set up differently in connection to their data protection and GDPR. Therefore, we do an individual data protection advisory for every individual company. At first, we look at your risks and identify solutions for your specific case.
A first step can be to optimize your existing processes. That is interesting for customers who already implemented processes and rules to implement GDPR. We give you an update about the differences of GDPR and FDPA. There are other customers who did nothing to implement GDPR so far. For those customers we start with an overview about the whole regulations. Together, we define your first steps to be properly positioned.
With the implementation of GDPR there is a high sensibility for the protection of personal data that never existed before. Imminent sanctions and heavy fines leaded in a high attention for data protection in the media.
We will clarify the uncertainties you have and look at your individual situation. Starting on that point we work out a determined data protection strategy. With this method you will meet legal requirements and follow your daily business at the same time.
Purpose of GDPR
With GDPR national regulations are standardized so that existing differences will be harmonized and unified. The GDPR are an European law but the regulations are important for the whole world because it is valid for every company that focuses business in Europe. The authorities do not tolerate any infraction of these policies, so it will be expensive for non-compliant companies not to do anything around GDPR. Companies should rethink their policies, structures and processes. If they have to look for a Data Protection Officer they should do so. That is the first point on that authorities see if a company did something on the context of GDPR.
Another important point is to raise awareness of employees. At first, they can be a ‘Data Object’, means that their personal data can pe processed and if a company does not do that correctly they can involve the authorities. Second, in most cases, the employee is the first contact to a company. Therefore, a data object asking for information about their personal data mostly asks an employee for that via telephone or email. Your employees should be prepared for that scenario.
Data are important nowadays. They are the basis for the daily business of a lot of companies. Through a lot of information companies know how to sell their goods and services. Companies know what you want even before you know it yourself. But because of that it is very important that the processes around data is highly secured and safe
Data Protection Officer (DPO)
The regulation provides for the appointment of a Data Protection Officer (DPO). Companies must follow the regulation if they have more than ten employees processing data on a regular basis or if they are processing sensitive data. A regular basis means for example the use of an email system.
The DPO is the main contact for all people in the company, employees and management, as well as the authorities. It is the role of the data protection officer to ensure compliance with the provisions of the GDPR and other data protection requirements. The optimization of internal processes, structures and policies as well as the provision of an in-depth training for the employees on how to deal with the GDPR are key functions of the DPO.
Special expert knowledge is required to be an DPO. Companies determine if they select an external DPO or if an employee has the qualification to be an internal DPO. Both options have advantages and disadvantages. As your external DPO we provide the required knowledge and are up to date in relation to GDPR. We support you in all aspects of GDPR and help your company getting the structures and processes compliant.
Please feel free to contact us for your individual data protection advisory.