Data protection
Companies in Germany must comply with the provisions of the European General Data Protection Regulation (DSGVO). The protection of personal data must be organized and documented in companies in order to fulfill accountability obligations.
Questions about data protection
We support you with complex questions about data protection – whether for lead acquisition, the integration of messenger services in customer and corporate communications, or the analysis of statements in social media for marketing purposes.
Establishing a data protection organization
We organize data privacy in companies and groups of companies. as a rule, the introduction and review of such a data privacy organization includes above all:
Appointment of a data protection officer and notification to the competent authority
Appointment of a data protection officer; in the case of external DPOs, conclusion of a service contract if necessary; notification to the authority
Drawing up the register of processing activities
Preparation of individual procedures for order processing, payroll and financial accounting, application procedures, order processing, etc.
Review of existing video surveillance
Recording of all internal and external cameras and drawing in site plan or building plan with viewing angle
Technical and organizational measures (TOM)
Answering a comprehensive checklist and questionnaire, then deriving the required measures
Review of consent forms
Review and create appropriate forms, especially for health data
Adoption of a privacy policy
Preparation and publication of a data protection policy containing statements by management and on measures taken, as well as employee information
Fulfillment of transparency obligations for employees, customers and suppliers
Preparation of a data protection information
Creation of order processing contracts
If personal data is processed on behalf of third parties, basic agreements must be made on the so-called commissioned processing
Definition of a process for the rights of data subjects
Preparation of a short guide on how to deal with inquiries from affected parties
Process for ongoing documentation of compliance with data protection obligations
Description of a process for dealing with security incidents, data protection impact assessments if necessary, confidentiality obligations for employees, etc.
Privacy policy
Review and adaptation of existing statements on company websites
Employee training
Training, especially of employees involved in processing operations
Inspection of critical areas
Inspection of security-relevant areas in the company such as reception, server room, network cabinet and the personnel and financial accounting departments