Data protection

Companies in Germany must comply with the provisions of the European General Data Protection Regulation (DSGVO). The protection of personal data must be organized and documented in companies in order to fulfill accountability obligations.

Questions about data protection

We support you with complex questions about data protection – whether for lead acquisition, the integration of messenger services in customer and corporate communications, or the analysis of statements in social media for marketing purposes.

Establishing a data protection organization

We organize data privacy in companies and groups of companies. as a rule, the introduction and review of such a data privacy organization includes above all:

Appointment of a data protection officer and notification to the competent authority

Appointment of a data protection officer; in the case of external DPOs, conclusion of a service contract if necessary; notification to the authority

Drawing up the register of processing activities

Preparation of individual procedures for order processing, payroll and financial accounting, application procedures, order processing, etc.

Review of existing video surveillance

Recording of all internal and external cameras and drawing in site plan or building plan with viewing angle

Technical and organizational measures (TOM)

Answering a comprehensive checklist and questionnaire, then deriving the required measures

Review of consent forms

Review and create appropriate forms, especially for health data

Adoption of a privacy policy

Preparation and publication of a data protection policy containing statements by management and on measures taken, as well as employee information

Fulfillment of transparency obligations for employees, customers and suppliers

Preparation of a data protection information

Creation of order processing contracts

If personal data is processed on behalf of third parties, basic agreements must be made on the so-called commissioned processing

Definition of a process for the rights of data subjects

Preparation of a short guide on how to deal with inquiries from affected parties

Process for ongoing documentation of compliance with data protection obligations

Description of a process for dealing with security incidents, data protection impact assessments if necessary, confidentiality obligations for employees, etc.

Privacy policy

Review and adaptation of existing statements on company websites

Employee training

Training, especially of employees involved in processing operations

Inspection of critical areas

Inspection of security-relevant areas in the company such as reception, server room, network cabinet and the personnel and financial accounting departments

Prof. Dr. Frank Tapella

Prof. Dr. Frank Tapella>19 Beiträge