Implementation of GDPR in your company
GDPR implementation has been an important topic for many companies since the European General Data Protection Regulation (GDPR) came into effect on 25 May 2018. The GDPR has created a uniform European data protection framework and the same data protection standards for all EU member states.
Implementation of the GDPR should be a top priority for businesses, given the high level of fines imposed for non-compliance.
Fines of over EUR 100 million have already been imposed on individual companies (including British Airways, Marriott Hotels).
We support your company in the efficient implementation of GDPR-compliant data protection management with our experienced team of lawyers, business economists and IT specialists.
Four steps to GDPR-compliant data protection management
The process for implementing a GDPR-compliant data protection management system can be roughly divided into the following steps:
- Introduction of your data protection consultant and analysis of data protection risks: Assessment of the current state through a description of the business processes relevant to data protection within the framework of the Record of Processing Activities.
- Preparation of an action plan and implementation of data protection management: Analysis of the Record of Processing Activities and development of the necessary implementation measures as well as implementation of the further GDPR data protection requirements through feasible and practical solutions (in particular Technical Organisational Measures, data processing management, data breach management, management of data subjects’ rights, etc.).
- Setting up regular training for employees.
- Continuous data protection consulting and regular status evaluations: Continuous review of implemented processes and measures, with the focus on ensuring that new and changed processes are taken into account within the framework of data protection management (e.g. by corresponding trigger points in the purchasing department and in the company’s project management).
1. Introduction of your data protection officer (DPO) / data protection consultant and analysis of data protection risks
The first step is to get to know your data protection consultant / data protection officer (depending on whether data protection consulting or the appointment of a DPO is needed). Together we assess the current data protection situation at your company. From the evaluation we derive the current status of data protection in your company and define the risks. Based on this, we define the next steps and discuss them with you.
2. Preparation of an action plan and implementation of data protection management
The “As is” analysis is the basis for a joint action plan. The aim is to implement a GDPR-compliant data protection management system for your company with orderly and structured measures. This allows us to achieve, among other things, the following:
- documentation and clarification of responsibilities,
- data protection-compliant work processes,
- the prerequisites for the legally compliant and timely processing of enquiries from affected persons and supervisory authorities.
- Technical Organisational Measures (TOMs),
- Record of processing activities (data controller and data processor),
- Privacy notice (website, for employees, other),
- Data protection impact assessment,
- Process for data breaches,
- Process for data subject rights,
- Management of consent,
- Management of the data processing agreements, audit of suppliers and assessment of the software used (vendor review) and
- Policies and guidelines
3. Employee training and distribution of training materials
During the implementation of your data protection management, we also train your staff. We aim to raise their awareness of safe handling of personal data in the company. The goal is to use business-relevant personal data, in particular customer data, in appropriate processes in a sustainable and data protection-compliant manner.
4. Continuous data protection consulting and regular status evaluations
Today, data protection is an essential precondition in customer relations. So, the legally compliant treatment of data is a necessity. To ensure that your data protection management is always up to date, we provide you with continuous support:
- Information on current topics and legally relevant changes in data protection
- Advice and regular status reviews
- Regular updates to your data protection management system
- Review of data processing agreements
- Communication with supervisory authorities and stakeholders
- Training opportunities
Data protection is what we do best. By delegating your data protection management to us, you save time and resources to focus on what you do best – developing and sustaining your business. Depending on your need for support, we offer 4 consulting packages for GDPR implementation in companies. Our offer combines the advantages of an external data protection officer with the advice of accredited data protection lawyers provided by the law firm Eggert & Partner Rechtsanwälte.