Tel. (+49) 30-20 88 999 00 sofortdatenschutz@mip-consult.de

Implementation of GDPR in your company

The implementation of the DSGVO has been an important topic for many companies since the European General Data Protection Regulation (DSGVO) came into effect on 25 May 2018. The GDPR has created a uniform European data protection framework and the same data protection standards for all EU member states.
The implementation of the GDPR should be given top priority by companies given the high fines set for non-complience. Enough to mention fines of over 100 million EUR imposed on individual companies (British Airways, Marriott Hotels).
We support your company in the efficient implementation of a DSGVO compliant data protection management with our experienced team of lawyers, business economists and IT specialists.

Four steps to GDPR-compliant data protection management

The process for implementing DSGVO-compliant data protection management systems can be roughly divided into the following steps:

  1. Introduction of your data protection officer and analysis of data protection risks: Estimation of the current state through a description of the business processes relevant to data protection within the framework of the Record of processing activities.
  2. Preparation of an action plan and implementation of data protection management: Analysis of the Record of processing activities and development of the necessary implementation measures as well as implementation of the further DSGVO data protection requirements through feasible and practical solutions (in particular Technical-Organisational Measures, data processing management, data breach management, management of data subjects’ rights, etc.).
  3. Setting up regular trainings for employees
  4. Continuous data protection consulting and regular status evaluations Continuous review of implemented processes and measures, with the focus on ensuring that new and changed processes are taken into account within the framework of data protection management (e.g. by corresponding trigger points in the purchasing department and in the company’s project management).

1. Introduction of your data protection officer and analysis of data protection risks

The first step is to get to know your data protection officer. Together we assess the current data protection situation at your company. From here we identify your company’s current level of data protection and define the risks. Based on this, your data protection officer defines the next steps and discusses them with you.

2. Preparation of an action plan and implementation of data protection management

The As-Is analysis is the basis for a joint action plan. The aim is to implement a DSGVO-compliant data protection management system for your company with orderly and structured measures. This allows us to achieve, among other things, the following:

  • documentation and clarification of responsibilities,
  • data protection-compliant work processes,
  • the prerequisite for the legitimate and timely processing of inquiries by customers and supervisory authorities.
  1. Technical and organisational measures (TOMs),
  2. Record of processing activities (data controller and data processor),
  3. Privacy notice (website, for employees, other),
  4. Data protection impact assessment,
  5. Process for data breaches,
  6. Process for fulfilling the rights of affected persons,
  7. Management of consent forms,
  8. Management of the data processing agreements, examination of the suppliers and the used software (vendor review) and
  9. Work instructions and guidelines

3. Employee training and distribution of training materials

Parallel to the implementation of data protection management, we train the employees of your company. We want to make them fit for a safe handling of personal data in the company. The goal is to use business-relevant personal data, in particular customer data, in appropriate processes in a sustainable and data protection-compliant manner.

notizen_zur_arbeitsbesprechung
himmel_und_bürogebäude

4. Continuous data protection consulting and regular status evaluations

Today, data protection is an essential precondition in customer relations. Therefore, the legally compliant treatment of data should be a self-evident necessity. To ensure that your data protection management is always up to date, we provide you with continuous support:

  • Information on current topics and legally relevant changes in data protection
  • Advice and regular status review by your data protection officer
  • Updating the documents and processing directories of your data protection management system
  • Review of data processing agreements
  • Communication with supervisory authorities and stakeholders
  • Training opportunities

Our offer

Eggert & Partner Rechtsanwälte - logo

Data protection is what we do best. By delegating your data protection management to us, you spare time and resources to focus on what you do best – developing and sustaining your business. Depending on your need for support, we offer 4 consulting packages for the implementation of the GDPR in companies. Our offer combines the advantages of an external data protection officer with the advice of accredited lawyers. Legal advice is provided by the data protection lawyers of the law firm Eggert & Partner Rechtsanwälte.

DO YOU KNOW YOUR WAY AROUND DATA PROTECTION?

We make it our task to position your company securely and efficiently in the field of data protection. For the implementation of GDPR we offer you versatile service packages and a competent and reliable support tailored to your needs.

REQUEST CALLBACK

Request a callback

Don't like filling out long forms? Great, then let's talk! Please leave your name and telephone number - and we will call you back.
  • By submitting this form, I agree that the personal data provided within the scope of this message will be processed in a database managed under the responsibility of mip Consult GmbH exclusively for processing and answering this inquiry and that mip Consult GmbH may send me corresponding, inquiry-related information by post, e-mail or telephone. The declaration of consent can be revoked at any time in the future, for instance via written notification to mip Consult GmbH, Wilhelm-Kabus-Str. 9, 10829 Berlin or via e-mail to sofortdatenschutz@mip-consult.de. Your data will be treated confidentially and will not be passed on to third parties. Data transmission is encrypted. Further information on data protection and objection can be found at https://www.sofortdatenschutz.de/en/privacy-statement/.
  • This field is for validation purposes and should be left unchanged.