Implementation of GDPR in your company
The implementation of the DSGVO has been an important topic for many companies since the European General Data Protection Regulation (DSGVO) came into effect on 25 May 2018. The GDPR has created a uniform European data protection framework and the same data protection standards for all EU member states.
The implementation of the GDPR should be given top priority by companies given the high fines set for non-complience. Enough to mention fines of over 100 million EUR imposed on individual companies (British Airways, Marriott Hotels).
We support your company in the efficient implementation of a DSGVO compliant data protection management with our experienced team of lawyers, business economists and IT specialists.
Four steps to GDPR-compliant data protection management
The process for implementing DSGVO-compliant data protection management systems can be roughly divided into the following steps:
- Introduction of your data protection officer and analysis of data protection risks: Estimation of the current state through a description of the business processes relevant to data protection within the framework of the Record of processing activities.
- Preparation of an action plan and implementation of data protection management: Analysis of the Record of processing activities and development of the necessary implementation measures as well as implementation of the further DSGVO data protection requirements through feasible and practical solutions (in particular Technical-Organisational Measures, data processing management, data breach management, management of data subjects’ rights, etc.).
- Setting up regular trainings for employees
- Continuous data protection consulting and regular status evaluations Continuous review of implemented processes and measures, with the focus on ensuring that new and changed processes are taken into account within the framework of data protection management (e.g. by corresponding trigger points in the purchasing department and in the company’s project management).
1. Introduction of your data protection officer and analysis of data protection risks
The first step is to get to know your data protection officer. Together we assess the current data protection situation at your company. From here we identify your company’s current level of data protection and define the risks. Based on this, your data protection officer defines the next steps and discusses them with you.
2. Preparation of an action plan and implementation of data protection management
The As-Is analysis is the basis for a joint action plan. The aim is to implement a DSGVO-compliant data protection management system for your company with orderly and structured measures. This allows us to achieve, among other things, the following:
- documentation and clarification of responsibilities,
- data protection-compliant work processes,
- the prerequisite for the legitimate and timely processing of inquiries by customers and supervisory authorities.
- Technical and organisational measures (TOMs),
- Record of processing activities (data controller and data processor),
- Privacy notice (website, for employees, other),
- Data protection impact assessment,
- Process for data breaches,
- Process for fulfilling the rights of affected persons,
- Management of consent forms,
- Management of the data processing agreements, examination of the suppliers and the used software (vendor review) and
- Work instructions and guidelines
3. Employee training and distribution of training materials
Parallel to the implementation of data protection management, we train the employees of your company. We want to make them fit for a safe handling of personal data in the company. The goal is to use business-relevant personal data, in particular customer data, in appropriate processes in a sustainable and data protection-compliant manner.
4. Continuous data protection consulting and regular status evaluations
Today, data protection is an essential precondition in customer relations. Therefore, the legally compliant treatment of data should be a self-evident necessity. To ensure that your data protection management is always up to date, we provide you with continuous support:
- Information on current topics and legally relevant changes in data protection
- Advice and regular status review by your data protection officer
- Updating the documents and processing directories of your data protection management system
- Review of data processing agreements
- Communication with supervisory authorities and stakeholders
- Training opportunities
Data protection is what we do best. By delegating your data protection management to us, you spare time and resources to focus on what you do best – developing and sustaining your business. Depending on your need for support, we offer 4 consulting packages for the implementation of the GDPR in companies. Our offer combines the advantages of an external data protection officer with the advice of accredited lawyers. Legal advice is provided by the data protection lawyers of the law firm Eggert & Partner Rechtsanwälte.
DO YOU KNOW YOUR WAY AROUND DATA PROTECTION?
We make it our task to position your company securely and efficiently in the field of data protection. For the implementation of GDPR we offer you versatile service packages and a competent and reliable support tailored to your needs.