- Legal foundations of data protection
- Company data protection officers in practice
- IT security and data protection: Technical-organizational measures
- Dealing with the supervisory authorities
- Obligation to maintain data secrecy "Internal procedure directory" / "Public procedure directory"
- Support from company management and specialist departments
Data protection!
Tightened since May 2018
Especially in small companies, nobody likes to take time for the required data protection documentation and training. But even with a website or customer mailings, knowledge of the GDPR is essential and must be complied with.
Corporate Data Protection
Advice on the collection, processing and use of personal data
Data protection is often lumped together with data security. However, data protection is aimed exclusively at the collection, processing and use of personal data. Of course, this also places demands on data security, so the transition is often fluid. Legal obligations have existed since May 25, 2018 based on the EU General Data Protection Regulation (EU-GDPR).
The correct handling of personal data under data protection law is a MUST for EVERY entrepreneur, regardless of whether he is now is obliged to appoint an internal or external company data protection officer due to the number of employees who handle personal data (from 20 employees; in Germany since November 26, 2019) or his area of activity. Particular attention must be paid to the collection, storage, use and deletion of personal data! For example, when sending newsletters to customers and prospects of a company as well as when using video cameras to monitor entrance and work areas.
In my opinion, it is particularly important to develop an understanding of data protection in the company. Apart from the formal implementation (documentation of the processing operations, contracts for order data processing, training of employees, etc.), it is not enough to be able to present THE data protection officer. The entire workforce MUST understand what data protection is basically about and where the company or organization - i.e. a group of people - runs the risk of disregarding the GDPR rules of the game. How quickly do you seemingly simply open the door for someone in a friendly manner? Social engineering is the method by which cybercriminals often gain access to data far too quickly. Ultimately, the management remains responsible! Make your employees a human firewall.
A "data breach", i.e. the disclosure of personal data to third parties, must be reported to the relevant supervisory authority within 72 hours and communicated to those affected. Are you prepared for this in your company - also during the Christmas holidays ?!
Consulting services data protection
- Creation of guidelines on data protection (security policy)
- Advice and support in the planning and implementation of measures that are subject to prior inspection
- Development of public and internal procedures directories
- Consulting in the planning and implementation of technical and organizational measures
- Consultation in advance of data protection audits by the supervisory authority
- Accompaniment of data protection audits by the supervisory authority
- Data protection courses , independent data protection officer
Certificate of data protection
Cooperations with qualified data protection partners
Data protection goes hand in hand with data security, because it does not work without organizational and IT-technical processes and specifications. That is why I enjoy working with my selected partners in a trusting manner in this context.
- Certified as Chief Information Security Officer CISO
- Certified as ISMS specialist & ISO 27000 lead auditor
- Certified as specialist for data protection
Helpful information about data protection
I am happy to provide you with some information here to help you implement the data protection requirements. Nevertheless, the work remains to be done and the effort should not be underestimated. In my experience, companies that have implemented a quality management system according to ISO 9001 find it much easier to implement. But this certificate is not a prerequisite, on the contrary: compliance with the GDPR applies to every company.
IHK Munich | Training and lots of information
The Chamber of Commerce and Industry for Munich and Upper Bavaria (IHK Munich for short) offers good training on data protection. It also provides a lot of information and tips for entrepreneurs online - on their website as well as in online lectures - and also on data protection.
That is why I am happy to provide you with the IHK's most important link: >> www.ihk-muenchen.de/de/Service/Recht-und-Steuern/Datenschutz
Bavarian State Office for Data Protection Supervision | Checklists, messages
The
Bavarian State Office for Data Protection Supervision, based in Ansbach (short: LDA Bayern), is available to the data protection officer with advice and action. But it also checks whether and to what extent companies are implementing the requirements of the GDPR and imposes considerable penalties. Here, too, there are many checklists and templates that support the implementation of data protection. Click here for the Bavarian data protection universe: >>
www.lda.bayern.de
Further important links:
- Submit a complaint (it's that easy!)
- Report data breach (within 72 hours!)
- Report a DPO (DPO = data protection officer, DPOs appointed internally and externally must be registered here)
Frequently asked questions about data protection and data security
You have a question? I like to provide answers or I know someone who knows more.