Why data protection for companies?
The development of digital technology has steadily increased the importance of data protection: Data collection, preservation, portability as well as analysis is easier today than ever before. New technologies such as the Internet, mobile phones and electronic payment methods have created a variety of areas for data collection. Personal data is collected by government agencies as well as commercial enterprises for reasons of fighting crime, marketing analysis, ensuring the solvency of clients, etc.
With the General Data Protection Regulation (GDPR), the legislatures of the European countries have wanted to create a uniform framework for data protection requirements in order to grant those affected more rights to informal self-determination.
For companies, this means that:
an "adequate level of protection" - based on the need for protection of individually stored personal data - must be determined and appropriate safeguards must be implemented. This means that a suitable data protection management system must be determined and implemented. This includes, among other things, the definition of a company's own data protection policy, associated process descriptions, e.g. for dealing with data subject enquiries or data protection incidents, as well as the development of company templates such as company directories of processing activities.
What happens if your company does not comply with the legal requirements and offers inadequate data protection?
The GDPR has imposed sanctions on the European member states for violations of data protection measures. If companies fail to comply with their obligations and implement insufficient or unsuitable technical or organisational measures or fail to assess the expected risks and their consequences or if tests and documentations are insufficient, they may face a fine of max. 20 million euros or up to a maximum of 4% of the annual turnover achieved worldwide. The company and thus the managing director, owner, board of directors, etc. are responsible for compliance with data security and the corresponding proof.
- Advice and support in setting up a data protection management system
- Assumption of the function of data protection officer
- Continuously informing and advising the responsible party on the fulfilment of its obligations
- Auditing of an implemented data protection management system according to the requirements of DIN/EN ISO 19011
- Implementation of training measures to raise awareness among employees
My competence for your company
A brief overview
- More than 15 years of experience as appointed Data Protection Officer for companies in the financial industry
- DEKRA Certified Specialist for data protection since 2018
- DEKRA Certified Data Protection Auditor in accordance with DIN EN ISO 19011 for auditing management systems
- Project experience also with data protection requirements in Switzerland and Liechtenstein
My competences as a Data Protection Officer are versatile and extensive. In addition to a sound GDPR Know-How, I incorporate extensive social and practical skills into my advice for you: I engage myself with your company to determine its individual needs. In doing so, I help you identify your risks and quantify them according to your model. Together we develop a solution that complies with the rules. During implementation, I lend a hand and ensure that we meet agreed deadlines.
For more information, feel free to read my articles in the News section.