General Data Protection Regulation (EU GDPR)
With the introduction of the EU General Data Protection Regulation (EU GDPR) in 2018, the topic of data protection has undoubtedly once again become much more important for businesses.
By now, it is widely known that non-compliance with the EU GDPR can result in very severe fines being imposed; just take a look here.
These fines can be prevented by a professional review. We therefore regularly advise our clients:
take the protection of personal data in your company seriously and rely on our expert advice, then get back to what's important to you: your day-to-day business!
We have many years of experience in the field of IT and data protection law and regularly undergo further training, so that we always keep abreast of developments in this extremely agile area of law.
The basics: data protection in your company
The data protection requirements for businesses are diverse and can sometimes be overwhelming. We assist you in implementing and monitoring all necessary measures:
- Taking stock and drawing up a list of measures regarding compliance with applicable data protection law in your company
- Establishing a permanent data protection concept for your company with the objective of implementing all requirements of the EU GDPR (data protection compliance)
- Advice and assistance on creating a record of processing activities in order to comply with your reporting obligation under the EU GDPR
- Advice and assistance on creating an erasure concept that complies with the EU GDPR
- Customised privacy policies for your company (e.g. for your website, your app or social media plugins) to comply with your information obligations pursuant to the EU GDPR
- Drawing up customised implementation proposals for the company, taking into account the EU GDPR’s risk-based approach and the accompanying national laws
- Assistance on individual business measures in the context of public relations (e.g. advertising e-mails, surveys, competitions, photographs)
- Review of contractual relationships regarding compliance with data protection law
- Review and structuring of data transfers that comply with data protection requirements in the area of international data protection
- Crisis management in the event of actual and alleged data protection infringements / handling of data leaks
- Defending warnings issued under data protection law
- Providing support and advice to the (internal) data protection officer
Preparation and review of data protection documentation
The EU GDPR imposes a wide range of requirements on the data protection organisation in your own company and on cooperation with external service providers or partners. Protect yourself with the appropriate set of agreements and guidelines for your situation!
- Data processing contracts with external service providers and review of contractual relationships regarding compliance with data protection law
- Joint controller agreements (agreement on joint responsibility for data processing)
- Legal texts required under data protection law (e.g. consent to data processing)
- Internal company guidelines on data protection
- Employee commitment to data secrecy
Data protection review and reporting
Would you like to take stock of the data protection situation in your company? We conduct internal audits in accordance with the IDW PH 9.860.1 guideline with subsequent reporting.
- Audit of the principles, procedures and measures for data protection in place in your company in accordance with the EU General Data Protection Regulation and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) in cooperation with SKN GmbH Wirtschaftsprüfungsgesellschaft