Data Protection Consulting & Data Protection Outsourcing by a data protection officer

Data protection management as part of the corporate strategy
Data protection is an important topic for every enterprise, but unfortunately, many companies do not take it serious enough. The EU data protection ordinance allows for severe sanctions in case of offenses against the data protection. Our IT management consultancy supports our medium-sized customers in establishing a data protection management and integrating it into the IT strategy and the corporate strategy in order to minimize the risks for the company and increase the efficiency of the company. Data protection management does not only contain a data protection notice on the website, articles regarding the data protection in contracts or a data protection officer once the enterprise has gained a certain size. Aside from these measures, data protection also contains the knowledge of the existing standards, their analysis and the deduction of appropriate measures. Data protection processes also need to be active instead of reactive, so that companies will permanently increase their efficiency and simultaneously decrease their risk.

Our IT consulting supports our customers in the enforcement of data protection, especially by:

• Consulting and information on the company arrangements of the Federal Data Protection Act (BDSG)
• Providing an external data protection officer – outsourcing of the data protection (BDSG)
• Determining the role, position and duties of the data protection officer
•  Regulations for the cooperation of the data protection officer with the business management and the employee representation
• Definition of the need for action and recommendations for improving the data protection in the company
• Developing a structured action plan for a methodical realization of the necessary data protection measures in the company, especially
• Technical and organizational measures (entry surveillance, equipment access control, access authority supervision, transfer control, input control, order control and availability control as well as separation rule)
• Create internal and public registers of processing information
• Prior checking including documentation
• Information and training of the supervisors in the IT department, human resources department, marketing department and in the customer service
• Information and training of the employees

Minimize the risk of sanctions by knowing the data protection specifications
The new EU data protection specifications allows for severe sanctions in case the data protection is violated. Therefore, it is important for companies to know the data protection specifications, also those in the Federal Data Protection Act. This is not always easy because they are often changed and extended. Out IT consultancy keeps our customers up-to-date and informs them of changes and new rules so that they are always up-to-date and able to implement the rules.

External data protection officer to ensure the implementation of the data protection specifications
Company surely know the term data protection officer, but his exact duties, his position in the company and how far the cooperation with the business management and as the case may be with the employee representation may bring up many questions. Out IT management consultancy specifies the role, the position and the duties of the data protection officer to our customers. If necessary, we will also provide our customers with an external data protection officer from our consultancy.

Data protection audits and recommendations for a structured data protection management
Some companies already took data protection measure and do not know how to implement further measures. Our IT management consultancy firstly checks which data protection measures have already been taken and afterwards offers recommendations for the improvement of the data protection. By request, we also develop a structured action plan for realizing the necessary date protection measures. These measures especially contain technical and organizational measures (entry surveillance, equipment access control, access authority supervision, transfer control, input control, order control and availability control as well as separation rule), drawing up public or internal registers of processing information, prior checkings including documentation, e. g. in order to check new computer programs, as well as information and training of supervisors and employees, especially in the IT department, human resources department, marketing department and customer service.