Data protection and data security are topics that affect all business processes and in the past decade they have become immensely important for the success of companies due to increasing digitalization. No company today can continue to work with a lack of or inadequate technical and organizational measures for data protection and data security. The damage that can be caused in IT systems and data rooms by malware, spyware and other infiltration is too great. Similarly, the potential fines that can be imposed for data protection and data security violations – at up to EUR 20 million or up to 4% of global annual sales – are too high for this compliance issue to be ignored. In addition to all of this, the data subjects may also claim damages.
We advise and represent you with regard to all questions of data protection and data security and prepare your company or project in accordance with the EU General Data Protection Regulation [GDPR] and the German Federal Data Protection Act [BDSG] as well as the relevant subsidiary laws.
Our services are characterized by a practical and solution-oriented approach. Good data protection solutions are not a bureaucratic hassle, but rather they offer your company functional added value while taking your business model and IT structures into account. There is a standard process for achieving GDPR Compliance, but there are no standard documents or standard packages. As different as every company tends to be, so different are their data handling procedures and thus the requirements to be fulfilled. In this standard process we first analyze your company and thus your data handling procedures. On this basis we prepare the record of processing activities within the meaning of Article 30 of the General Data Protection Regulation [GDPR]; this simultaneously serves as a data protection dashboard and thus forms the basis of your data protection management. Based on this we create all of the necessary documents and processes, including, for example, organizational measures such as IT guidelines, information on data processing for employees or customers or processes in the case of data breaches.
Of course, we are not only at your disposal for the complete compliance process, but also for individual questions and projects. For example, we would be happy to prepare information on data processing (“data protection declarations”), order processing or joint control agreements, review your data transfers within the company or to other third parties, prepare organizational measures such as IT guidelines or works agreements, analyze the security of your data processing or prepare a data protection impact assessment, for example with regard to a planned introduction of software.
We will also be there to assist you should a claim for information under data protection law or a claim for damages be asserted against you, or a fine or other official measure be imposed upon you. When it comes to official and legal proceedings we define the desired aims together with you and, taking these into consideration, develop the strategies with which we can achieve the desired aims in the most efficient and effective manner.