Data protection law
On 25 May 2018, the European Basic Data Protection Regulation (DSGVO), concretised by the amended Federal Data Protection Act (BDSG new), came into force. One of the new features is that very high fines can be imposed for violations, which is why data protection is now obviously taken more seriously.
Both Attorney Nourney and Attorney Knigge are certified data protection officers (datenschutz.com Akademie).
For the above mentioned implementation of the data protection laws, we have designed a package of offers at favourable all-inclusive prices for you.
Obligation to appoint a data protection officer
The obligation to appoint a data protection officer exists in any case if there are 10 employees in your company who are constantly dealing with the automated processing of personal data. These 10 persons also include trainees, so-called “freelancers”, etc. It is true that the terms “constantly engaged in automated processing” are open to interpretation. In today’s working reality, this should at least be assumed for anyone who uses a computer in the company.
Then there are some other groups of cases. Especially if you regularly process special categories of personal data – regardless of the number of persons mentioned above – you need a data protection officer. This concerns sensitive data, such as data concerning health, sexual self-determination, trade union membership, etc.
Of course, you are free to appoint a data protection officer independently of the above-mentioned obligations.
Other obligations under the DSGVO/BDSG New
Irrespective of the appointment of a data protection officer, most companies must provide the following:
- Written commitment of employees to data protection law
- Securing technical and organisational measures for the protection of data (TOM)
- creation of an internal and external directory of processing activities (this regulates in particular which data you collect and where you store them)
- Contract with an order data processor, if you have data distributed by external companies
- Data protection and transparency declaration on your website
- consent for data processing that is not permitted without express consent
Cookies and tracking procedures
Our services in data protection law
Provision of training materials for you and your employees
Check whether you need a data protection officer
Form for the declaration of commitment of your employees/written commitment of your employees to the data protection law
Inquiry of the technical and organizational measures (TOM) in your company and subsequent consultation on the need for optimization/change
Establishment of an internal and external register of processing activities
Examination of the regularity of the contract for commissioned data processing, if you have data processed by external companies
Check whether you need explicit consent
We also offer you our services as an external data protection officer. As a data protection officer, we keep a constant eye on the legal situation and advise you on any changes.
Our services as external data protection officer
Appointment as data protection officer to the competent supervisory authority
Permanent contact person for you and your employees for questions concerning data protection
Constant monitoring and updating of data protection documents
Process for data subject rights and reporting to the supervisory authorities
Representation during inspections by the supervisory authority
Monitoring compliance with data protection in your company at regular intervals in consultation with you to ensure compliance with the requirements of data protection laws