Data protection in business practice
Today, all important company data is stored and made available in electronic form. For this reason, a strategy for protecting personal data and other business-critical data is imperative. A loss of data or a breach of data protection can lead to an irreparable loss of confidence among customers, business partners, investors and employees, regardless of the size of the company. In addition, a company loses money and its image and reputation are permanently damaged by a data breach.
Our service portfolio
- GAP analysis data protection
- external corporate data protection officer
- Notification of data protection violations to the data protection supervisory authority (within 72 hours’ deadline!)
- Directory of processing activities
- Security of data processing
- Order processing (including cloud computing)
- Data transfer to non-EU countries
- Exercising of information rights
- Data Protection Impact Assessments – (DPIA)
- Creating deletion concepts and much more.
The responsibility for data protection within the company lies with the company management. This company management is obliged to appoint a data protection officer if at least twenty employees process personal data. Personal data is any information relating to an identified or identifiable natural person. This includes employee data, as well as data from customers, suppliers and interested parties. These may be: Name, address, location data, online identification, genetic data, diseases, economic data, income, denomination, association membership, labour law assessments, account data, etc.
The most frequent data protection incidents are caused unconsciously or unintentionally by employees. Examples include the loss of company laptops or unencrypted data carriers, unintentional installation of malware through cyber attacks and the use of systems not authorised within the company, such as WhatsApp and others, which lead to the loss of confidentiality of company data.
We sensitize your employees in face-to-face or online training sessions and give you recommendations on how to ensure confidentiality, integrity, availability and authenticity in your company. Training employees leads to a higher level of protection for all important company data and trade secrets.
Liability risk data protection
If the managing directors and board members do not comply with this obligation, they assume a high liability risk and have to pay for any resulting damages. The liability risks result from the European General Data Protection Regulation – GDPR and can be subject to a fine of up to €20 million or 4% of the worldwide annual turnover for violations. Examples include: the absence of a data protection officer in the company, the failure to report reportable data protection violations, the illegal transfer to a third country, violations of the principles for processing personal data and the rights of data subjects. In the event of serious violations, a prison sentence is possible and claims for intangible damages are to be expected.
Competence through specialisation
In many consulting firms, the following principle still applies: “Every consultant can do everything”. It’s different with us. This specialization has meanwhile led to a nationally and internationally recognized expertise, which is reflected in invitations to lectures and webcasts.
Added value for companies
- long-term practical experience
- avoidance of conflicts of interest
- pragmatic recommendations for action
- cost advantage over internal solutions
- data protection as a competitive advantage
- image gain
- reduction of liability and re-payment risks
- entry into digitization.