GDPR and Information Security

externer Datenschutzbeauftragter

 

 

 

 

 

GDPR and EU-GDPR: Data Protection and Information Security with KVINNE GmbH

The General Data Protection Regulation (GDPR) and its implementation in the EU-GDPR are legal regulations that have been in effect throughout the European Union since May 2018. They govern the processing of personal data and ensure that the privacy of citizens is protected. For companies, this means a variety of new obligations that must be implemented within the framework of comprehensive data protection management.

KVINNE GmbH helps you meet all the requirements of the GDPR and EU-GDPR – all from a single source. Our focus is on data protection and information security, which we combine through an external data protection officer and an information security management system (ISMS) tailored to the GDPR.

What obligations arise from the GDPR?

The GDPR establishes clear rules for handling personal data. Companies must comply with the following obligations under the GDPR and EU-GDPR:

  1. Legal basis for data processing (Article 6 GDPR)

    • Consent (Art. 6(1)(a)): Data may only be processed if the data subject has explicitly given their consent.
    • Contract performance (Art. 6(1)(b)): Data must be processed to fulfill or prepare a contract.
    • Compliance with legal obligations (Art. 6(1)(c)): Data processing to comply with legal requirements.
    • Legitimate interests (Art. 6(1)(f)): If the legitimate interest of the company outweighs the rights of the data subject, processing may be based on this ground.

  2. Transparency obligations (Articles 13 and 14 GDPR)

    • Companies must comprehensively inform data subjects about the processing of their data.

  3. Data protection by design (Article 25 GDPR)

    • Data protection must be integrated into all processes – from the planning of new systems to the use of existing technologies.

  4. Data protection impact assessment (Article 35 GDPR)

    • For high-risk data processing, a Data Protection Impact Assessment (DPIA) is required to identify risks to the rights and freedoms of data subjects.

  5. Notification of data breaches (Article 33 GDPR)

    • In the event of a data breach, companies must notify the supervisory authority within 72 hours.

Our services as an external Data Protection Officer (DPO)

KVINNE GmbH provides you with an external Data Protection Officer who assists you in complying with all requirements of the GDPR and EU-GDPR. Our services include:

  • Data Protection Management System (DPMS)
    We develop a customized Data Protection Management System that integrates all GDPR requirements.

  • Legally compliant data processing (Article 6 GDPR)
    We review your data processing procedures and ensure they are based on a valid legal basis.

  • Record of processing activities (Article 30 GDPR)
    We create and maintain the record of processing activities, documenting all relevant data processing operations.

  • Data Protection Impact Assessment (Article 35 GDPR)
    For high-risk processing, we advise you on conducting a Data Protection Impact Assessment and support the implementation of risk mitigation measures.

  • Employee training and awareness
    We conduct regular training sessions to raise your team's awareness of data protection issues and ensure compliance.

Information security according to IEC/ISO 27001 and the requirements of the GDPR

Technical and organizational measures are a central component of the GDPR. KVINNE GmbH helps you align your IT security with the requirements of the GDPR:

  1. Technische und organisatorische Maßnahmen (TOMs) (Artikel 32 DSGVO)
    Wir implementieren technische und organisatorische Maßnahmen (TOMs), um personenbezogene Daten zu schützen. Dies umfasst Verschlüsselung, Zugriffskontrollen, Sicherheitsprotokolle und vieles mehr.

  2. ISO 27001-certified Information Security Management System (ISMS)
    The ISO 27001 is the globally recognized standard for Information Security Management Systems (ISMS). We support you in implementing an ISMS that protects your IT infrastructure and personal data while meeting the GDPR requirements.

  3. Risk management and continuous security reviews
    We provide a risk-based analysis and regular security audits to ensure that your data processing complies with the GDPR's security requirements.

Why KVINNE GmbH?

KVINNE GmbH offers you data protection and information security from a single source. With our comprehensive solutions, we ensure that your company not only complies with the requirements of the GDPR and EU-GDPR but also elevates your IT security to the highest level:

  • Legal compliance and security: We ensure the legally compliant processing of your data while protecting it from security risks.
  • ISO 27001 certification: We assist you in implementing the international standard for Information Security Management Systems (ISMS).
  • Holistic consulting: Our consultants provide you with a tailored solution for data protection and information security in one.

Contact us

Rely on data protection and information security from a single source. KVINNE GmbH supports you in implementing all requirements of the GDPR and EU-GDPR. Contact us today to optimize your data protection strategy.

Request a consultation now – your data is safe with us!

What obligations arise from the GDPR?

Since the introduction of the GDPR, many new obligations apply to companies. It is recommended to integrate these into a data protection management system within the company. The processing of personal data is only permitted if there is a legal basis.

What legal bases exist in the GDPR?

All companies process data based on contractual or pre-contractual measures. Normal business operations rely on being able to store data on this basis. These legal bases are found in Article 6(1)(b) of the GDPR.

To comply with legal obligations within the company, it is essential to transmit data to authorities/offices. This is done based on Article 6(1)(c) of the GDPR.

How must data be protected under the GDPR?

The assessment of individual requirements is conducted on a risk-based approach.
Companies must ensure the use of data protection-friendly technologies. "Data protection by default" and "data protection by design" must be integrated into the process during the development or introduction of new systems.
For particularly high-risk processing, it is necessary to conduct a Data Protection Impact Assessment. This must document the potential impact of the processing on the rights and freedoms of the data subjects.
If the Data Protection Impact Assessment indicates negative consequences for the data subjects, the supervisory authority must be consulted.
An important aspect is maintaining a record of processing activities. The external Data Protection Officers of KVINNE GmbH advise you on implementation, provide template documents, and customize them for your needs.

Information Security / IT Security according to ISO 27001:2015

Why is IT security important?

You as an entrepreneur want:

  • maintain the value of competitiveness
  • enhance your company's know-how
  • secure information about processes
  • protect customer data.

What is the goal of information security?

  • Confidentiality
  • Integrity
  • Availability

Your company data is crucial for survival and ensuring continuous growth.

What additional goals does information security pursue?

  • Authenticity and authentication
  • Commitment
  • Audit security

Do you want to enhance information security in your company?

Unsere Berater unterstützen Sie bei der Einführung der IEC/ISO 27001 und führen interne Schulungen zur Sensibilisierung Ihrer Mitarbeiter durch.

Digital consulting

We implement the requirements of the EU-GDPR and information security in a digital management system. Our consultants have experience with Confluence and Orgavision.

Digital management system

confluence
News
Contact
Links and Login
Publications
Logos: EBF, Sachsen
KVINNE GmbH Datenschutz & Digitalberatung Reviews with ekomi.de
en_USEnglish
de_DEGerman en_USEnglish