Procedure

Ready for EU DSGVO

EU DSGVO

The keywords described are ones you've surely heard often in the press and from your partners. At first glance, implementing them may seem quite clear and simple. But the more you delve into the topic, the more you realize: “The devil is in the details.”

In addition to many false claims, we help you distinguish what is truly important for you.

Using a clear “guiding thread,” we safely guide you through the jungle of information.

What priorities are there in the implementation of the EU GDPR?

To determine which measures need to be implemented first, we, as an external data protection officer, will arrange a separate appointment with you. At this initial meeting, called the “basic check,” employees from the marketing, IT, human resources, accounting departments, and of course company management should be available.

Based on the company structure, the IT system landscape, and the various processes within the company, all requirements are classified according to their level of implementation. You will subsequently receive an overall overview of the positive and negative findings. These are prioritized in advance and assigned deadlines. You then decide whether to implement the measures and at what time.

Article 37 EU GDPR / Appointment of a Data Protection Officer

According to the EU GDPR, a data protection officer must be appointed in certain cases. This is required, among other things, if you:

  • Process special categories of data
  • Your core activity is centered on the regular and systematic monitoring of individuals.

The opening clauses of the EU GDPR allow member states to enact their own laws and requirements for the protection of personal data within their country. For example, at the beginning of the EU GDPR implementation in Germany, it was necessary to appoint a data protection officer if at least 10 employees were regularly involved in processing personal data in their daily work. (Art. 38 BDSG)

A change to the appointment obligation was passed in the Bundestag in June 2019. The 2nd Data Protection Adaptation and Implementation Act (2. DSAnpUG) requires approval from the Bundesrat. It comes into effect the day after its publication in the Federal Law Gazette.

This must be reported to the supervisory authority.

List of federal states

Saxon Data Protection Officer

Record of Processing Activities

You need a so-called “Record of Processing Activities” (Art. 30 EU GDPR).

This is documentation and an overview of processes in which personal data is processed.

Processor (or Data Processor)

If you involve "external parties" to carry out your tasks as an "extended arm" without their own authority to use the data, you must create a record of them. Additionally, you must conclude an agreement with them regarding the handling of the data. (Art. 28 para. 3 GDPR)

Privacy Policy (Art. 12 et seq. EU GDPR)

Who must receive a privacy policy? What contents must be included in it, and is the privacy policy required to be signed?

During the basic check, it is determined from which groups of people personal data is collected and what options are available to practically provide them with a privacy policy.

Technical and Organizational Measures (TOMs)

According to Articles 24 and 32 of the GDPR, you are obliged to implement technical and organizational measures (TOMs). These measures are intended to ensure that the personal data you process is kept in “good hands.” The extent of these measures depends, among other things, on the amount of data, the purpose of processing, but especially on the likelihood of a risk occurring and its impact on an individual in the event of harm.

Data Protection Breaches

All employees must know what to do when an incident becomes known.

EU GDPR – What do employees need to know?

Your employees need to know what rights data subjects have and how to respond to requests or to whom these should be forwarded.

When must the data subject receive a privacy policy? And what exactly is a data subject?

What must I, as an employee, keep in mind when using information technology within the company?

What is allowed when handling mobile devices? Are there any requirements for working from home (home office)?

Do I, as an employee, have to fear consequences if I do not follow the company's instructions?

These and many other questions can be answered in a workshop with your employees.

An additional advantage of a workshop is that the topics discussed serve as a sensitization measure and must be applied by the employees.

News
Contact
Links and Login
Publications
Logos: EBF, Sachsen
KVINNE GmbH Datenschutz & Digitalberatung Reviews with ekomi.de
en_USEnglish
de_DEGerman en_USEnglish