Privacy
The processing of personal data in companies is subject, in Germany as well as internationally, to several legal regulations. These regulations are related to the data of employees as well as end customers. German companies have to follow the regulations of the Federal Data Protection Act and Telecommunications Act (etc.).
Many concrete measures that needed to be implemented by companies result from these laws:
Many concrete measures that needed to be implemented by companies result from these laws:
- Appointment of a data protection officer: If the data processing in the company exceeds a certain amount, a data protection officer has to be appointed. This person is responsible for assuring compliance with the various data protection regulations and has to be available for consultation for those responsible for and affected by the data processing.
- Auditing relevant company divisions: The processes / systems used to process personal data in the company are to be examined for legal conformity by means of an audit.
- Examination of security measures: Personal data has to be protected concerning its confidentiality, integrity and availability. The implementation and quality of the relevant (IT) security measures in the company are to be regularly tested.
- Creation of a procedure directories: The procedure directories help to document personal data processing. Hereby, the IT system based procedures are normally documented and described in detail. Aside from a general description of the scope and objectives of data processing, the documentation also describes the type of data, the company internal recipients of the data, and possibly the external partners involved etc.
- Legal regulation of IT and Internet use: Binding guidelines or a company agreement should regulate employee use of IT systems and the Internet (especially private use).
- Training and awareness: All employees who are involved in the processing of personal data must be trained regarding the relevant laws and have to be aware of the necessary security measures. In addition, the employees are to bind themselves to data secrecy.
- Data protection when working with external partners: Special data protection policies are to be made for the collaboration with external partners as far as personal data is involved (IT service provider etc.). Thereby the partner obliges himself to comply with all relevant legal regulations. Furthermore, depending on the partnership, a compulsory direct audit of the involved technical and organizational measures is to be carried out on location of the partner.
In addition, supplementary measures should be mentioned, like i.e. the creation of an annual report for the management, binding relevant employees to data secrecy, ex ante control when introducing new procedures/ IT systems, regulations for data protection when working with international companies.
Our company supports you with a practical implementation of the requirements, in order to assure your company’s compliance with data protection regulations:
- Carrying out data protection audits
- External appointment of a data protection officer
- Data protection on the Internet (Data protection aspects of websites and portals)
- Awareness training for employees
