Our legal experts in the field of data protection advise on all legal issues relating to the protection of personal or corporate data.
To this end, we are familiar with all relevant legal frameworks for a secure and legal handling of data, provide support in all data protection issues and represent your interests in the event of a dispute, even in court.
Companies with 20 or more employees are required to appoint a data protection officer. As an external data protection officer, we support you with our expertise in all data protection issues.
The appointment of an external data protection officer has various advantages for companies:
- No costs and time spent on the necessary qualification
As external data protection officers, we already have the legal and technical knowledge to perform this role.
- No protection against dismissal
Internal data privacy officers enjoy protection against dismissal comparable to that of a works council
- No organizational blindness
The external data protection officer can assess data protection in your company without bias.
- Personnel resources
Your employees do not have to be removed from their actual jobs for data protection officer tasks.
- A wealth of experience
As an external data protection officer, we can draw on a wealth of experience from our ongoing data protection consulting.
As an external data protection officer, we are perceived as independent both internally and externally by data protection authorities.
- Neutral position
The data protection officer can mediate between the company, the works council and the employees.
We can provide data protection officers throughout the Group. This standardizes processes and helps you keep an overview.
- Wide reach
We can even provide data protection officers throughout the EU.
As data protection officers, we support you in setting up and implementing a GDPR-compliant data protection organization in your company. All of our consultants are licensed attorneys who additionally practice in labor law or IT law, two areas of law with the greatest points of contact with data protection law.
- Data protection audit
At the beginning of our work, we conduct a detailed data protection audit at your company and draw up a list of measures. The audit includes an on-site inspection of the company and a review of the technical and organizational measures.
- Ongoing consulting
As part of ongoing consulting, we work with you to implement the list of measures and support you in all data protection issues.
- Review of websites and online shops
We check your websites and online shops for data protection compliance and inform you about changes relevant to you.
- Control of processors
Anyone who uses processors in the company must monitor them accordingly. As data protection officers, we conduct the initial check for you and, if necessary, all further checks, including on-site checks.
- Employee data protection
In the employment relationship, further regulations on employee data protection apply in addition to the general data protection regulations. Here, too, we provide you with the relevant templates, fact sheets or checklists.
Since the introduction of the GDPR in May 2018, controllers have been subject to a large number of documentation and verification obligations. As external data protection officers, we support you in creating and updating the documents relevant to you:
- Data protection concept
- Processing lists, retention and deletion concepts, IT usage guidelines
- Data protection impact assessments (e.g., for video surveillance)
- Fact sheets in the area of personnel data processing
We offer training for employees and managers that is tailored specifically to your company and your needs. Training courses can be held annually or on an as-needed basis. We will be happy to coordinate the specific content of the training with you. Possible topics include:
- General employee training
Create a basic understanding of data protection, related requirements and best practices among all your employees for a consistently high level of data protection in your company.
- IT department
Employees in IT departments are often involved with data protection issues. Topics of training include data protection through technical and organizational measures, data protection-friendly settings of programs and authorization concepts. Dealing with data breaches can also be the subject of training.
- Human resources department
The HR department also encounters data protection issues on an ongoing basis. Sensitive personal data in particular, such as health data (e.g., severe disability or sick leave) or trade union membership, are repeatedly the subject of processing in the HR department. Due to the amount and type of data processed, it makes sense to train employees on a regular basis.
- Works Council
As part of its participation rights, the works council has comprehensive access rights to employee data and may also use this data for its own purposes, however, the employer remains the controller. It therefore makes sense for companies to offer regular training in data protection issues to works council members.