Initial data protection analysis
Analyse, design & optimise.
Do you have to meet defined requirements in terms of data protection and need a determination of the current status? An initial data protection analysis creates clarity and forms the basis for more detailed checks and in-depth audits in the run-up to certification procedures. You benefit in several ways from knowledge of your organisation’s data protection situation and make targeted use of optimisation potential. The initial data protection analysis is particularly recommended against the background of the entry into force of the EU General Data Protection Regulation (EU GDPR).
Data protection - a management task
Legal requirements demand professional approaches to data protection, especially in light of the requirements of the EU General Data Protection Regulation. But which measures are organisationally feasible and financially reasonable? Talk to us and then decide. We will inform you on the basis of your concrete operational requirements, without obligation and free of charge.
We can do a lot for you
Together with you, we assess the data protection situation in your organisation or company. Data protection and IT security go hand in hand. We attach particular importance to the holistic consideration of IT security aspects and the technical and organisational measures used. Our analysis is individually tailored to your business field and your organisation.
What the expert says
Your questions - our services
Do you process personal data in your organisation or have it processed by service providers on your behalf? Then you should get an overview of which legal requirements you have to fulfil.
Conformity with applicable data protection laws is our essential criterion in the context of the initial data protection analysis. We always work from the perspective of the particular data protection risks that may exist for you.
With the EU’s General Data Protection Regulation, data protection violations are sanctioned more severely. There is a threat of fines of up to 20 million euros. In addition, there is the damage to the company’s image, which is often more serious. By the way: In the case of organisational deficiencies, the management level is also personally liable.
Our recommendations are based on practical feasibility, not just on abstract legal texts. We therefore check together with you whether your data protection management also fits your requirements.
Even if you outsource data processing, you are still responsible under data protection law. We therefore include data processing by service providers in the analysis and, if necessary, explain the data protection requirements in the case of subcontracting (outsourcing).
We analyse the technical and organisational measures you have taken to protect the data on a sample basis. You will receive well-founded feedback on possible weak points.
You will receive a written report from us with concrete recommendations for action and suggestions for your next steps.
If you wish, we can present the results in a workshop (for example, in the presence of the management level) on your premises.
Your contact person
Short vita Roman Maczkowsky
Roman Maczkowsky is a certified team leader for audits according to ISO 27001 native as well as on the basis of IT-Grundschutz, also according to the German Energy Industry Act (EnWG) for energy suppliers and operators of critical infrastructures. He is a proven specialist in operational data protection and was, among other things, an employee of the Independent Centre for Data Protection Schleswig-Holstein (ULD) and the Berlin Commissioner for Data Protection and Freedom of Information. Roman Maczkowsky is a BSI-licensed IS auditor and IS consultant and is active as a lecturer in the training of data protection and IT security officers.