Data protection officers
do not have to be permanently employed!
External competence for your company.
Corporate data protection is a complex issue and belongs in the hands of a competent responsible person. However, this does not necessarily mean that the staff position of a dedicated Data Protection Officer must be created and filled in the company. Even if the size of the organization and the resulting scope of data protection matters suggest in-house staffing, an external data protection officer is often the better choice, both organizationally and economically. Especially against the background of complex and frequently changing legal situations, for instance with regard to the new EU General Data Protection Regulation (EU-GDPR), a quick transfer of competence is guaranteed and legal certainty is maintained at all times.
Protect your values
For many organizations, data have become a significant component of their corporate assets. Whether customer files or business-like processing of personal data on behalf of your customers: Do not leave your data unprotected! You do not have to do without professional data protection, even if filling a dedicated staff position might not make sense in your business situation.
We can do a lot for you
Benefit from our expertise and experience. We perform all the tasks of an external data protection officer according to Sec 4f BDSG and, if necessary, will act on behalf of your company vis-à-vis outsiders. We tell you which legal requirements you have to fulfill and accompany you continuously in the development of practice-oriented solutions.
This is what the expert says
Your questions - our services
The implementation of data protection in a company is a versatile and challenging task, which sometimes involves very complex legal issues.
As your external data protection officer,
- we check your service providers with regard to their technical and organizational measures. This reduces your risk of suffering monetary or non-material damage due to the misconduct of your service providers.
- we provide training and advice individually and on site, tailored to your individual work areas. This gives your employees the tools they need to deal with your data-related corporate values in a security-aware and careful manner.
- we regularly analyze together with you whether your security measures are appropriate according to the protection requirements of your data.
If you process personal data yourself on behalf of your customers, we support you in implementing the data protection requirements of your customers quickly and non-bureaucratically.
According to the German Federal Data Protection Act, data protection officers must have the necessary expertise and reliability. With regard to the required specialist knowledge, this encompasses primarily legal and organizational knowledge, didactic skills and IT skills. The supervisory authorities for the private sector (Düsseldorfer Kreis) have formulated corresponding minimum requirements .
In principle, a data protection officer can be appointed internally (company staff) or externally. An internally assigned person must fulfill the same requirements as external data protection officers. In addition to the necessary expertise, it is particularly important for the person not to be in a conflict of interest with their other activities. As a matter of principle, members of the management cannot be data protection officers of their company at the same time.
In contrast to some other EU countries, Germany relies on a system of self-regulation via company data protection officers. This also includes the obligation to review service providers who process personal data on behalf of customers. As the superordinate authority, the task of the data protection supervisory authorities is to monitor compliance with data protection laws. They also have the right to impose fines.
Good data protection...
... reduces business risks
Legally compliant data management is a good basis for business decisions and reduces risks related to data loss, bad investments or fines in the long term.
... promotes the corporate culture
Proper processing of employee data helps to avoid conflicts with employees. With data protection training and consulting, uncertainties regarding data processing powers are avoided. This ensures clarity and creates a positive working atmosphere.
... creates values
Companies often underestimate the value of the data they store. Whether customer files or newsletter recipients: Data is of considerable value. Professional data protection helps to identify and preserve these values.
... strengthens IT security
For the protection of personal data, sufficient technical and organizational measures must be taken – this is applicable law. The systematic recording and documentation of these measures also strengthens the security of the IT environment and contributes to an efficient work culture.
... has radiance!
A solid data protection contributes to a positive corporate image and creates trust. Customers and business partners know that their valuable data is in good hands.
Your contact person
Short Vita Roman Maczkowsky
Roman Maczkowsky is a certified team leader for audits according to ISO 27001 natively as well as on the basis of IT-Grundschutz, also according to the Energy Industry Act (EnWG) for energy providers and operators of critical infrastructures. He is a proven specialist in corporate data protection and worked, among other places, at the Schleswig-Holstein Independent Center for Privacy Protection (ULD) and for the Berlin Commissioner for Data Protection and Freedom of Information. Roman Maczkowsky is a BSI-licensed IS auditor and IS consultant and works as an instructor in the training of data protection and IT security officers.