Privacy – a big topic in Germany and Europe.
High privacy requirements have been standard in Germany for many years and with the EU General Data Protection Regulation (GDPR) this topic is now seen even more strict than before. Especially the likelihood and the height of potential penalties raised heavily.
Additionally, the work of many Privacy Officers is seen as “just blocking everything and giving no solutions”.
This upsets a lot of German managers and for foreign responsible persons it is even worse.
We aim on keeping the positive view on privacy of our customers by establishing GDPR compliant processes with the attempt to avoid unnecessary hurdles.
Privacy
General
Kathrin Höft
External Privacy Officer / Privacy Consultant
Gain compliance
Independent of the nomination of a privacy officer every company has to follow certain privacy rules that are defined by the GDPR.
In some cases the impact is very low for a company, in others it can be necessary to fulfil several requirements.
Nearly every company handles personal data and we consult on what your company needs to cover/implement as well as how to do that.
Many companies already employed an internal privacy officer before the GDPR came into force. Now the tasks are more extensive than before and new rules/processes need to be followed.
We support your internal privacy officer in the accomplishment of those tasks and bring him/her up to date.
This may also be project based, like the creation of directories or with audits.
Be in good hands
Every company must be compliant with privacy regulations and under certain conditions a privacy officer needs to be nominated. The conditions are defined in the GDPR and the German BDSG.
If you are obliged to nominate that position or if you decided to have it voluntary you are free to cover it internally or externally.
For the internal position you have to calculate the financial and time consuming effort for training, certification and constant further education of the responsible employee.
An internal privacy officer has a strong dismissal protection, there is nearly no chance to end the contract if he or she doesn’t commit really heavy transgressions.
Additionally, not every employee is allowed to fulfil that position, e.g. managing directors, HR department heads and higher level managers with privacy related authority to decide are excluded.
The GDPR states that the privacy officer supervises the compliance with the respective regulations as well as the strategy of the responsible persons.
This aims on all areas of the company where personally identifiable data may be processed, which means that the privacy officer has the authority to inspect nearly everything. Therefore, this position should be given to a person that can be trusted.
We offer to staff the position externally with duly trained, certified and specialized personnel which guarantees a high-quality and more flexible execution of this role.
As a external company with a strong security background we are used to work in sensible areas and fulfil our services without internal entanglements.
This is an important factor for many customers, because it avoids conflicts of interests.
