DOCUMENTATION RQUIREMENTS / GDPR

URGENT NEED FOR ACTION

The General Data Protection Regulation (GDPR), which came into force on 25.05.2018, places numerous data protection obligations on every organization, including the one-man enterprise. The associated tasks and responsibilities are only partially in line with the previous regulations of the German Federal Data Protection Act, so they have been supplemented significantly.

Now, businesses are accountable for compliance with data protection requirements, so they need to proof compliance. They have to compile and document their processes in such a way, that the data protection authorities can be provided with documents that prove compliance with data protection requirements.

NEED FOR ACTION IN DETAIL (LEGAL AND TECHNICAL)

The need for action must be determined individually for each company. However, the following topics should always be examined or edited:

  • Drafting or adjustment of a processing directory; in particular, this directory includes the type of personal data processed in the company (such as names, addresses, e-mail addresses, location data, health information), for what purpose it is processed, to whom it is disclosed and when it is deleted;
  • Drafting or completion of processing contracts (processors are individuals who process personal data on behalf and under the direction of the controller, such as a company’s IT service provider);
  • Adaption or setting up and documenting technical and organizational measures (in particular encryption of personal data, data backup, etc.);
  • Informing and obliging employees of a company to comply with the GDPR;
  • Informing of affected persons (e.g. privacy agreements with customers and privacy statements on the website);
  • Setting up of internal processes to be able to fulfill the rights of affected persons;
  • Setting up of internal processes for reporting data breaches;
  • Perform privacy impact assessments;
  • Training of employees.

DATA PROTECTION ADVICE FROM A SINGLE SOURCE – LEGALLY AND TECHNICALLY

The implementation of the GDPR obligations for companies requires both, legal and technical knowledge. We offer legal and technical data protection advice from a single source, by our experienced lawyers and IT consultants.

Please contact us, we are happy to assist you.