STRUCTURED PLANNING OF THE GDPR

As of May 25, 2018, the Gene­ral Data Pro­tec­tion Regu­la­ti­on (DSGVO or GDPR) appli­es to the pro­ces­sing of per­so­nal data in the mem­ber sta­tes of the Euro­pean Uni­on. The GDPR brings with it num­e­rous new requi­re­ments, in par­ti­cu­lar also increased docu­men­ta­ti­on obli­ga­ti­ons. For com­pa­nies, the regu­la­ti­on has signi­fi­cant con­se­quen­ces, as in addi­ti­on to claims for dama­ges, the­re are now also signi­fi­cant pen­al­ties for vio­la­ti­ons of the GDPRO.

Is your com­pa­ny alre­a­dy pre­pared? What mea­su­res are still miss­ing for the GDPR implementation?

The docu­men­ta­ti­on obli­ga­ti­on includes, among other things:

  • Crea­ti­on of a bin­ding data pro­tec­tion policy
  • Sen­si­tiza­ti­on, edu­ca­ti­on and trai­ning of employees
  • Com­pli­ance with data pro­tec­tion prin­ci­ples such as lawful­ness, pur­po­se limi­ta­ti­on, etc. Ful­fill­ment of infor­ma­ti­on obligations
  • Docu­men­ta­ti­on of decla­ra­ti­ons of consent
  • Crea­ti­on and ongo­ing updating of a pro­ce­du­re directory
  • Pro­ce­du­res for com­pli­ance with data sub­ject rights, e.g., infor­ma­ti­on and deletion
  • If neces­sa­ry, a data pro­tec­tion impact assessment
  • Imple­men­ta­ti­on of the “Pri­va­cy by Design / Pri­va­cy by Default” principles
  • Imple­men­ta­ti­on of appro­pria­te sta­te-of-the-art tech­ni­cal and orga­niza­tio­nal data secu­ri­ty measures
  • Ful­fill­ment of noti­fi­ca­ti­on obli­ga­ti­ons in the event of data pro­tec­tion breaches
  • Manage­ment and con­trol of pro­ces­sors, e.g. con­tracts, con­fi­den­tia­li­ty agree­ments, audit rights, certifications
  • Appoint­ment of a data pro­tec­tion offi­cer if required
  • Plan­ning and con­duc­ting audits

Our approach: Struc­tu­red approach to implementation

A docu­men­ted and struc­tu­red approach, e.g. in the form of a data pro­tec­tion manage­ment sys­tem, pro­vi­des a signi­fi­cant­ly impro­ved start­ing posi­ti­on in the event of dama­ge or an audit by the aut­ho­ri­ties. Pen­al­ties can be redu­ced by this pre­cau­ti­on if neces­sa­ry or con­ver­ted into a warning.

The SEC4YOU GDPR Rea­di­ness Check is a sur­vey of the matu­ri­ty level with regard to the requi­re­ments of the Gene­ral Data Pro­tec­tion Regu­la­ti­on and the natio­nal adapt­a­ti­ons and defi­nes the mea­su­res still to be imple­men­ted. For this pur­po­se, we rely on norms and stan­dards that are con­side­red “sta­te of the art” and adapt the requi­red mea­su­res to the cus­to­mer envi­ron­ment in a tar­ge­ted man­ner. Rele­vant regu­la­ti­on artic­les are com­pared with exis­ting mea­su­res, from which a list of addi­tio­nal mea­su­res requi­red to com­ply with the Gene­ral Data Pro­tec­tion Regu­la­ti­on is derived.

Part of the report­ing is a manage­ment-rea­dy sum­ma­ry that enables manage­ment to initia­te the fur­ther neces­sa­ry steps in a prio­ri­ti­zed manner.

Results from the SEC4YOU GDPR Rea­di­ness Check are:

  • Assess­ment of exis­ting pro­ces­ses accor­ding to the GDPR
  • Cus­to­mer-spe­ci­fic recom­men­da­ti­on for the imple­men­ta­ti­on of a data pro­tec­tion manage­ment system
  • Prio­ri­ti­zed cata­log of mea­su­res of open activities

Fur­ther information:

GDPR basic seminar

Bit­Lo­cker end­point encryp­ti­on in terms of GDPR

GDPR Blog

Y O U R   A D V A N T A G E S

  • Fast matu­ri­ty mea­su­re­ment of the GDPR requirements

 

  • You recei­ve a manage­ment report as a basis for decision-making

 

  • Prio­ri­ti­zed cata­log of measures

 

  • Recom­men­da­ti­on regar­ding a data pro­tec­tion manage­ment system

Ques­ti­ons about the GDPR Rea­di­ness Check?
Would you like to speak with an expert?