Services

Latest news

What to do in a case of ...

In particular we have extensive expertise in:

External data protection official (Germany, France, Austria, Switzerland, Sweden)
Data protection concepts (national and international)
Commissioned data processing
Data protection compliance
Cross Border data transfer
Data protection at data mining
Data protection in the medical area

Our clients one and all claim that they belong to the “best” of the particular industry in their areas. We claim that many years of our experience and that the Know-how on the interface in combination with technology and data protection law has made us to one of the leading service provider company in data protection and data privacy.

If you are interested in a personal conversation please refer to RA Robert Niedermeier as contact under the phone number: 0171 – 244 00 99 or under mail@d-b-s.de.

Further explanations to our range of services in detail:

Our company is one of the leading provider for service and outsourcing in data protection and data privacy.

In addition to a concept for data protection and data privacy, which is adapted to the specific needs of a company, we may ensure for legal security because of the legal education of our employees.

Our company, the DATA BUSINESS SERVICES GmbH &Co KG offer following services:

Placing an external data protection officer at your disposal
Advice of the present data protection officer
Implementation of a Dynamic Data Protection Manual (DDPM)
Realisation of legal conform data protection
Coaching
Workshops

To this in detail:

1. Job description of the data protection officer

The job description of the operating data protection officer is currently legally stated in the BDSG or the relevant local law. The operating data protection officer has to ensure that the terms of the Data Protection laws and other instructions about data protection are obeyed. In the following we refer exemplarily to the German Data Protection Act (BDSG) but have knowledge regarding other jurisdictions as well.

Especially important test points and duties of the operating data protection officer are:

no personal data processing without consent or particular legal basis
obligation of the employees to the data secrecy, training and information
Regard to backup policies and existing obligatory registration
compliance with rights of data subject
Realisation of information routine
international data transfer
Information about the current legal status
Evidence of statutory data protection structures

2. Activities of the operating data protection officer

To perform his task the operating data protection officer acts as follows:

a) Inventory
b) Concept creation
c) Stepwise implementation of the concept
d) Hot-spots localization
e) Evaluation
f) Reporting
g) Regular auditing

The data protection officer is always to enable and contributes when projects are developed for personal data processing. The operating data protection officer is located on the management level and represents the interests of the company in data protection.

With this in mind he advice and support the company by backup of correct implementations of DV-programs with personal data according to the BDSG. This ranges from the internal data protection advice to the coordination of data protection concepts for sensible areas with the supervisory authority.

3. Internal and external data protection officer

The BDSG authorised the company to order an internal or an external operating data protection officer. As advantage of an external data protection officer it must be noticed that normally he has a deeper expertise, because against the internal data protection officer he is occupied only with questions of the BDSG and other data protection laws. It is also anticipated that he has a bigger practical experience as far as he is active as data protection officer in many companies. In regard to labour law speaks for the order of an external data protection officer prior the opportunity to bind him in the range of a consultancy contract which is terminable at any time. An internal data protection officer is according to dominant opinion not terminable. It is controversial under which conditions an extraordinary termination can be made. The company shouldn’t show an interest in imponderables in the area of the termination of an internal data protection officer. For the order of an external data protection officer further speaks that because of his external position he is in a better position to represent the interests of the company in data protection, because he must show no consideration for an internal social structure and so he can implement the decisions of the management in data protection.

4. Requirements

According to the established case-law and to significant opinions the operating data protection officer has to be an expert as well in data protection law as in information technology. This requirements must apply also for persons who advice the internal DSB or other companies.

5. Advice

The company advices existent data protection officers by realisation of a legal data protection structure in the company. This realisation is divided regular into an initial phase and in an evaluation phase. The initial phase takes between three and six months. The evaluation phase takes twelve months. Object of the initial phase is: - Preparation of a data protection concept - Stock taking - Persons involved - Firms involved (third parties) - Systems involved - Areas structuring - Persons structuring - Computers register - Data register - Online data protection - Data mining – Special areas.

Object of the evaluation phase is: - Data processing systems in closed shop - Data protection client/ server - Hot-spots localization - Hot-spots classification - Hot-spots deactivation - Communication concept testing.

Aim of the initial phase is to ensure compliance to the basic standards according to the federal data protection act and other specific regulations. To such an extent will be that compliance, so that a violation against penal and administrative fine regulations of federal data protection act and other legal provisions will be excluded as far as possible. During the evaluation phase all other areas will be displayed in a data protection concept in accordance with legal regulations.

In case that legal regulations change or new relevant data protection areas arise, we submit to the president of the company a proposal about the implementation of those changes in the existing data protection concept.

6. Dynamic Data Protection Manual

In order to be your company in position to prove the existing data protection structures and your conformity to law, we suggest the implementation of a so-called Dynamic Data Protection Manual (DDPM). The varying data protection issues are profoundly and intensively described and legally weight. The manual is so designed that it can be used as foundation for the new data protection audit.

7. Coaching

The company coaches person responsible for data protection until they can perform alone and safe their task. The coaching occurs as workshops, attendance, advise or by providing a hotline.

8. Workshop

We are very ready to verify you our expertise in the range of a workshop and to show you how you can replace a dynamic data protection manual by an introduction of organizational data protection measures, in particular by technical costly data protection measures.

9. Current developments

In the view of the current BDSG it is certain that data protection is a significant company characteristic and failures in this area can be business-endangering.

It is for them all the more when the new BDSG presents the chance to provide software, server, service provider and workflows as “data protection legal” with a seal of reliability. Because of this the companies must take care now at the latest that suitable data protection structures are implemented in the company without being hindering. Therefore an introduction of a dynamic data protection manual is ideal.

We have the necessary practical experience and reputation to support you.