Compliance & Governance

Compliance & Governance

From the data protection status quo to the development of risk mitigation strategies.

Compliance & Governance
How data privacy compliance works at DPA | © wutwhanfoto / istockphoto.com

We show how you can minimize risks

Data protection compliance is very challenging given the often unclear legal situation. Let our experts check whether the legal requirements have been complied with in the company to date. We will provide you with an overview of the current status quo, show you the weak points and jointly work out ways to minimize risks.

These audits can also be limited to different aspects, such as employee data protection or the use of customer data for advertising purposes.

Data protection compliance / governance

Companies need organizational and technical guidelines to ensure that the data protection requirements are implemented within the company. It is precisely the assignment of responsibilities for compliance with the GDPR that presents companies with major challenges. In addition, the so-called accountability principle requires that companies must also demonstrate compliance with the GDPR to the supervisory authority. Therefore, it must also be checked whether the internal rules are complied with. It is then essential to implement the need for improvement identified in the internal controls.

Thanks to our many years of experience, we can show you how to implement these requirements in a practical way. In addition, we are also happy to take over the internal controls for you and prepare an audit report.

IT Security

IT security is of great importance when it comes to correctly implementing the GDPR in the company. What company wants to report a data loss due to inadequate IT security measures to a regulatory authority? We check whether you comply with the data protection requirements for IT security and identify any need for improvement. We are also happy to conduct these audits as part of your compliance program for processors.

Privacy Management Platform

Companies are required to document all data processing activities and to submit this overview to the supervisory authority upon request. With our proprietary data protection management platform, we have greatly simplified this task and reduced it to the essentials. This distinguishes our solution from cumbersome Excel spreadsheets or oversized and complex programs otherwise available on the market.

The advantage for you: Companies for which we provide the data protection officer can use this platform exclusively. On the one hand, it enables the simple documentation of the procedures according to Art. 30 DSGVO. On the other hand, the software can be used to perform an initial assessment, including a risk assessment.

Our platform is accessible online and clearly shows which data processing operations are critical and which are rather non-critical. We have introduced a comment function for the exchange on the specific need for action. This simplifies the revision of individual entries enormously. For example, employees in the company can be asked to complete relevant information. Of course, this platform also provides for an export function so that the required documentation can be submitted to the supervisory authority upon request.

Privacy e-Learning

Onboarding new employees should also include training in data protection. Appropriate basic knowledge must be imparted. Against this backdrop, we exclusively offer the companies we support an eLearning platform on data protection that we have designed. In this way, we have already been able to teach several thousand company employees basic data protection skills. Only when they pass the test are employees automatically issued a certificate of completion of the course. Further learning content in this platform is designed for managers in the company, as they require more advanced knowledge. With the help of this platform, companies can handle their data protection training obligations easily and cost-effectively. We regularly update the individual learning units and adapt them to legal developments.