The right to protection of personal data of natural persons entails a number of obligations for entrepreneurs. The exact requirements have been regulated in the EU Data Protection Regulation (GDPR) as well as in the federal regulations. The requirements depend on many factors, such as the size of the company as well as the scope of data processing. In this context, companies are to decide for themselves, to the greatest extent possible, which measures are appropriate. This often leads to despair, especially because non-compliance with the requirements in the area of personal data protection can lead to high fines.
A good way to check the current processes in the area of data protection in the company and to protect yourself from the negative consequences is to conduct a data protection audit. The data protection audit should be carried out by persons with appropriate qualifications and experience, e.g., by a lawyer who specializes in data protection.
During a data protection audit, all processes associated with the processing of personal data are identified and reviewed. As a rule, such an audit begins with a discussion of the questions that are important from the perspective of data protection, such as:
– Does the company have a data protection officer?
– Does the company have a data protection concept?
– Are personal data transferred to third parties? Is there a basis for such transfers?
– How is access to personal data by employees regulated?
– How is the personal data protected from access by third parties?
Once these questions have been answered, a comprehensive data protection review of the company’s existing records takes place. As part of this review, the documentation required by data protection regulations, but also other documents such as employment contracts as well as service contracts will be analyzed and adjusted if necessary.
As a rule, a written report is prepared on the performance of the data protection audit, in which all weak points as well as corresponding solutions are described.
Independent of the audit described above, it is often also advisable to conduct an IT audit.
We will conduct a data protection audit for you, draft necessary documents and answer all questions related to data protection in the company.
Do you have any questions or require our consultation?
Contact us. We will further help you.