We are thrilled to serve you
Being successful together
Our approach can be described as follows (see diagram).
Step 1: During a presentation(approx. 2 hours) together with the responsible persons of your company we will explain to you the consequences and required actions of the General Data Protection Regulation (GDPR). We will give you an overview and explain to you the general provisions and principles of the GDPR as well as the impact to your company. At the end you will experience a first knowhow transfer which enables you to make further decisions. This presentation, which will be held by one of our data protection experts, will cost you 200 EUR (plus VAT). Should you decide to designate our expert as your external data protection officer, this amount will be reimbursed with your monthly contribution.
Step 2: After receiving your order we will first start with checking your homepage. We will not only point out shortcomings of your homepage related to data protection but we will also identify possible deficits which violate the copyright or open possibilities which lead to cease and desist letters.
Step 3: Next, we will begin with the training of your staff, to make them better understand und support all the upcoming actions. This reduces negative attitudes because your staff learns for what this will be good for.
Step 4: Our data protection expert will screen and review all the existing paperwork (for example data protection statements, non-disclosure agreements, written consents, your record of activities, etc.). We will point out necessary additions and corrections. Should some documents be missing, you will get templates and text modules for you to review and adapt.
Step 5: All technical and organizational measures, which you already have implemented within your company, will be reviewed and rated. This includes the onsite-inspection of your IT and office rooms as well as the provision of missing templates and documents. As a result we will advice you how to optimize the deficits and suggest how to improve the overall data security. If some technical and organizational measures are missing you will get pre-filled templates which you can adapt according to your needs. With this your mandatory data protection documentation will be completed.
Step 6: This is probably the most work intensive step and will need the participation of your business process owners. Our data protection officer will lead this working group. He provides relevant templates, informs your process owners, answers questions und supports your employees in developing implementable solutions. Each process within your company will be reviewed with respect to the personnel data which are processed. This may be processes for gaining new businesses, project management processes or any other processes which affect your employees’ data. At the end this will result in a substantial documentation which covers most parts of the mandatory accountability documentation. When working with data processor, who process data on your behalf, we support you in creating the necessary “controller-processor-agreement”. At the end the mandatory records of activities will be composed which you need to maintain according to article 30 of GDPR.
Depending on your needs you may want us to help you solving specific data protection related issues on a time and material basis (120 EUR per hour). Or you may what to engage us as your external data protection officer based on a monthly fixed fee. Alternatively, you may want to take advantage of our fixed price packages which we offer for various topics.
We are looking forward to your inquiries.