for data protection
and data security
The implementation of the general data protection regulation (GDPR) is still a challenge for many companies today. It is not just a matter of updating the privacy statement on your website.
The creation of a register of processing activities, the conclusion and review of all processing contracts as well as adjustments to the internal processes (e.g. reporting process in the event of data breaches and answering queries from data subjects) or the documentation of security measures are associated with a deep understanding of the legal texts.
In recent years, I have advised over 20 companies on the preparation of the GDPR and worked with them to develop pragmatic solutions suitable for medium-sized businesses.
In addition to my extensive, cross-sector experience, I offer my customers prepared document templates that enable rapid implementation of the GDPR in line with the needs of small and medium-sized businesses, as well as a proven data protection concept.
In Germany companies with more than 10 employees must appoint a data protection officer in accordance with the Federal Data Protection Act (BDSG). The appointment of an external data protection officer is associated with several advantages for the companies:
- Your company size does not allow you to appoint a full-time data protection officer
- Avoidance of conflicts of interest
- Bringing in experience from other companies
I support you in the one-time implementation of the GDPR, or in the long term as an external data protection officer.
In the GDPR as well as in other compliance-relevant regulations, the principles of „confidentiality, integrity and availability“ in the processing of data are repeatedly pursued. The GDPR also describes these objectives as technical and organisational measures.
I support my customers in implementing measures to increase data security in order to reduce both attacks from outside and unconscious threats from employees.
Here, training measures on current threats in the processing of data (not just personal data) represent an important building block.
In addition, the implementation of technical measures reduces the attack surface.
You will receive my many years of experience based on the current Microsoft products and I advise companies on the implementation of GDPR and SME-compliant measures to increase data security.
An important component is the training of your employees on data protection and data security in your company.
Often further regulatory requirements are solved. These can be, for example, solutions in the area of GoBD-compliant archiving of documents, e.g. in contract management or in human resources (personnel files), even if these department-specific solutions are designed as components of a digitization strategy.
I support companies that are obliged to introduce an information security management system (ISMS), e.g. on the basis of the german IT security law, with the implementation of the requirements according to the IT basic protection of the BSI (Federal Office for Information Security, basic protection / standard protection) and in the future also according to ISO 27001.
If you find your requirements above, you should contact Stefan Köster eConsulting.
Continue to contact.
Vor gut einer Woche hat Microsoft ein neues Data Protection Addendum veröffentlicht – ziemlich genau ein Jahr nach der letzten Aktualisierung.
Ergänzend wurde Microsoft ein Transfer Impact Assessment veröffentlicht.
Das am letzten Freitag (19.11.2021) im Bundesrat beschlossene Infektionsschutzgesetz hat auch Auswirkungen auf den Datenschutz und die DSGVO-Umsetzung. Der Bundesdatenschutzbeauftragte Prof. Ulrich Kelber kritisierte die mangelnden Vorgaben zur datenschutzfreundlichen Ausgestaltung des Gesetzes. Daher hier ein paar Tipps, wie Sie es umsetzen können.
Verbesserung der IT-Sicherheit durch Videos vom Datenschutzkontor und Microsoft Viva Learning in Microsoft Teams.