Data pro­tection con­cept / data pro­tection ma­na­ge­ment sys­tem

In times of the GDPR, selective data protection is no longer effective in order to fulfil all obligations arising from the GDPR (Accountability).

The sole appointment of a data protection officer therefore only fulfils a part of the requirements of the GDPR.
The supervisory authorities can also demand the submission of company-wide data protection concepts as part of the audits, which is why the implementation of a data protection management system is unavoidable.

Inquiry Website

You have further questions about our consulting services? Talk to us or send us an e-mail.

You can also send us a message using the contact form below. If you wish, we can also call you back.

By pressing the "Send" button, your data entered in the contact form will be collected and processed for the purpose of answering your enquiry. You have the right to object at any time with effect for the future. Further information on the processing of your data by RDP Attorneys can be found in our data protection information.*

What is the sum of 5 and 7?

Imple­mentation of a data pro­tection mana­gement sys­tem

Step 1: Analysis of current data protection level

Au­diting of the en­tire com­pany with regard to:

Documentation and preparation of findings

  • Actual workflows
  • Existing work instructions, documentation, contracts
  • Existing data protection processes
  • List of processing activities
  • Fulfilment of information duties
  • Data protection agreements (DPA, Joint Controllership)
  • Security of data-processing

Step 2: Creation of an action plan

  • List of all located deviations with risk assessment
  • Conception of work packages prioritized according to risk and probability of occurrence

Step 3: Implementation, training

Once the work pa­ckages have been fina­lized, im­plementation will be driven forward in the indivi­dual spe­cialized de­partments:

  • Initial workshop with all specialized departments
  • Creation of processing directories
  • Determination of the required data protection agreements with service providers
  • Fulfilment of information obligations
  • Implementation of data protection processes (information, deletion, conduct in the event of a data breach)
  • Data protection impact assessment
  • Deletion concept

In addition, all employees are instructed in the data protection management system.

Step 4: Documentation, regular auditing

RAin Michaela Berger

Your partner

Lawyer Michaela Berger, LL.M.

Specialist lawyer for IT law
certified data protection officer (TÜV Süd)
certified data protection auditor (TÜV Süd)

Michaela.Berger@rdp-law.de
Contact form