Our law firm supports internal data protection officers by clarifying legal issues relating to data protection and by drafting, among other things, all necessary data protection-related documents, contracts, guidelines, company agreements, user regulations, legal or technical expert opinions, process descriptions, procedural instructions, work and organizational instructions, documents on IT security, etc.
Furthermore, we provide training for internal data protection officers and employees in the company.
The firm’s services in the area of support and training of internal data protection officers include in particular:
- Support for internal company data protection officers (DSGVO, KDG, EKD-DSG).
- Conducting an as-is analysis or an audit on data protection
- Consulting and implementation of data protection requirements
- Preparation of the required data protection documents
- Hotline for answering all data protection-related inquiries by telephone or via e-mail
- Preparation of documents for the fulfillment of information obligations
- Preparation and conclusion of agreements for commissioned processing
- Data protection for cloud applications
- Recording of existing files and IT procedures and creation of the required directories of processing activities
- Conducting the required data protection impact assessment (MS Office 365, video surveillance, electronic personnel file)
- Review of technical-organizational measures (IT security measures)
- Support in the creation and implementation of a deletion concept
- Establishment of an ISMS (IT security management system)
- Implementation of requirements for encryption of mobile storage media, e-mail encryption and VPN
- Implementation of employee data protection requirements (electronic personnel file/ paper file, applicant management)
- Data protection for client information systems (authorizations, file structure, IT security)
- Implementation of data protection for cloud solutions (MS Azure, Amazon Web Services)
- Support in the area of IT security and data protection for IT applications e.g. MS-Dynamics, SAP SuccessFactors, Personio, SAGE, Salesforce, Workday, DMS systems, email archiving, etc.
- Assessment of apps in the area of social media, in particular facebook, WhatsApp, Instagram, Signal, threema, TikTok, telegram, etc.
- Data protection-compliant destruction of paper and data carriers
- Data protection during internal exchanges in the facilities (internal consulting, supervisions, etc.)
- Implementation of data protection requirements in the event of data transfer to church and official bodies (youth welfare office, social welfare office, courts, etc.)
- Review of the website of the church institution (privacy policy, imprint)
- Creation and negotiation of service agreements (e-mail/internet use, access control/time recording, video surveillance, MS Office 365, cloud solutions, electronic personnel file, home office, etc.)
- Creation of training documents and implementation of data protection training courses
- Creation of training materials on data protection as e-learning
- Introduction of a process for handling data protection violations
- Implementation of data subject rights requirements (information, deletion, correction, etc.)
- Preparation of consent forms, especially for filming and photographs
- Implementation of data protection in charitable and other social institutions and parishes
- Compliance with data protection requirements in medical facilities and hospitals, telemedicine
- Data protection in social media (social media guideline, implementation of the Facebook ruling of the European Court of Justice)
- Regulation of legal conditions for video surveillance (IT security, product assessment, service agreement, AV contract, pictogram)
- Fulfillment of legal requirements for access control and time recording
- Advice on the use of drones
- Assessment of new IT systems (system data protection)
- Workshops on data protection topics (data protection forum)
