Order processing

The outsourcing of computing processes to service (external) providers being not related to the company, is a process, which needs a verification for reasons of data protection according to the agreement on order processing. The area of responsibility of an external data protection commissioner implies the control of agency contracts from controller engaging external service […]

Details …

International data transmisson

International companies transfer personal data, e.g. applicant data from subsidiary companies in Germany to the USA, from support center to support center (follow the sun) or to service partners resident in third countries, who process personal data under contract. The applications are diverse, and the data transmission, too, can occur over a number of data […]

Details …

Data Protection Law of the Catholic Church (KDG)

In the field of data protection law, the Catholic Church has given orders about the church data protection (KDG).We function as external data protection commissioner for enterprises and organizations being subordinated to an agency of the Catholic Church, such as administration, hospitals, academies, supporting work, and child and youth welfare services. The following services are […]

Details …

Data Protection Law of the Prostestant Church (DSG-EKD)

The data protection law of the Protestant Church in Germany (DSG-EKD) is applied to the data protection within the field of agencies of the Protestant Church, hence in their enterprises and organizations. We function as external data protection commissioner for enterprises and organizations being subordinated to an agency of the Protestant Church, such as administration, […]

Details …

Data Protection in Educational Institutions and Schools

A lot of data is collected, processed and used in educational institutions and schools. The persons affected in the field of application of data protection in educational institutions and schools are pupils, parents, teachers, administrative officers, and the school administration. A lot of privacy compliant requirements need to be noted both with the organization of […]

Details …

Internal Data Protection Commissioners

Our law firm supports internal data protection commissioners by clarifying legal questions about privacy and the creation of for example contracts, policies, operating systems and user agreements. Furthermore, we provide training for internal data protection commissioners or employees of the company. The services of the law firm in providing assistance and training of internal data […]

Details …

Data Protection Audit

Our law firm offers you the carrying out of data protection audit. Attorney Thomas Costard is an examined data protection auditor […]

Details …

Technical and organisational measures

To achieve a comprehensive data protection-compliant data protection management system, technical and organisational measures (“TOM”) must be implemented in the company in accordance with Art. 24 GDPR, Art. 32 GDPR and Section 64 BDSG, among others, and documented in the event of an inspection by the supervisory authority for data protection. Every company, authority, institution […]

Details …

Data Protection in Social Networks

The increase of multi-media influences and the urge for permanent communication in our society support the increasing popularity of social networks. Facebook, WhatsApp, Twitter, Instagram or XING and the like are meanwhile used in private as well as in job-related areas. The constant extension of the possibilities of social interaction allows it to upload all […]

Details …

Medical Privacy

Medical privacy finds application in hospitals, medical organizations, and medical practices. Besides the doctor-patient privilege, several regulations need to be observed. The states have legislated hospital acts, and these legal norms and directives are to be transposed as well. The creation of a privacy compliant hospital administration and the protection of patient data in ward […]

Details …

Advertising and Data Protection

The area of conflict between advertising and data protection not only presents advertising agencies, but also all companies and self-employed persons who want to draw attention to themselves in advertising, with not inconsiderable data protection challenges. Nowadays, in addition to the classic advertising campaigns (e.g. advertising posters, newspaper advertisements, advertising flyers), advertising measures on the […]

Details …

Protection of Social Data

Social institutions, e.g. child and youth welfare services and information centers, collect, process and use a multitude of personal data. Many of this personal data are sensitive data and therefore need to be classified in regard to data protection. In the area of social privacy, a huge data exchange is taking place between the social […]

Details …

Cloud Computing

Providers of IT services allowing companies to draw on perfect IT processes, enjoy great popularity. Generally speaking of Cloud Computing, we differentiate between IaaS (Infrastructure as a Service), containing the provision of computing power and storage space, PaaS (Platform as a Service), the provision of development platforms, and SaaS (Software as a Service), containing the […]

Details …

Bring Your Own Device (BYOD)

The safe and data protection compliant use of private terminal equipment for operational purposes is a challenge for both employees and the company itself. The use of staff’s private terminal equipment provides further risks for the company which need to be avoided by appropriate precautions by the latter. The information about possible threats, which may […]

Details …

Video Surveillance

The surveillance via optical electronic installations is becoming more important, especially video surveillance in companies. There are many different motives for companies to monitor specific areas in the company via CCTV. Considering a possible infringement of the right of informational self-determination and further data protection codes, for the evaluation of the admissibility of a video […]

Details …

Geotagging

There are many services that enable a geotagging of the residence of the user. The so called geotagging can take place via the allocated IP address by the internet provider or via the mobile communications network. Finding out the position of an internet or mobile phone user can be very attractive for a company for […]

Details …

Radio Frequency Identification (RFID)

The radio frequency identification (RFID) denotes a microchip technology that allows it to touch objects without direct contact. These chips are scanned and powered by means of radio transmission technique. The received data, e.g. on products, can be transferred automatically to a downstream IT system. This technology can be seen as a supplement to the […]

Details …