In the area of data protection law, the Catholic Church is governed by the Church Data Protection Act (KDG). The KDG is largely based on the GDPR, but there are some privileges in the KDG that the GDPR standardizes more strictly, e.g. the amount of the maximum fines.
We assume the function of external data protection officer for companies and institutions, e.g. administrations, hospitals, academies, funding agencies and child and youth welfare institutions of the Catholic Church. Our services include in particular:
- Position of the external company data protection officer for church companies, agencies and associations (KDG, KDG-DVO)
- Support of internal company data protection officers (KDG, KDG-DVO)
- Carrying out an as-is analysis or audit of data protection
- Consulting and implementation of the data protection requirements of the Catholic Church
- Preparation of the required data protection documents
- Hotline for answering all data protection-related inquiries by telephone or via e-mail
- Preparation of documents for the fulfillment of information obligations
- Preparation and conclusion of agreements for commissioned processing
- Data protection for cloud applications
- Recording of existing files and IT procedures and creation of the required directories of processing activities
- Conducting the required data protection impact assessment (MS Office 365, video surveillance, electronic personnel file)
- Review of technical-organizational measures (IT security measures)
- Support in the creation and implementation of a deletion concept
- Establishment of an ISMS (IT security management system)
- Implementation of requirements for encryption of mobile storage media, e-mail encryption and VPN
- Implementation of employee data protection requirements (electronic personnel file/paper file, applicant management)
- Data protection for client information systems (authorizations, file structure, IT security)
- Implementation of data protection for cloud solutions (MS Azure, Amazon Web Services)
- Support in the area of IT security and data protection for IT applications e.g. MS-Dynamics, SAP SuccessFactors, Personio, SAGE, Salesforce, Workday, DMS systems, email archiving, etc.
- Assessment of apps in the area of social media, in particular Facebook, WhatsApp, Instagram, Signal, Threema, TikTok, Telegram, etc.
- Data protection-compliant destruction of paper and data carriers
- Data protection during internal exchanges in the facilities (internal consulting, supervisions, etc.)
- bodies (youth welfare office, social welfare office, courts, etc.)
- Review of the website of the church institution (privacy policy, imprint)
- Creation and negotiation of service agreements (e-mail/internet use, access control/time recording, video surveillance, MS Office 365, cloud solutions, electronic personnel files, home office, etc.)
- Creation of training documents and implementation of data protection training courses
- Creation of training materials on data protection as e-learning
- Introduction of a process for handling data protection violations
- Implementation of data subject rights requirements (information, deletion, correction, etc.)
- Preparation of consent forms, especially for filming and photographs
- Implementation of data protection in charitable and other social institutions and parishes
- Compliance with data protection requirements in medical facilities and hospitals, telemedicine
- Data protection in social media (social media guideline, implementation of the Facebook ruling of the European Court of Justice)
- Regulation of legal conditions for video surveillance (IT security, product assessment, service agreement, AV contract, pictogram)
- Fulfillment of legal requirements for access control and time recording
- Advice on the use of drones
- Assessment of new IT systems (system data protection)
- Workshops on data protection topics (data protection forum)
