In the area of the sponsors of the Protestant Church, the Church Act on Data Protection of the Protestant Church in Germany (DSG-EKD) applies to data protection in their companies and facilities.
We assume the function of external data protection officer for companies and institutions, e.g., administrations, hospitals, academies, funding agencies, and child and youth welfare facilities, which are under the control of an agency of the Protestant Church. We also provide expert opinions on all data protection issues in the Protestant Church.
- Position of the external company data protection officer for church companies, agencies and associations (DSG-EKD)
- Support of internal company data protection officers (DSG-EKD)
- Conducting an as-is survey or audit on data protection
- Consulting and implementation of the requirements in the data protection of the Protestant Church
- Preparation of the required data protection documents
- Hotline for answering all data protection-related inquiries by telephone or via e-mail
- Preparation of documents for the fulfillment of information obligations
- Preparation and conclusion of agreements for commissioned processing
- Data protection for cloud applications
- Recording of existing files and IT procedures and creation of the required directories of processing activities
- Conducting the required data protection impact assessment (MS Office 365, video surveillance, electronic personnel file)
- Review of technical-organizational measures (IT security measures)
- Support in the creation and implementation of a deletion concept
- Establishment of an ISMS (IT security management system)
- Implementation of requirements for encryption of mobile storage media, e-mail encryption and VPN
- Implementation of employee data protection requirements (electronic personnel file/paper file, applicant management)
- Data protection for client information systems (authorizations, file structure, IT security)
- Implementation of data protection for cloud solutions (MS Azure, Amazon Web Services)
- Support in the area of IT security and data protection for IT applications e.g. MS-Dynamics, SAP SuccessFactors, Personio, SAGE, Salesforce, Workday, DMS systems, email archiving, etc.
- Assessment of apps in the area of social media, in particular Facebook, WhatsApp, Instagram, Signal, Threema, TikTok, Telegram, etc.
- Data protection-compliant destruction of paper and data carriers
- Data protection during internal exchanges in the facilities (internal consulting, supervisions, etc.)
- Implementation of data protection requirements in the event of data transfer to church and official bodies (youth welfare office, social welfare office, courts, etc.)
- Review of the website of the church institution (privacy policy, imprint)
- Creation and negotiation of service agreements (e-mail/internet use, access control/time recording, video surveillance, MS Office 365, cloud solutions, electronic personnel files, home office, etc.)
- Creation of training documents and implementation of data protection training courses
- Creation of training materials on data protection as e-learning
- Introduction of a process for handling data protection violations
- Implementation of data subject rights requirements (information, deletion, correction, etc.)
- Preparation of consent forms, especially for filming and photographs
- Implementation of data protection in charitable and other social institutions and parishes
- Compliance with data protection requirements in medical facilities and hospitals, telemedicine
- Data protection in social media (social media guideline, implementation of the Facebook ruling of the European Court of Justice)
- Regulation of legal conditions for video surveillance (IT security, product assessment, service agreement, AV contract, pictogram)
- Fulfillment of legal requirements for access control and time recording
- Advice on the use of drones
- Assessment of new IT systems (system data protection)
- Workshops on data protection topics (data protection forum)
