Appointment of a Data Protection Officer

The legal obligation to protect personal data results from the Federal German Data Protection Act (BDSG), the national data protection laws of the states and a number of other regulations. The Data Protection Officer (DPO) takes care of this compliance.

The appointment of a DPO in practice is increasingly realized by an external company. This will draw on existing expertise to immediately. The implementation of this policy will take place flexible, more efficient and faster.

We minimize your risks:

– Fines of up to 50.000, - € (§ 43 para 1 BDSG) and up to 300.000, - € (§ 43 paragraph 2 of the BDSG)

– Unlimited liability to the personal assets of the manager (§ 43 BDSG)

– Imprisonment up to 2 years (§ 44 BDSG)

– Financial loss due to data loss

– Claims for damages of the affected

– Image loss of corporate identity

Minimum requirements for expertise and independence of the DPO according to § 4 f BDSG include knowledge of data protection law, IT security and business management as well as communication skills and soft skills. The Professional Association of Data Protection Commissioner (BvD e.V.) has acknowledged our expertise in Data Protection. We pass on this value to your company.

Data Protection Auditing

Data protection auditing is a tool for data protection, which includes elements of self-regulation and competition and complements the regulatory approach to privacy. Through a successful audit we offer our clients a response to the increased awareness of privacy within the processing of personal data.

Together with each customer we drive a basic analysis to determine company-fitting basic protection requirements for data protection and data security. This should be steadily repeated as a follow-up audit. We provide in detail:

– Conduct a preliminary analysis on the basis of preparatory meetings

– Conception and creation of an audit catalog from the results of preliminary analysis with particular reference to customer issues

– Specify individual audit areas and audit arrangements and creation of a privacy- and customer-related questionnaire. According to BSI Baseline Protection Manual Module B 1.5

– Insight into customer-specific privacy-related regulations

– Introductory presentation to leadership management, heads of departments, affected technical staff and HR

– Conduction of the audits on the basis of interview discussions with predetermined subject matter experts

– Preparation and presentation of a final report with detailed recommendations for further action.

Guidelines and Policies

We create, implement and constantly control specific corporate guidelines and policies which help your company to comply with:

– German federal and state data protection and information management requirements

– EU Data Protection and Telecommunications Privacy Directives and member state implementations thereof (including U.S. Safe Harbour requirements, model contracts and binding corporate rules)

– U.S. federal and state privacy and information management requirements, including among others the Gramm-Leach-Bliley Act, HIPAA, the Children’s Online Privacy Protection Act, the Fair Credit Reporting Act, and the Fair and Accurate Credit Transactions Act of 2003

Example: Privacy Policy

– Definition of roles and responsibilities within the Data Protection process

– Creation of a functional description of the DPOs activities

– Classification of systems and data

– Documentation of basic data protection definitions and knowledge

– Provision of a - tailored to the data protection needs of your company - handbook for employee's awareness

Data Governance

SuiGenerisData´s privacy and data security experts focus on providing services in the following areas:

– Development and implementation of programs to protect global information assets, including legislative and regulatory advocacy

– Assistance with information product life cycle issues

– Comprehensive assistance with significant data security breaches, including network intrusion detection, customer notification, state and federal regulatory negotiations as well as public relations

Together with our strategic partner, whitebox security, we support these measures by an experienced and privacy-compliant data analysis software, which gives you answers on the following questions:

– Who did what?

– Who has access to what?

– Who reviewed and approved what?

– Who should have access to what?

This allows us to achieve several key goals of our customers:

– 360º visibility and control over users' activities and entitlements across the organization.

– Access certification with actual usage patterns awareness, for the fastest, most accurate processes.

– Self-service access requests portal, with powerful decision-support insights, and proactive risks management.

This technology-driven tool helps to manage data governance though its multifaceted capabilities:

– Entitlements integration

– Entitlements analytics

– Access certification

– Self-service access and requests automation

– Identity & activity monitoring

– Data classification

– Forensics capabilities

– Policy compliance