TEVARIS TAKES OVER THE TASKS OF AN
EXTERNAL DATA PROTECTION EXPERT
The so-called General Data Protection Regulation (EU GDPR) entered into force on 25 May. This complements and expands the scope of data protection as previously regulated by the Data Protection Act. The EU GDPR applies to all those who have any form of customer contact and therefore have to collect personal data or have to do with particularly sensitive data (e.g. health data). The data protection supervisory authorities are primarily responsible for monitoring and enforcing privacy law. The EU GDPR will drastically increase the fine limits for data protection infringements.
WHAT WE DO FOR YOU
Together with you, we determine the current situation in your company in accordance with the GDPR. We review existing data processing processes and prepare a risk analysis report. In the next step, we implement the legal requirements of the GDPR in your company. We take care of technical measures such as access and access controls and provide your employees with the appropriate equipment in employee training courses and workshops.
According to Art. 38 GDPR, the appointment of an internal or external data protection officer is an absolute necessity if at least 10 persons who are permanently occupied with the processing of personal data in an automated procedure or if sensitive data (e.g. health data) are processed. The officer assists the company in the implementation of data protection according to the GDPR.
We provide you with legally compliant in everything you need to observe in your company as an employer, contractor and service provider with regard to data protection.
With us you are on the safe side!
ADVANTAGES OF AN EXTERNAL DATA PROTECTION OFFICER
- The external data protection officer takes over the tasks and thus also reduces the entrepreneurial risk and looks at your company objectively and impartially from the outside.
- The external data protection officer can contribute expert knowledge, is always up to date and can quickly and effectively implement any company-relevant changes to the GDPR.
- The external data protection officer has greater acceptance and authoritativeness within the company. There are no conflicts of interest with other areas, projects or employees. On the other hand, an internal data protection officer must not have any conflicts of interest, which is often problematic in practice.
- An external data protection officer does not enjoy protection against dismissal. The companies themselves can determine the duration of the contract.
- A previously contractually agreed cost structure enables precise calculation.
Through data protection interviews and on-site inspections, we analyse the current situation in your company. We identify potential data protection risks and prepare a risk analysis report based on the interviews and site visits. The risk analysis report is the basis for planning appropriate measures to comply with the GDPR. On the basis of this inventory you will receive a tailor-made offer for the implementation of the GDPR in your company.
Together with you, we develop a catalogue of measures on how you can protect yourself and what must be done, for example, if a customer requests the deletion of their data. On the basis of the risk analysis report, a catalogue of measures is drawn up which, in addition to the description, also regulates the responsibilities in the company and contains the necessary deadlines. Once the status of the hardware, software and paper-based processing of personal data has been determined, a processing process catalog and, if required, technical and/or organizational measures are drawn up. A data protection declaration will be prepared for your external presentation, e.g. available on the web, a deletion control procedure will be introduced and deletion periods for personal data will be determined. A necessary processing directory in accordance with Art. 30 GDPR is compiled and all measures are documented accordingly. The implementation is intensively accompanied by a project manager from our company.
As the external data protection officer of your company, we are also the contact person for customers, cooperation partners and supervisory authorities after the analysis and implementation phase when it comes to data protection in your company. We draw up contract data processing contracts or EU standard contract clauses with all providers. We ensure that all measures in accordance with the GDPR are up to date and inform you of any changes. We support you with the documentation obligation, which according to the GDPR must be made available to the supervisory authorities on request. If necessary, we are available as contact persons for your employees if there are any ambiguities.
THE TASKS OF AN EXTERNAL DATA PROTECTION OFFICER AT A GLANCE:
- Advice and support for management and employees
- Advice and control on the use of personal data
- Participation in the legally prescribed documentation obligation
- On-site training of employees and service providers of the company
- Contact for supervisory authorities and cooperation partners