Data protection law
Data protection law performed its role by way of protecting and safeguarding companies which dates back long before the entry into force of the General Data Protection Regulation (GDPR) in May 2018. From that moment on, this area of law reached the spotlight becoming much more focused and also perceived outside a company – whether it is on the customer side or among contractual partners. Data protection is increasingly valuable yet increasingly risky if it is not competently managed.
There can be no doubt that correct handling of data in a company to ensure data protection policy is up to par should be prioritised by every business. Especially in terms of legally compliant data management (GDRP, Federal Data Protection Act, etc.), (digital) corporate communication, e-commerce, along with the use of cloud services and many more.
Data protection concepts
Effective data protection in a company is based on data protection concepts that meets concrete requirements consisting its size and business field. The data protection requirements of an internationally operating tech start-up are simply different from those of a medium-sized manufacturing company or a service industry.
Whilst creating and implementing data protection concepts, the key is to act in a sensible networking demeanour in all areas within a company. As important as the fulfilment and compliance of the legal requirements, optimal design data (protection) processes should also be a vital aim.
To ensure that data protection functions effectively in your company, our highly sophisticated team are able to provide you support with, among other things
- Identification of measures relevant to data protection in the company
- Review of existing data protection concepts
- Adaptations / updating of data protection concepts
Specifically, we can help you on the following topics:
- Clarification of concrete information, documentation and action obligations
- Development and implementation of proportionate technical and organisational measures
- Design outsourcing of data protection-relevant processes to external service providers (payroll accounting, communication agencies, cloud services etc.)
- Analysis, conception and negotiation of framework and individual agreements
- Preparation of order processing contracts, procedure directories, etc.
- Preparation of internal data protection guidelines (data protection compliance)
- Employee data protection, drafting of employment contracts ("Bring Your Own Device" etc.)
- Legal consequences of violations of data protection requirements
- Procedure in the event of data protection mishaps
- Support with requests for information, official inspections, fine proceedings, etc.
Do you need legal support in connection with the development and implementation of a customised data protection concept? Contact us at [phone] or by e-mail at koeln@smb-legal.de.
Data protection in corporate communications
A number of data protection issues also arises as a consequence of external appearance of a company - whether it is a start-up, SME or corporate group - and in corporate communication. These includes the data protection-compliant design and use of company websites, social media presences or the use of messenger services in customer communication. However, email and telephone marketing must as well comply a number of data protection requirements in order to effectively avoid any data protection violations and the associated fines such as competition law warnings including claims for damages.
We are backed by an excellent record of competency to review your corporate communication regarding data protection aspects. If required, we do more by making presences and communication processes in compliance with data protection policies like providing advice on the use of social plugins, Google Analytics or Google Adsense, preparation of data protection declarations for online presences and its correct integration.
Do you need help setting up your corporate communication in line with data protection requirements - online and offline? Contact us at [phone] or by e-mail at koeln@smb-legal.de.
External data protection officers
Companies may choose to appoint an internal data protection officer, commonly known as the “DPO” in a company. DPOs are the responsible contact person for any questions related to the processing of personal data and also plays as the competent supervisory authority. Among other things, a DPO for monitors compliance of legal data protection regulations and guidelines Additionally, DPO also protects sensitive data which could cause significant risk and is capable of providing training to employees involving topics of data protection.
The tasks of a DPO are therefore extensive and at the same time complex. In this respect, it is often advisable to appoint an external data protection officer who is familiar in handling topics and tasks, both theoretically and in practical application in the data protection arena.
Our lawyers in the field of data protection are therefore available to you as external data protection officers offering you the greatest possible legal security for the best interest of your company.
Are you looking for an external data protection officer? Contact us at [phone] or by e-mail at koeln@smb-legal.de.
In-house training courses on data protection
We highlight our long-standing experiences navigating through the myriads in this area of law. With this, we can help to deliver a strategic support your company with (internal) training on the topic of data protection. Topics of our trainings include:
- First Aid for Business - Introduction to Data Protection Law
- Data protection up to date - recognising and avoiding data protection risks
- Data protection in company agreements
If you need training on a topic that is not listed here, please contact us. We are happy to create training concepts for your company if required.
Are you planning an in-house training session for specific employees on data protection - general or very specific? Contact us at [phone] or by e-mail at koeln@smb-legal.de.