Operationalization of requirements is an important prerequisite for insuring long-term data protection. This means that legal regulations are reflected in procedures and processes in the context of the actual business model, and roles and responsibilities are clearly defined. Data protection management is consequently a management and control function.
We support you in minimizing compliance risks using our expertise in current management practices. This applies to data processing in compliance with data protection regulations, insuring the rights of data subjects, or dealing with personal data breaches. Our services include design, setup, assessment, and continuous improvement of effective data protection management. We develop practical solutions in collaboration with you.
There is no ‘one-size-fits-all’ approach for a data protection management system. Rather a DPMS should be aligned with your existing business model. Where possible, existing structures and management systems should be used. For example you may want to benefit from an already existing quality management or an information management system.
We support you in the strategic alignment as well as design and implementation of a DPMS. We assist you by means of our knowledge and experience from our involvement in the development of ISO standards for data protection management systems such as ISO/IEC 27701 as an extension of ISO/IEC 27001 and 27002 for data protection management.
Examples of our consultancy activities:
The GDPR lays down more stringent requirements in terms of the burden of proof on the part of data controllers. Mandatory prerequisites for this are clearly defined processes with roles and responsibilities that must be implemented, ‘lived’, and documented. Similary, additional appropriate technical and organizational measures required to avoid risks for the data subject, must be selected, implemented, ‘lived’, and documented. In addition, regular checks must be carried out as to whether these are effective.
Our expertise and experience enable us to support you in the design, implementation, assessment, and continuous improvement of control and monitoring of compliance with data protection regulations. This also includes carrying out actual audits.
Examples of our consultancy capabilities: