Data protection is a fundamental European right that we mutually enjoy as individuals and implement as entrepreneurs in accordance with applicable law.

DATA PROTECTION PROTECTS PERSONAL DATA

The employees of ConSecur GmbH support you in the implementation of data protection regulations and act as external data protection officers on request.

 

Procedure

We implement data protection in companies in four steps

01 Initial on-site consultation
Focus on your individual needs

02 GAP analysis

Identify compliance gaps

03 Need for action

Define measures

04 Long-term support

Optimise data protection level

Determine compliance level

 

GAP analysis as an introduction

A GAP analysis is the first step towards determining the maturity level of your data protection compliance. Get clarity and identify your gaps.

Find out more about the GAP analysis now

 

External data protection consulting
Data protection needs to be implemented in a targeted manner.

Personal data is a sensitive asset. We protect it in existing IT environments with technical and organisational measures (TOMs). ConSecur literally means "with security". Protecting is our DNA.


ConSecur supports and coordinates data protection in your company  with a view to the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

 

 

 

We rely on a data protection management system with which we continuously ensure and improve the level of data protection in your company. This ensures a pragmatic and compact approach in order to easily achieve the required data protection measures.

On request, we can not only provide you with advice, but also provide you with an external data protection officer.

Frequently asked questions about data protection

FAQ

What challenges does data protection pose for companies?

  • Implementation of the GDPR requirements in day-to-day business
  • Documentation obligations and proof of GDPR compliance
  • Sensitisation and training of employees
  • Dealing with data subject rights (e.g. requests for information or erasure)
  • Protection against data protection breaches and cyberattacks

An external DPO brings expertise and experience without a company having to provide internal resources for training and further education. In addition, an external DPO works independently and neutrally, which avoids potential conflicts of interest.

When is a company obliged to appoint a data protection officer?

According to Art. 37 GDPR and Section 38 BDSG, a company must appoint a DPO if one of these points applies:

  • at least 20 people are regularly involved in the automated processing of personal data
  • the core activity consists of the extensive processing of special categories of personal data (e.g. health data)
  • there is extensive, systematic monitoring of individuals (e.g. through tracking or scoring).

What are the tasks of a data protection officer?

A DPO performs the following tasks, among others:

  • Monitoring compliance with the GDPR and other data protection regulations
  • Advising the management and employees
  • Carrying out data protection impact assessments
  • Training and sensitising employees
  • Cooperation with the supervisory authority

What are the advantages of an external data protection officer?

  • Cost efficiency: No training costs or release of an internal employee
  • Legal certainty: Specialist expertise ensures GDPR-compliant processes
  • Independence: No conflict of interest with internal tasks
  • Flexibility: Adaptation to company size and requirements

Do I necessarily have to implement the GDPR using a standard such as ISO/IEC 27701 or VdS 10010?

No, you do not necessarily have to implement the GDPR using a standard such as ISO 27701 or VdS 10010. The GDPR does not prescribe a specific certification procedure or the application of specific standards. It merely requires that you take appropriate technical and organisational measures (TOMs) to adequately protect personal data (see Art. 24, 25, 32 GDPR).


Standards such as ISO 27701 or VdS 10010 can provide you with significant support because they:

  • offer a structured, tried-and-tested implementation aid,
  • enable you to verifiably document compliance with the GDPR (e.g. for customers, partners or supervisory authorities)
  • and, in the event of a data protection incident, can serve as evidence of diligence and a sense of responsibility (keyword: accountability pursuant to Art. 5 para. 2 GDPR).

Conclusion:
You are not obliged to use ISO 27701 or VdS 10010 - but these standards will help you to implement data protection professionally, efficiently and comprehensibly. For many companies, this means a real competitive advantage.

Feel free to contact us

Do you have any questions about data protection in your company?
Our team of experts will be happy to help!

Jennifer Kölker-Lüken

Senior Consultant

Download solution sheet data protection

Implementing data protection in four steps

Can data protection in SMEs be organised pragmatically and compactly? At ConSecur, we believe that this is exactly the right approach. As external data protection officers, we fulfil the data protection obligations of management and the board of directors.

Data protection solution sheet Download