Security is more than just an IT problem.
Unlike most commercial data, personal data requires special protection. Our network partners can audit your security and give recommendations to ensure an adequate protection level for personal information.
Due to current data protection rules, it is important to follow certain principles and rules of data protection laws, e.g. keep only what you need for your business, dispose of what you no longer need and protect the information in your care.
Our network partners can assist you in finding out what kind of personal information is stored in your files and on your computers as it is important for data protection issues. We have guidelines which help you to stay in line with current data protection legislation. Our network partners will help you to create a plan in response to security incidents.
As the state of technological development changes, firms need practical software solutions to implement data protection standards.
Thus, firms need to secure their documentation system.
Security rules apply in particular to the transmission of personal data over a network.
With cloud storage becoming the standard, it is becoming more necessary to have specialized software that protects the storage and transmission of personal data in your system.
When applicable, we provide intranet software to keep your privacy records safe and untouched – so you can bring them to a court if necessary.
If you need to setup an ethics hotline or website, special European provisions to protect citizens may apply. The network consultants will help you country by country to apply the principles of data protection, as stated in Directive 95/46/EC about whistleblowing schemes. The establishment of whistleblowing schemes shall in particular be implemented with regards to the rights of the accused person to
- rectification and erasure of data
The ARTICLE 29 Data Protection Working Party emphasizes in its WP 117 that whistleblowing schemes can be implemented in the fields of accounting, internal accounting controls, auditing matters, fight against bribery, banking and financial crime exactly for this compliance.
Transferring data out of Europe can prove quite difficult. As there are many solutions available we can help you choose the most effective one for your company.
Safe Harbor Project
If we decide together that Safe Harbor is the best solution for you, we would provide assistance with:
- checking your internal processes in the US
- assessing which processes use personal data, which are transferred from Europe and what should enter Safe
The Safe Harbor program includes:
- setting up your internal process to address any enquiry or complaint
- preparing the required information for the application form, which contains relevant current and future processes
- verifying the whole process regularly
Binding Corporate Rules
An alternative to the safe harbor program are Binding Corporate Rules which help with
- setting up internal rules (such as a Code of Conduct) that have been adopted by multinational groups of companies
- defining global policies with regard to the international transfers of personal data within the same corporate group
- ensuring an appropriate level of data protection in entities that are located in countries which do not provide adequate safeguards
- BCR must contain privacy standards (such as transparency, data quality, security, etc.)
- Tools of effectiveness (audit, training, complaint handling system, etc.)
Innovative services or products have to be checked before they can be launched on the European market for example, services like Facebook or Google Street View initially conflicted with many European rules about privacy.
We are registered at the Independent Centre for Privacy Protection of Schleswig-Holstein (or ICPP / ULD) and can provide an independent certification process to ensure that services and products protect customers’ privacy.
Companies are responsible for their subcontractors including any relating compliance topics such as security or privacy. We can also help you check extended compliances.
A firm will often engage a subcontractor to process personal data on its behalf. Data protection legislation constitutes that the firm as the initiator is responsible for the level of data protection. Under German law, there has to be a written contract which includes appropriate security, other data protection measures and the provision that personal data will be processed after receiving authorisation and instructions from the initiating firm.
The subcontractor must take certain steps to ensure that data protection standards are maintained which will have to be included in the contract. This provision ensures that the standard of security must be maintained when personal data is passed from the data controller to its agent.
Our network partners can not only help you in checking your subcontractors contracts, but also tell you how to draft the contracts and - at a practical level – help to assure you that the subcontractor has suitable technical security and organisational measures in place which comply with data protection standards.