Data protection
Fulfil your legal obligations with help from audius
Entrepreneurs are subject to strict legal requirements of personal data protection. As experienced IT service provider, audius has been advising companies on data protection and IT security for years. Our data protection audit reveals the extent to which your website and data processing procedures are already DSGVO-compliant - and what you may still need to do.
+49 (7151) 369 00 - 284
This should contain the following components:
- Complete and error-free documents for accountability in accordance to GDPR
- Overview of existing processes within the company involving personal data
- Comprehensive overview of specific data protection issues which are still to be addressed in your company
If your company is obliged to appoint an internal or external data protection officer in accordance with GDPR, we are happy to provide you our advice and support on request.
The data protection audit
The procedure of data protection experts at audius consists out of basic steps:
- Basic workshop
- Protection needs analysis
- GAP analysis
- Documentation on the current status of data protection
- Recommendations on how to proceed
At first, we evaluate in a basic workshop together with the customer, the client's established concepts and specific solutions in terms of data protection - and where may still be need for action. Among other things, we clarify with the data protection audit which processes the client has (protection requirement analysis) and which categories of data are being processed. The legal, technical and organisational measures taken by external service providers, in context of commissioned processing, are also put to the test.
A written documentation of the most important audit results about the current data protection status is then sent to those responsible in the commissioning company. The time and effort required for this basic version of data protection audit is approximately five man-days.
In step two, the documentation serves as a starting point for all possible further measures to improve data protection. Depending on the needs identified, audius will prepare a detailed offer to support the implementing open points. The focus is primarily on two topics.
External data protection officer
Let one of the audius experts handle the job!
The simplest way to fulfill your company's data protection obligations is to commission an external data protection officer. At audius, the data protection experts know the relevant laws down to the last detail.
They can also show you the best ways to optimize your data processing methods in line with such legislation and avoid related fines. Depending on your company's size and how its data landscape is structured, the external data protection officers may only need a few days each year to ensure your compliance with the BDSG.
With audius taking care of things for you, you’ll no longer need to worry about data protection, and your employees will see only a minimal increase in workload.
Internal data protection officer
audius will bring your company up to speed with the BDSG!
If your company has the necessary resources at hand, appointing an internal data protection officer may be the better option. The time it takes an employee to handle the tasks this position involves depends on the scope of the data protection processes at your company.
Meanwhile, the necessary basic expertise can be acquired in standardized seminars offered by TÜV, IHK, and other German institutions. In practice, however, internal data protection officers often run into specific issues they are unable to handle without assistance.
This is where data protection consultants from audius come in: They'll leverage their expertise to give your data protection officer added confidence and provide support as you optimize your processes. You’ll then be able to rest easy knowing that your internal data protection officer has all of his or her tasks well in hand.
Review of websites under data protection law
The transparency and openness are essential characteristics of our work. Therefore, we would like to point out that a service company such as audius cannot create or prepare required ‚website data protection information‘ in a legally and secure manner.
Necessary reservations
- We can only evaluate what we discover. If relevant data processing in connection with data protection is hidden "deep in the source code" of a website, we cannot guarantee identifying it independently. We will require your cooperation or the cooperation of your web agency.
- Internet applications are highly dynamic. However, our website audits can only be snapshots. Many service providers - often from the USA - reserve the right to offer their services in the future under different conditions in terms of data protection.
- Many common web technologies can process data in an illegal manner. We would inform you if such applications are being used on your website. You would have to weigh up the risks yourself as to whether and under what conditions you want to continue to use such services.
On 25 May 2018, the General Data Protection Regulation came into force across Europe. It ensures consistent data protection law within the European Union and demands high fines in the event of violation. In Germany, the Federal Data Protection Act (BDSG) has enforced the European guidelines.
Since GDPR came into force, data protection has been a major issue all over the companies. It is, the data protection-compliant recording and processing of any personal data, which involves some effort. In many companies it can hinder day to day business processes.
audius dealt with data protection at an early stage, so we can provide you with optimum support. Our aim is to automatically integrate data protection requirements into your companies processes. It would ensure smooth processes in your day to day business so you can fully concentrate on your actual work.
Essential data protection issues are:
- Wide-range responsibility of the management
- Effective enforcement of the data protection law through high liability and fines
- Privacy by Design / Privacy by Default as basic principle in data protection law
- Data protection impact assessment
- Extensive duty to report data breaches
- Extensive documentation and verification regulations - keyword Data Protection Management System (DSMS)
- Persons rights
- Important role of the data protection officer
The time to update data protection in your company is now ! Inspections by the supervisory authorities are in full operation. Ignorance is no excuse.
If you would like to bring your company website and personal data processing in line with GDPR, please contact us.