• Datenschutz


Your Company's Data Protection: Ensure Legal Compliance with Support from audius

As an entrepreneur, you need to fulfill strict legal requirements when it comes to protecting personal data. You may even be required to appoint a data protection officer for your company. In this case, you have the option to assign this responsibility to an employee or an external agent.

The seasoned IT service providers at audius have been guiding companies’ data protection and IT security efforts for years. audius can take on the duties of an external data protection officer or support your internal officer in an advisory role.

When does a company need a data protection officer?

Whether or not your company is required to appoint a data protection officer depends on a number of factors:

  1. Does your company process personal data?
  2. Is this data processed automatically and are more than nine people typically involved, or are more than 19 people involved in the non-automated processing of personal data?

If you answered “yes” to both of these questions, your company is obligated to appoint a data protection officer according to Germany’s data protection laws (BDSG).

What does a data protection officer do?

As the term suggests, a data protection officer works to ensure a company's compliance with data protection law. In doing so, he or she has to have the necessary expertise and remain independent in this role.

In particular, a data protection officer is tasked with monitoring the proper use of any programs used to process personal data. This includes names, addresses, and contact information pertaining to customers, as well as data related to HR or a company's works council.

In addition, a data protection officer is to carry out activities designed to raise awareness of the applicable legal requirements and guidelines of data protection law among those who are involved in processing personal data.

What options do companies have in appointing a data protection officer?

In principle, companies can meet their obligation to appoint a data protection officer in one of two ways: They can assign the role to an employee, or outsource the duties involved to an external entity.

External data protection officer

Let one of the audius experts handle the job!

The simplest way to fulfill your company's data protection obligations is to commission an external data protection officer.
At audius, the data protection experts know the relevant laws down to the last detail.

They can also show you the best ways to optimize your data processing methods in line with such legislation and avoid related fines.
Depending on your company's size and how its data landscape is structured, the external data protection officers may only need a few days each year to ensure your compliance with the BDSG.

With audius taking care of things for you, you’ll no longer need to worry about data protection, and your employees will see only a minimal increase in workload.


Internal Data Protection Officer

audius will bring your company up to speed with the BDSG!

If your company has the necessary resources at hand, appointing an internal data protection officer may be the better option. The time it takes an employee to handle the tasks this position involves depends on the scope of the data protection processes at your company.

Meanwhile, the necessary basic expertise can be acquired in standardized seminars offered by TÜV, IHK, and other German institutions. In practice, however, internal data protection officers often run into specific issues they are unable to handle without assistance.

This is where data protection consultants from audius come in: They'll leverage their expertise to give your data protection officer added confidence and provide support as you optimize your processes. You’ll then be able to rest easy knowing that your internal data protection officer has all of his or her tasks well in hand.

Protect data at your company with audius’s three-phase model

audius has developed an approach you can follow to implement a professional, efficient system of data protection that conforms with all the applicable laws. It involves three phases:

The General Data Protection Regulation (GDPR)

The EU’s new General Data Protection Regulation is scheduled to take effect on May 25, 2018. Designed to serve as a uniform set of data protection laws within the EU, it will become law alongside the BDSG in Germany. This means that all affected companies will need to make extensive adjustments to the new legal landscape.

At audius, the experts are already preparing for the implementation of these laws in order to offer you the best possible assistance once they take effect.
Here are the most important impending changes:

  • Expanded executive responsibility
  • Effective application of data protection law based on increased liability and fines
  • “Privacy by design” and “privacy by default” will become basic principles of data protection law
  • Data Protection Impact Assessments
  • Expanded obligation to report data incidents
  • Expanded documentation regulations (including with regard to information security management systems, or ISMS)
  • Expanded citizens’ rights
  • Modified role for data protection officers

Since there won’t be any transitional period as they take effect, you need to get your company ready for these new laws sooner rather than later.

“The data protection authorities are already preparing to intensify their auditing activities once the GDPR becomes law in May 2018,” warns Thomas Kranig, president of the Bavarian Data Protection Authority. “Biding your time instead of getting ready for these changes is a very risky move.”

Contact form

Contact audius today and talk with experts about the solution that's right for your company.

About audius

Headquartered in Weinstadt (near Stuttgart), Germany, the owner-operated company has been working with SMEs and large industrial companies across Germany for over 25 years. To check out some of audius' references, please click here.

Corporate IT security and data protection in general are two of the areas of focus. Find out more about the security and audit services.