Data Protection Services at KINAST
Data Protection Manager
As of May 25th, 2018 the General Data Protection Regulation (GDPR) entered into force. Since then, there has been a Europe-wide obligation for companies to appoint a Data Protection Officer (DPO).
What is a Data Protection Manager?
The tasks of a Data Protection Manager largely correspond to those of a Data Protection Officer (DPO). In many cases, the Data Protection Manager supports the DPO in their work. The Data Protection Manager’s tasks include checking that legal and regulatory provisions are complied with.
The Data Protection Manager creates and implements data protection guidelines and processes. Also, he keeps and regularly updates the documentation required by data protection law. This position, however, is not legally defined by the GDPR and therefore it is not mandatory for companies to employ such a figure.
Furthermore, the Data Protection Manager checks data protection requirements and the agreements signed by the employing company. Together with the relevant specialist departments, data protection compliant solutions are developed. Besides the eventual cooperation with an appointed DPO, the Data Protection Manager also cooperates with the responsible supervisory authorities.
Our Consultation Process
Introduction of your company and KINAST as well as the relevant contact persons. Discussion of the current data protection setup and most important data protection topics.
We conduct data protection audit on-site or based on questionnaires to evaluate the current data protection status of your company.
Document the current data protection status and define further required actions if necessary.
We carry out all necessary measures identified during the data protection audit.
Designation as External data protection officer and on-going consultation starting from day 1.
What are the tasks of a Data Protection Manager?
The first thing our professionals do is to perform a risk assessment of your company; this allows us to have an overview of the strengths and the weaknesses of your data protection structure in place, and to perform target operations in order to bring every aspect of our findings up to par. Furthermore, we create a timetable to solve the issues found in the shortest time possible.
Secondly, we also act as project coordinator and process implementer. You can expect our constant support in the implementation of our recommendations, if they were agreed upon. We are always open to your suggestions and our experts will bind your internal resources as little as possible.
How do we ensure data protection in your international company or corporation?
To guarantee a stringent execution of our job as your data protection experts, we’ve developed a concept based on our three-point plan for data protection.
As a first step, we carry out a risk assessment in your company. We carry out the risk assessment either on-site or remotely. Based on the findings, we prepare a report that documents the degree of compliance with data protection standards. Furthermore, the report identifies any vulnerabilities, proposes suitable measures to remedy those vulnerabilities, defines responsibilities and sets a timetable for the implementation of these measures.
In a next step, we implement any measures which we identified within the framework of the risk assessment. Whereby great importance is attached to binding your internal resources as little as possible.
Finally, the Data Protection Manager permanently supports your company regarding the relevant aspects of data protection. Therefore, we ensure an ongoing compliance with legal standards, the adaptation of procedures to the requirements of new laws and the consideration of current changes in internal processes.
Why is KINAST the best choice to provide Data Protection Manager services?
It is becoming increasingly important for companies to obtain knowledgable and legally correct advice on Data Protection Law. Based on our qualifications and our proven concept, we ensure future proof data protection in your company. As your Data Protection Manager we guarantee a long term, sustainable solution and minimize the risk of liability.
Do you need assistance with your Data Protection Management?
We know that managing your data protection commintments can be an overwhelming task. Internal Data Protection Officers often can’t find the time to organise effectively. Our lawyers and data protection managers are here to lighten your burden. With many years of hands on experience in data protection law, there isn’t an organisation structure that we haven’t already seen. So why not contact us today for a free consultation?
Send this page to a colleague?
Frequently asked questions
We understand that you may still have questions about the services of a Data Protection Manager and, more importantly, the data protection risk assessment. We’ve answered some of the most frequently asked questions here. If you have more specific or specialist questions, feel free to contact us, and one of our Lawyers or Data Protection Managers will get back to you as soon as possible.
The obligation to appoint a DPO applies if an enterprise carries out an activity of Art. 37 (1) GDPR. These activities require special control regarding data protection. Art. 37 (1) lit. a-c GDPR regulates the conditions under which such special control is necessary.
It is mandatory to appoint a DPO:
- where the processing is carried out by a public authority or body,
- where the core activity of the controller or processor is to carry out processing operations which, by their nature, scale and/or purposes, require extensive, regular and systematic supervision of data subjects, or
- where the core activity of the controller or processor is the processing on a large scale of special categories of data as referred to in Art. 9 GDPR or of personal data relating to criminal convictions and offences as referred to in Art. 10 GDPR.
For example in Germany, according to § 38 Federal Data Protection Act (BDSG), a DPO must be appointed if:
- as a general rule, at least 20 persons are permanently involved in the automated processing of personal data,
- the controller or the processor is subject to a DPIA pursuant to Art. 35 GDPR, or
- personal data are processed for the purpose of transmission, anonymous transmission or for purposes of market and opinion research.
Basically, you do not prepare anything prior to the risk assessment. In general, we require the support of internals to whom we can direct our questions, either remotely via questionnaire or on-site. In addition, we need your company’s full documentation in terms of data protection.