Data Protection Services at KINAST
Group Data Protection Officer
Data protection challenges for multinational corporations
The world of multinational corporations is large and complex, as is the job of the Group Data Protection Officer. In terms of international data flow, multinational corporations often develop their own internal dynamics.
This can primarily be characterized by the fact that decisions are made universally by corporate management. It is the local subsidaries, however, that often implement those decisions individually. And this, often extending beyond national boundaries.
In order to ensure data protection, it is important that the legal circumstances of each country be taken into account. Frequently this entails checking if a transferability check can also clear up any issues with regards your company’s operations in another nation or region
The need for due diligence when processing personal details across borders not only arises from concerns over laws but often comes down simply too much time spent on individual decisions about whether something goes ahead as planned – even though teams may disagree about its wisdom!
Non-implementation is a very common problem with many reasons for why it happens. Resources and knowledge about what needs to be done are some of the most commonly cited obstacles, but there’s also an element of forgetfulness involved.
Our Consultation Process
Introduction of your company and KINAST as well as the relevant contact persons. Discussion of the current data protection setup and most important data protection topics.
We conduct data protection audit on-site or based on questionnaires to evaluate the current data protection status of your company.
Document the current data protection status and define further required actions if necessary.
We carry out all necessary measures identified during the data protection audit.
Designation as External data protection officer and on-going consultation starting from day 1.
How do we ensure data protection in your international company or corporation?
To guarantee a stringent execution of our job as your Group Data Protection Officer, we’ve developed a concept based on our three-point plan for international data protection.
As a first step, we carry out a risk assessment in your company. We carry out the risk assessment either on-site or remotely. Based on the findings, we prepare a report that documents the degree of compliance with data protection standards. Furthermore, the report identifies any vulnerabilities, proposes suitable measures to remedy those vulnerabilities, defines responsibilities and sets a timetable for the implementation of these measures.
In a next step, we implement any measures which we identified within the framework of the risk assessment. Whereby great importance is attached to binding your internal resources as little as possible.
Finally, as an External DPO, we permanently support your company regarding all aspects of data protection. Therefore, we ensure an ongoing compliance with legal standards, the adaptation of procedures to the requirements of new laws and the consideration of current changes in internal processes.
Advantages of a Group Data Protection Officer
A Group Data Protection Officer offers the distinct advantage that he fits into the centralized structure of the entire group. As a result, he can be directly involved without having to faciliate DPOs at country or company level. This has the advantage that the implementation of new projects, software, etc. is accelerated and standardized across the board.
Before implementation, country-specific requirements are taken into account. This reduces the data protection risk and, therefore, liability cases. It increases security and acceptance at country and company level, thus contributing to successful further development.
Single source data protection
Data protection from a single source for globally operating corporations has been an elementary component of our consulting services since the firm was founded.
As an international law firm specializing in data protection, IT law and compliance, we offer data protection services for multinational and large corporations regardless of the location of the mother company. We have acted as External Group DPOs for well-known international clients for many years.
Our goal as Group Data Protection Officer
Our goal is always to achieve the best possible result for our clients and not to put unnecessary obstacles in their way. The pragmatic solution approach is our aim and should be achieved, taking into account the relevant local data protection requirements.
To achieve this, we work as a team to find the best possible solution. We are there where you need us. With our team in your corporation / as lead data protection consultant in your data protection team / as a data protection consultant for your data protection team. We support your company individually and precisely.
Data Protection Officer. And organizer.
In addition to the regular services that the DPO must perform under the GDPR, we support your company as an External Group DPO in the group-wide uniform planning, implementation and revision of all data protection measures. The organizational part is therefore higher compared to the regular tasks of a DPO.
In this way, we support you in the implementation of a global, company-wide data protection organization and all other relevant elements / areas / data protection law implications.
This provides your corporation with:
We currently support large corporations in:
Germany, the European Economic Area (EAA) and worldwide
What makes KINAST the best choice for your Group Data Protection Officer?
Due to the increased fines, the obligation to report to authorities and potential loss of reputation, it is becoming increasingly important for companies to obtain knowledgable and legally correct advice on Data Protection Law. Based on our qualifications and our proven concept, we ensure future proof data protection in your company. As your Group DPO we guarantee a long term, sustainable solution and minimize the risk of liability.
Do you need assistance ensuring your company's GDPR compliance?
We know that data protection can be a daunting task, but our lawyers and specialist data protection officers are here to help. With over 15 years of hands on experience, there isn’t a situation that we haven’t seen! At KINAST, we guarantee that your company is in safe hands. So why not contact us today for a free, no obligation consultation?
Send this page to a colleague?
Frequently asked questions
We understand that many clients still have questions about the services and duties of a Group Data Protection Officer. We’ve answered some of the most frequently asked questions here. If you have more specific or specialist questions, feel free to contact us, and one of our Lawyers or Data Protection Officers will get back to you as soon as possible.
The advantages are that one contact point in terms of data protection on the one hand decreases the need for reconciliation on the site of the board, the coordination of various DPOs on site or company level and the cost, to name a few. On the other hand it, inter alia, increases data protection compliance, especially on a local level, the speed of implementation, satisfaction across all group companies and acceptance of new initiatives.
A Group DPO is a big advantage for corporations.
In general not that many, but this depends on the exact role of the Group DPO. However, as an external, the Group DPO always requires an internal counterpart. The success of the Group DPO and therefore the whole data protection landscape can only be achieved when he gets the information necessary, thus at least one person within the corporation is needed to provide the information.
Based on the setup, the Group DPO may also work with an internal team, for example, consisting of a representative from each department. The setup of cooperation may be discussed with you and individually adjusted to your company’s needs.
International data transfers are always important and to be considered not just since the “Schrems” decisions. Even before there have been transfer mechanisms trying to cover the needs from a data protection perspective.
However, since the Safe Harbour (“Schrems I”) and the Privacy Shield (“Schrems II”) decisions and the following update of the Standard Contractual Clauses (SCCs), the evaluation of third-country data transfers is more topical and important than ever before.
We know this and we also have the knowledge to deal with it in a multinational corporation. We have supported our clients for years to have the relevant safeguards in place and are experienced with intra-group data sharing agreements, Binding Corporate Rules (BCRs), SCCs and adequacy decisions as well as additional technical and organizational measures.
We are well experienced with employee representatives and, in particular, their special challenges. We know what their intention is, which requirements have to be observed and how we are able to provide them with the relevant information. Furthermore, we supported our clients to reach agreements with employee representatives, which also fastens up the implementation of initiatives.