Even though everyone should be familiar with the General Data Protection Regulation (GDPR) by now, it still poses major challenges for many companies. This is by no means surprising, as almost every internal or external process is provided with a personal data and thus opens up the applicability of the GDPR. In addition to checking whether certain data processing is permissible at all, the GDPR requires that all internal and external data processing processes be carefully and completely recorded and that documentation and information obligations are consistently fulfilled. These include, in particular, (i) the record of processing activities, (ii) privacy notices to employees, customers and suppliers, and (iii) internal policies on data access requests, data portability, the right to erasure or data protection impact assessments. In order to ensure data protection compliance, it is also essential to implement processes for dealing with data protection violations and, if necessary, to appoint a data protection officer. Data protection issues also arise for every website (e.g. cookie banners, privacy notices).
Furthermore, the analysis of both internal and external data flows, as well as the question regarding the potential legitimacy of such data transfers – whether within or outside the European Union – is complex and prone to errors. A comprehensive analysis and the correct selection of relevant data transfer instruments are crucial.
Closely linked to the protection of personal data are the legal challenges of IT Security: Systems, processes, and data – whether personal or not – must be secure from unauthorized third-party access and comply with the relevant legal requirements.
Would you like to review or strengthen your data protection compliance? Do you need support in drafting, reviewing, or negotiating data protection contracts, or advice for your online presence? Contact us, and we will develop effective data protection strategies tailored to your company.