The provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other relevant laws protect the right to informational self-determination. This should protect individuals by processing their personal data and requires always a legal basis for processing.
Especially in the case of electronic processing of personal data, companies have to comply with the applicable privacy regulations. Introduction of new software applications must usually be checked beforehand, possibly as part of a privacy impact assessment. In particular, the risks for data subjects must be determined and managed during their data processing.
In addition to such individual audits, companies have numerous other obligations, especially with regard to the documentation of privacy processes. The effort is considerable and cannot usually be managed with internal resources only. Operating data protection officers are commonly overstrained, as the creation of all documents is delegated to them. It often does not work without external expert support.
In order to avoid fines and claims for compensation, companies should take privacy requirements seriously and not deal with them as a side issue. Gaps in IT systems, in particular, can result in a loss or even misuse of personal data and impair a company’s image.
MORGENSTERN provides competent and comprehensive advice in the area of privacy law and deals especially with the following topics:
- Execution of data protection audits
- Preparation and review of contracts for processing orders
- Advice on cloud computing
- Advice on employee’s privacy and the resulting obligations for companies as well as drafting company agreements with implications for privacy law
- Development of privacy concepts and internal guidelines
- Preparation and review of privacy policies on websites
- Providing privacy training courses
- Examination of individual data processing such as video surveillance, GPS use or electronic time recording
- Assistance in drafting a list of processing activities and with the description of technical and organisational measures taken