Data Protection Advice
Every company in Germany is legally obliged to process personal data in accordance with data protection guidelines and current case law. To this end, the law requires every company to have proper data protection documentation. To ensure that managing directors and managers do not get lost in the maze of the GDPR / BDSG, we can help with our data protection advice. Our certified data protection officers (TÜV DSB) and data protection experts make it easier to deal with data protection issues.
On the following pages we would like to introduce you to the following areas of our advice:
- Creation of data protection documentation
- Creation of procedural directories
- Industry-specific data protection instructions/training for employees
- External data protection officer
- Advice on data protection issues when using/developing software/SaaS solutions
- Advice on the data protection-compliant implementation of advertising campaigns
- Data protection audit and data protection analyses
- Verified data protection certificate
Data protection in sales and marketing
The distribution of capital goods and consumer goods will always involve the processing of personal data. The marketing department supports sales by making potential customers aware of the portfolio. Data is already processed electronically here. The pandemic has forced many companies to use new sales and marketing channels. Buyers research information online before they even get in touch with a sales representative. This used to be typical consumer search behavior. This has now changed significantly, so that departments and buyers also initially carry out digital market research.
At the latest during the first telephone call or the transmission of an offer letter, personal information is exchanged between the conversation partners. Even an inconspicuous email inviting you to the next “open day” can lead to an unwanted crisis. Carelessness leads to complaints, loss of contact or warnings due to a violation of data protection.
Especially with lucrative framework contract customers, the supplier’s information security and data protection may be checked. It is not uncommon for companies to send 3 auditors to the supplier. This is intended to ensure that trade secrets and personal data do not fall into the wrong hands during future collaboration.
Even in the car trade, data protection violations can easily occur: At a large car dealership, customer data from the parent company was inadmissibly linked to the wrong customers in the subsidiary for years. As a result, a corporate customer was informed every year that he could pick up his vehicle after the service, even though this brand was not in the company’s fleet. Every year the branch was made aware of this incorrect data link. Even after a phone call with the managing director of the trading company, the data error was not corrected. This made it clear that this was a systemic data protection violation.
Verified data protection builds customer loyalty
Many companies in the retail sector use customer bonus programs in order to build customer loyalty. Thereby, buyers keep returning to that store chain as they know they will be rewarded for buying there than rather buying an item at a different retail chain. The key issue with any kind of customer loyalty program or referal program is that you are storing a lot of private data that could destry the brand within days should that data leak to criminals.
That is why consumers are gradually becoming more ware of the value of their personal data and what can hurt them. A business acting careless while processing such data can damage the consumers credit rating. Simply stating that one values highly their client data will not assure a client base of the safety record of a company. Hence, a company can use a data protection certificate to build trust with thier client base. This is done by conducting data protection audits and gaining a verified data protection certificate.
Data protection in the organization
The example above shows that it is not only data breaches that can occur due to data breaches in sales and customer service. Fatal errors also occur in the accounting and IT departments that endanger third-party data. Especially in digitalized accounting, many documents are automatically read out every day and assigned to customer accounts. As much as artificial intelligence has advanced, false pattern recognition will continue to occur. This can result in reminders and payment confirmations being sent to the wrong recipient. In most situations, the mistake can be resolved with a friendly and honest apology. Unfortunately, there are also contemporaries who try to exploit the situation maliciously. Then you have to react very carefully so as not to start a major fire from a candle.
Data protection in recruiting and HR
The human resources department continuously processes personal data from employees, applicants and external employees. Personnel files and pay slips often contain an employee’s very private information. Recruitment creates large amounts of applicant information that is only needed for a very short time to recruit new employees. If information security in the company is rudimentary, digital and paper-based documents can lead to expensive image damage during processing. As a result, the image of a good employer that has been painstakingly built up is seriously damaged within weeks.
Data protection in IT Departments
Companies large and small need data to keep their business running. These are stored in the company’s hardware. Employees access this data using the software provided by the IT department. The configuration of the systems and the access regulations are determined by IT employees. These settings are made either according to the opinion of the IT employee or according to the established company guidelines (see ISO 27001 guidelines).
However, since personal data is contained in many systems, IT departments must keep track of all digital processes. Here it is important to create and maintain an internal procedure directory. Data is even stored in the telephone system. Significant documentation errors often occur here, which are unpleasant to notice during data protection audits.
Data protection in Logistics
In the age of digital commerce, a lot of address data is processed for shipping goods. To ensure that warnings do not disrupt business operations, you should seek data protection advice in good time. This can reduce costs because unnecessary data is no longer processed and lossy data breaches are avoided.