Readiness Assessments, Data protection advice and -projects
The GDPR applies to every company and every process in which personal data is processed: No matter whether cookies are used, IP addresses are stored or address data is processed. Due to the high potential penalties, the consequences of a poor implementation or a any mistakes can beserious. The GDPR sets high standards, but keeps the question for implementation largely open. Every company must close this gap on its own. In addition, critical infrastructures as well as interfaces to other legal requirements ensure increasingly complex requirements.
The GDPR sets diverse and complex requirements for companies. All processes in a company in which personal data is processed have to be assessed and must therefore be adapted. Not only the rights of data subjects, but also documentation requirements, data security, employee data protection and other aspects must be taken into account. For this purpose, every data controller requires a data protection concept that meets the requirements of the GDPR. Consequently, companies must revise their existing concept or create a new program. However, they are often faced with the question of whether the new concept really meets all the requirements of the GDPR. As part of our readiness assessment, we check your data protection organization and its conception for compliance with the GDPR.
Our data protection experts are able to support you during the next steps of the implementation phase. We support you in developing the data protection concept, in planning the implementation steps, the controlling or supporting you in the implementation itself. We also provide expert advice on particular issues such as video surveillance, notification obligation within 72 hours or the preparation of deletion concepts (in accordance with DIN 66398 and the principle of data minimization in Art. 5 (1) lit. b GDPR).
Audit / Certification
Adequate evidence of compliance with the regulations of the GDPR is becoming increasingly important both for data controllers and for data processors as the basis of a trustworthy business relationship.
For example, data protection can be a component of certification of the Compliance Management System (according to IDW PS 980). It is also possible to audit partial sections of a data protection organization and to obtain a certificate towards compliance with the principles, procedures and measures of the GDPR in accordance with the International Standard on Assurance Engagements (ISAE) 3000 (Revised).
How GDPR compliant are your service providers?
According to Art. 28 GDPR, data processing can only take place if the service provider guarantees secure processing. The ISAE 3000 (Revised) also allows to audit and certify data processors towards your individual data protection requirements.
Due to the collective knowledge from a wide range of industries and the possibility to consult our lawyers and other experts at any time, we can support you in evaluating compliance with the regulations in your own company or at your data processors, or we can completely take over these part for you as an independent third party.
External Data Protection Officer
The appointment of a data protection officer (DPO) is binding for your company in accordance with Art. 37 GDPR. Are you hesitant to delegate this task internally? Then PwC is a reliable partner who will provide you with an external data protection officer.
A data protection officer must not only be adequately qualified, but must also work independently. To perform other jobs in the company at the same time is often rarely possible. Not only legal knowledge is required, but also the data protection officer must assess technical and organizational measures. Through many years of data protection expertise from a variety of different industries, we can always guarantee an adequate qualification and expertise, which is refreshed and improved through regular training and continuing education.
- High quality advice and information on data processing, handling personal data, data protection and data protection laws
- Our Data Protection Officers have know-how from other industries and companies and reduce risk of operational blindness
- Our Data Protection Officers exchange views with experts from other areas within the large PwC network
- Neutral, independent position of the Data Protection Officer within the company (e.g. towards customers, employees, works councils)
- Better cost control (e.g. by eliminating training costs) and no resource commitment
- Guaranteed availability of the Data Protection Officer through PwC internal representation
- Guaranteed qualiﬁcations and expertise through internal training and practice
The tasks of the Data Protection Officer
- Providing information and comprehensive advice to the company
- Monitoring compliance with data protection requirements (GDPR and national laws.)
- Compliance with companies' strategies on the protection of personal data
- Cooperation with the responsible data protection supervisory authority
- Support in case of data protection incidents within the company