Instruction system
We review the internal guidelines, organizational instructions and processes for data protection.
There is one clear prerequisite for a functioning data protection management system: the duties of the person responsible must be effectively delegated, known in all parts of the company or institution, and implemented appropriately. An adequate set of rules, the implementation of data protection procedures and the fulfillment of documentation requirements can be monitored by initial, ad hoc and regular audits. Our audit is carried out on behalf of the company or public authority management, internal audit, the individual departments, the staff council or on behalf of a processor.
If products or services are of high quality and also meet the requirements of the General Data Protection Regulation, it may be worthwhile to prove this by means of certification (EuroPriSe seal). As technical experts (Certified European Privacy Expert), we accompany you within the framework of the current certification criteria.
If personal data is not processed by the controller itself, but by a contracted service provider, special requirements must be taken into account. Especially when using IT services – which are globally networked or provided by service providers in third countries outside the EU – the contractual and technical measures as well as the sub-service providers used must be reviewed. We pay attention to compliance with data protection requirements by the controller as well as to compliance with legal and contractual requirements by the processors.
IT auditing is an independent and objective unit for the systematic, risk-oriented and targeted auditing of all information-processing functions in the company. It covers the entire regulatory and technical area. We conduct audits in various industries with different IT auditing tasks. We actively address all areas of IT auditing and ensure an excellent level of performance.