Legal requirements such as GDPR (General Data Protection Regulation) have businesses facing tremendous challenges when it comes to data protection management. This topic can be approached by way of a valid path, which is the application of standards. A data protection management system (DPMS) in compliance with ISO/IEC 29100 series, as well as BS 10012:2017 offers a basis to meet the terms of data protection requirements.
Suche: Hier finden Sie schnell die richtige Antwort
Dürfen wir behilflich sein?
Our Concept: Two-step data protection.
WE ARE HERE FOR YOU. FOR YOUR SECURITY.
1.
Preparation & Implementation
Data Protection Management System
The building Blocks for the introduction of your data protection management system
Based on international standards, and together with you, we will implement an DSMS that reflects your specific demands
Gap Analysis
The GAP Analysis is meant to be used for checking the current status of your processes and taking the results to generate an action plan before the introduction of your DPMS in line with data protection rules of ISO 29000 series and the standards contained in there for the practical implementation of data protection management and BS 10012.
Scope of Application
Stakeholders and interested parties including their requirements will be determined in internal as well as external context of your business within the framework of requirements management. The results can be used to establish the planned scope of application for the possible certification of your DPMS.
Processes and Guidelines
Drawing up and adapting processes required and supported by ISO 29000 series (international standards) and BS 10012 (national standard) are indispensable components for the introduction of an effective management system.
Internal Audit
An internal audit will assess if your DPMS complies with the requirements of ISO 29000 and those of BS 10012. We will first check the documentation of your DPMS, followed by its implementation and its efficiency in practice. You can use the results for the management review of your DPMS.
Trainings
Your employees have to know what they need to do in order to ensure data protection. We will conduct awareness trainings at your company to accomplish that, and our partner qSkills will provide general trainings (for establishing a DPMS in compliance with EU GDPR rules, its systematic implementation, and monitoring).
Certification
When the introduction of a Data Protection Management System is completed, in many cases it is followed by its certification, to have the data protection that the system has gone through officially verified. This demonstrates to your customers and the authorities (e.g. BSI “Federal Office for Information Security”) that you are certified. We will prepare you for this appointment in the best possible manner.
You need a Management System?
We´ll answer any question you might have.
2.
Operation & Development
Data Protection Management System
DSMS [as a] Service
We accompany you in the operation and the continuous development of your data privacy management system in a long-term.
Privacy Impact Analysis (PIA)
The Privacy Impact Analysis analyzes the data flow, checks and updates the data inventory and examines the legal basis of data processing. In addition to that, the analysis detects reciprocal dependencies between processes and/or business areas, making it possible to identify the impacts of malfunctions and breakdowns of relevant resources.
Data Protection Policy
The data protection guideline supports the effective controlling of your Data Protection Management System. That entails for example, checking the strategic targets in terms of your data protection policies, and deriving quantifiable operational objectives. To that end, we apply the principles of EU GDPR rules, those of ISO and OECD.
Specific Measures
The measures specific to data protection contain, among other elements, providing support for the adjustment or reimplementation of processes and applications with due regard to Privacy by Design and Privacy by Default, as well as conducting reviews on data protection principles, data protection statements or privacy statements.
Managementsystem (as a) Service – MS(aa)S
Detailed information on the operation of the MS[aa]S and the standard services can be found here.
You want to enhance your management system?
We`ll answer any question you might have.
Case study for DPMS from our day-to-day routine
Using personal data
- Payments for damage claims must be averted
- You must keep your reputation in mind
- Make sure nobody places an official complaint
Getting your products and services to customers is becoming increasingly more difficult in the age of data overload. That’s why methods like profiling are incredibly popular. Such methods can analyze the purchasing behavior of customers, in order to determine the most appropriate measures for marketing and sales. But watch out: You should think twice before getting too ecstatic about putting a comprehensive collection of data together for these analyses. If personal data is used for a purpose different from what it was originally collected for, it would constitute a clear violation of data protection rules (e.g. GDPR).
Our strategically suitable service:
DSMS – Data protection management system