Internal Organization
Data protection must of course reach those where data processing regularly takes place, namely your employees. Here you are required to sensitize your employees accordingly and create guidelines for handling personal data. This begins with training, which you can do online with the provider Iversity [1], for example . In addition, you must determine who is internally responsible in the event of a request for information or deletion. The question of what to do in the event of a data breach should also be clarified internally and set out in writing. The relevant websites of the supervisory authorities are helpful here, as they already provide quite useful templates. For example, the Bavarian State Office for Data Protection Supervision [2] or the Baden-Württemberg Supervisory Authority [3] .
If your company employs more than 10 people, you guatemala number dataset are still required to appoint a data protection officer. The contact details of the data protection officer must - and this is new - be published both in your data protection information and to the supervisory authority responsible for you. The role of data protection officer can be performed by an internal employee (caution: members of the management and senior management level may not be named) or by external service providers.
Conclusion
The issue of data protection has not become any easier with the GDPR. However, due to the enormous increase in liability risks, you cannot neglect the issue. If you have implemented the data protection basics listed above, you have already met the essential requirements of the GDPR and can then concentrate on your business again.
David Oberbeck
David Oberbeck is a lawyer and managing director of Herting Oberbeck Datenschutz GmbH in Hamburg. The focus of his work as a lawyer is on data protection, competition and IT law. In addition, he also acts as an external data protection officer for various companies in the IT industry. Mr. Oberbeck gives lectures and seminars on the EU General Data Protection Regulation and its practical implications. As an author of the specialist journal »Datenschutz-Berater«, he also regularly publishes specialist articles on current developments in case law on data protection. Since 2018, he has been a member of the team of authors of the Auernhammer DSGVO/BDSG practical commentary.