Main topics in our data protection consultation
For years we have been working with companies from a wide variety of industries. Over time, some main topics have emerged. Does your company also belong to one of these industries? We are happy to inform you about reference customers.
Of course, we also advise companies from other industries and are happy to provide you with further references. What area are you from?
Data protection for energy suppliers
Data protection is a particularly important issue for energy suppliers. First of all, like all companies, they must comply with the provisions of the GDPR, national data protection law and other data protection regulations.
In addition, almost every citizen is a customer. And the great importance of energy suppliers in the economy is attracting a great deal of public and press interest.
If you come from this industry, you have probably already encountered questions such as: “Can we pass on consumption data to research institutes on a precise metering point basis?”, “How are data from employees who are also our electricity customers to be treated?”, “May we send advertising to former customers?”, “May we pass on consumption data for rented apartments to the owner for the energy certificate?
We can answer these and other questions for you
The big question: How should I handle employee data?
Whether in digital form or in the classic personnel file: Every company is responsible for the security of its employee data. The extent to which you may evaluate and process this data is very strictly regulated and always depends on the purpose of the processing and therefore frequently on the industry.
Food producers, for example, require regular health checks of their employees in addition to the usual data collected on employees: In other companies, the request for such documents may not be permitted.
The subject of data processing becomes somewhat more complex if your company belongs to a group. Parent or subsidiary companies are likely to request employee information on a regular basis. However, this process must be viewed critically in terms of data protection law: There is no “group privilege” and employee data can not simply be sent back and forth without a legal basis.
If you entrust external service providers with the processing of personal data (e.g. payroll accounting or IT infrastructure support), this must be regulated in accordance with data protection regulations, which is unfortunately often overlooked. We offer you suitable templates for contracts and check the submitted documents for you.
Data protection should of course protect people above all else, which is why we attach great importance to the data protection-compliant handling of your employee data. But it is just as important to keep an eye on the needs of the company. We see ourselves as “enablers” and not as “preventers”. Our data protection officers have gained experience in this area through many years of working with companies from Germany and all over the world. We aim to give advice as practical as possible on this complex topic.
Deliver to customers securely – and protect employees
Perhaps you are familiar with this situation: your customer entrusts you with the transport of dangerous goods and requests data from your drivers: Certificate of good conduct, current ADR certificate, scan of identity card. But are you allowed to pass this data on to your customers at all?
Or your customer would like to track the transport permanently via an on-board system. Is that permissible?
In the transport and logistics industry, there are some data protection issues that are not easy to answer. Many issues are very complex and require careful examination and evaluation, because it depends on the specific circumstances.
We are an experienced partner for questions concerning data protection. We advise you comprehensively and keep an eye on the needs of your customers, your company and your drivers. This is not always possible without conflict: however, it is definitely worth taking up this topic and not having to fear an audit.
Data Protection in Healthcare – Dealing with Sensitive Data
Health data are particularly intimate and sensitive and require special data protection measures. If such data falls into the wrong hands, the damage could be enormous. Don’t let that happen, because your company bears a lot of responsibility and has a good reputation to lose.
By the way, “data protection in health care” does not only mean patient files at the doctor’s or hospital.
- Production or distribution of medicines:
- Is the reporting chain correctly and safely established in the event of adverse drug reactions?
- Does the reporting comply with the legal requirements and include the correct data for statistical evaluation?
- Drug studies
- Does the sponsor really not have access to personal data from the study?
- Are the requirements of the Ethics Committee adhered to without exception?
- Is the processing of travel expense reimbursement regulated in accordance with data protection regulations?
- Does the patient agree to participate in the study and further internal use of his data?
- Patient consent
- Is the consent formulated in accordance with the legal provisions and naming the concrete data categories?
- Do you have a well-functioning process for the further processing of data collected by telephone?