Data protection officer

Our consulting services are characterized by an eye for what is practically feasible. It is precisely through the interaction of specialists from the fields of data protection law and IT security that you receive a customized solution that also fits your company.

Your advantage: continuous support for the company in the development of its own data protection philosophy at manageable costs.

DPA Drewes Privacy Advice has many years of experience in taking over the function of external company data protection officer in various industries.

The data protection officer must be involved in processes as early as possible – ideally during the conception of data processing operations. Then the data protection-compliant design of the process can be considered right at the beginning. The right course is set and, together with the specialist departments, it is possible to discuss how the company’s ideas can be implemented in a data protection-compliant manner.

It is precisely in this area that companies benefit from our many years of experience in the internal design of data processing procedures. This applies to all areas: from the analysis of customer data and the use of “people analytics” to advising the works council.

As data protection officers, we check whether the guidelines on data protection are known within the company. In coordination with the audit department, we also conduct regular audits to determine whether other internal company requirements for data processing are being met. We then prepare a report for you with the corresponding recommendations for the management so that improvement measures can be taken.

Companies are required to conduct a data protection impact assessment for critical data processing operations. Depending on the type of data processing, this can be very time-consuming. We know what is important and can support companies in developing their data protection impact assessment.

After consultation with the company, we conduct audits of the processors in accordance with Art. 28 DSGVO. As part of accountability, companies must also satisfy themselves that service providers are meeting their contractual obligations. Our audit report is a suitable means of providing this evidence.

According to the GDPR, the data protection officer only has to check whether employees in the company also receive training in data protection law. We are also happy to conduct training courses ourselves – in consultation with the company. This takes place regularly in selected departments and has more the character of a data protection workshop. This enables us to respond very specifically to the requirements of the individual departments and to highlight current developments.