Data Security

Protection of data related to individuals is guaranteed by law
(Article 2 of the German Grundgesetz)

   .: General Data Protection Regulation defines the rights of individuals as informal self-determination.
   .: Violations of the Data Privacy laws in relation to customer data are simultaneously violations of laws against unfair
       competition and can incur additional and highly punitive monetary charges
   .: The correct handling of personal data also increases the level of trust customers and employees have in the corporation

The right to informal self-determination includes:

   .: The handling of person-specific data is only allowed in the context of a clear purpose known to the affected individual
   .: The most important permissions are the consent of the person concerned, a contract with the person concerned
      (e.g. an employment contract) or laws (e.g. Social and Fiscal legislation)
   .: The handling of the data must be done in a secure and auditable environment (with controls consistent with the
      demands of applicable regulations)



  Verification of secure execution of tasks and confirmation of adherence to the
  applicable regulations

Assignment Competence within the corporation
Allocation of an internal data protection commissioner (DSB)
Audit Trail for data security
Support of the public index of procedures
Data Protection Commissioner
Legal compliance in the event of Outsourcing
CEO , Data Protection Commisioner
Creation and support of internal supervisory processes
Data Protection Commissioner
Information and Training of employees
Data Protection Commissioner
Compliance of employees with data protection and secrecy legislation
CEO, Human Resource Manager
Briefing of IT projects with regards to person-specific data and supervisory control
IT/ responsible department will inform Data Protection Commissioner
Enforcing of compliance with the legislation
Data Protection Commissioner and all employees
Monitoring of proper usage
Data Protection Commissioner
Compliance of contractors with IT policies
Responsible Department and Data Protection Commissioner
Notification of IT policy to the affected persons
Responsible Department and Data Protection Commissioner
Disclosure about saved data
Data Protection Commissioner
Correction/changes of saved data
Responsible Official
Blocking and deleting of data
Responsible Official


  Preparation of data protection audits by an inspection authority

   .: Processing of checklists
Gap closures
Supervision of audits


German - English