banner insentis Portfolio Data protection

Data protection

The protection of personal data is becoming increasingly important, and not just after numerous security incidents in business, healthcare, public institutions and administration. The EU General Data Protection Regulation (EU GDPR) has also ensured a number of additional requirements and tightening of existing data protection law, so that many companies, authorities and other institutions are faced with a mountain of requirements that in many cases are difficult to manage economically and technically. In order to ensure and further develop data protection, for example, the following are required

  • to fulfil comprehensive documentation tasks,
  • introduce or expand an appropriate risk management system,
  • define and implement technical and organisational measures,
  • Carry out consultations with data protection authorities or
  • Prepare immediate measures in the event of security incidents and implement them at very short notice if necessary.

To this end, we take into account legal requirements such as the EU Data Protection Regulation, the IT Security Act, the Federal Data Protection Act as well as national and international standards such as MaRisk, TISAX or ISO27001. In addition, we can draw on extensive expertise in IT security, IT forensics, IT compliance or IT project management tasks. In this way, we combine IT competence and data protection in an economically sensible way.
We support you around the topic of data protection and also offer the provision of an external data protection officer (DPO). This includes the following services, among others:

  • Creation of a data protection management system (DSMS) and integration into the information security management system (ISMS) as a holistic data protection and information security management system (IDSMS) to control and maintain EU-DSGVO compliance.
  • Carrying out DSGVO compliance checks
    • Processes and technical and organisational measures (TOMs) for companies as a whole
    • Individual projects and applications
    • Websites
    • Apps
  • Appointment of an external data protection officer: Act as contact person for enquiries from authorities and data subjects regarding data protection as well as for the management, employees, sales and marketing in all matters relating to the handling of user and customer data.
  • Planning and implementation of data protection projects to achieve EU-DSGVO compliance
    • Elaborate and propose measures whose implementation and compliance ensure adequate data protection
    • Creation and maintenance of a processing directory (procedure directory)
    • Creation of extinguishing concepts
    • Advice and support in carrying out the data protection impact assessment in accordance with Art. 35 DSGVO
    • Implementation TOMs
    • Contractual assurance of data protection in supplier relationships by means of maintaining a register of processing activities with the associated data protection contracts and drawing up self-assessments for suppliers
  • Training of employees who process personal data
  • EU GDPR compliance monitoring: Monitoring data protection requirements as a long-term compliance measure
  • Working towards compliance with the regulations in the EU-DSGVO and GDPR in the international environment
  • Assessment of data protection incidents and potential breaches
  • Incident response: In the event of security incidents, check for any data protection breaches and advise on further procedures.
  • Reporting breaches within 72 hours to the competent state data protection authority

External DPO or CDPO / DPO

Insentis provides an external Data Protection Officer (DPO) or Chief Data Protection Officer (CDPO) as full-time or part-time support to maintain compliance and improve data protection and information security.
Insentis offers the provision of a certified data protection officer with all the necessary skills. The core task of the data protection officer is to comply with the regulations of the EU-DSGVO. This includes the following activities, among others:

  • Obligation to inform about existing obligations under data protection law and to monitor compliance with them
  • Work towards stands for the elaboration and proposal of measures whose implementation and compliance ensure sufficient data protection.
  • Functioning as a contact for the enquiries of authorities and affected persons
  • Creation and maintenance of a processing directory (procedure directory)
  • Advice and support in carrying out the data protection impact assessment in accordance with Art. 35 DSGVO
  • Act as contact person for the management, employees, sales and marketing in all matters relating to the handling of user and customer data
  • Training of employees who process personal data

In addition, we coach your data protection officer, chief information security officer (CISO) or chief data protection officer (CDPO) to implement their goals in the best possible way. We have the relevant experience, the technical skills and also the necessary certifications.

scroll to top