Data Protection

Information Security

External Data Protection Officer
External Information Security Officer
Penetration Testing

Contributions from
Holzhofer Consulting
self test
Data Protection: Good Reasons
The Federal Data Protection Act (BDSG)
Personal data can be found in many areas of a company. In Germany the Federal Data Protection Act regularizes for companies and other controllers what is legally admissible when handling personal data. Violations can be fined with up to 300,000 EUR. The fines can be even considerably higher if there is a higher financial profit or having more premises. Pursuant to section 44 BDSG even liabilities to imprisonment for up to two years are prescribed.

Self-Interest and Customer Trust
Aside from that companies should have a high interest on protecting data of their clients and employees. Data breaches result in loss of trust and confidence that can destroy a good company image overnight.
This does not only affect private customers, but also business customers. According to a survey of PwC 51% of medium-sizes companies refuse business relations to other companies where data breaches occurred. On the other hand seriously taken data protection and IT security build trust and confidence towards potential buyers and customers.

Requirements of Business Partners
Large companies adhere the requirements of section 11 BDSG thoroughly and require their contractors to comply with comprehensive technical and organizational controls for protecting personal data. Commonly it is a contractual requirement to appoint a data protection officer, independent from legal prerequisites of the BDSG.

Data Protection starts with 10 Employees?
A common error is the assumption that companies have to care about data protection only with headcount of 10 or more. The requirement according section 4f paragraph 1 BDSG refers to one of many prerequisites that require the application of a data protection officer. However the data protection regulations have to be met independent of this prerequisite from the first day when starting a new business. Thus pursuant to section 4d paragraph 1 BDSG before carrying out automated processing operations the competent supervisor authority has to be notified. The obligation to notify shall not apply if the controller has appointed a data protection officer.
Certifications of our experts
Foto Martin Holzhofer External Data Protection Officer „Data protection and information security are crucial for every company. Save costs in these challenging areas by an external data protection officer and information security expert. We are pleased to help.“

Martin Holzhofer,
Holzhofer Consulting GmbH
Tel. Holzhofer Consulting GmbH