Data Protection

Information Security

External Data Protection Officer
External Information Security Officer
Penetration Testing

Contributions from
Holzhofer Consulting
self test
Data Protection: Good Reasons

The General Data Protection Regualtion (GDPR) and the Federal Data Protection Act new (FDPA-new)

Personal data can be found in many places in the company. Since 25 May 2018, the General Data Protection Regulation (GDPR) for companies and other bodies regulates what is permissible and what is not when dealing with personal data in the EU. In addition, Germany has the new Federal Data Protection Act (FDPA) applicable from 25 May 2018, which, as so-called opening clauses, allows the EU member states their own scope for regulation through the GDPR. Fines of up to EUR 20 million or 4 % of a company's worldwide turnover in the previous year can be imposed for infringements. For groups of companies and groups of companies, the entire turnover can be used as the basis for assessment. Even criminal consequences of up to 3 years imprisonment are provided for under section 42 FDPA-new.

Self-Interest and Customer Trust
Aside from that companies should have a high interest on protecting data of their clients and employees. Data breaches result in loss of trust and confidence that can destroy a good company image overnight.
This does not only affect private customers, but also business customers. According to a survey of PwC 51% of medium-sizes companies refuse business relations to other companies where data breaches occurred. On the other hand seriously taken data protection and IT security build trust and confidence towards potential buyers and customers.

Requirements of Business Partners
Most companies now implement the requirements for order processing in accordance with Art. 28 GDPR and require their contractors to take comprehensive technical and organizational measures to protect personal data. The contractual requirement to designate a data protection officer is also common, irrespective of the legal requirements. Contractual penalties and high compensation claims are threatening in the event of violations.

Data Protection starts with 20 Employees?
A common fallacy is the assumption that companies do not have to implement data protection until they have 20 or more employees. The regulation according to section 38 Abs. 1 FDPA-new refers to one of many conditions, after which an operational data security representative must be appointed. However, the regulations of data protection law must be met upon the start of business activities, independently of any obligation to appoint a data protection officer. Companies must notify the designated data protection officer to the competent supervisory authority.
Certifications of our experts
  • Data Protection Officer (TÜV)
  • Data Protection Auditor DSA-TÜV
  • Certified Data Protection Officer (udiszert)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Certified in Risk and Information Systems Control (CRISC)
  • BSI ISO/IEC 27001:2005 Lead Auditor
  • Offensive Security Certified Expert (OSCE)
  • Offensive Security Certified Professional (OSCP)
  • Certified Ethical Hacker (CEH)
  • ITIL Foundation Certified
Foto Martin Holzhofer External Data Protection Officer „Data protection and information security are crucial for every company. Save costs in these challenging areas by an external data protection officer and information security expert. We are pleased to help.“

Martin Holzhofer,
Holzhofer Consulting GmbH
Tel. Holzhofer Consulting GmbH