Data protection and data security are important aspects of everyday business practice – and not just since recent, highly-publicized cases of online data mishandling. The Steinbeis Transfer Center for Information Systems, Process Organization and Quality Assurance (IPQ) in Heidelberg has offered professional consulting and support on data protection law for a decade. The center’s data protection experts fulfill the role of data protection officers for companies across all industries.
As well as financial losses and damage to reputations, companies that fail to manage data correctly can also face heavy fines from regulatory authorities. Appointing a company data protection officer is one of the central stipulations of data protection legislation.
“We were very surprised to discover that we even needed a data protection officer,” comments the head of a small printing company in the Rhein-Neckar region. “Fortunately though, the IPQ Steinbeis Transfer Center rapidly provided us with professional support!” As printing annual reports or stock exchange prospectuses is classed as order data processing, it is subject to the same data protection requirements, for which the client – in this case, a listed software company – is also responsible.
Many companies perceive the legal requirement to appoint a data protection officer as an irritating chore. And indeed, choosing an existing full-time employee to act as a data protection officer is often associated with a number of considerable problems – like the employee being pulled away from their regular duties, employment law implications, and increased protection against dismissal. A lot of training is also needed to bring the appointed data protection officer up to the right level of expertise. Taken together, these requirements can constitute a significant hurdle for many SMEs.
In cases like these, the law allows companies to appoint an external data protection officer to take on this function on their behalf as a professional, paid service. For Stefan Eisert, project manager for data protection at the IPQ Steinbeis Transfer Center, an external data protection officer is the ideal solution, as it allows companies to fulfill data protection requirements professionally, efficiently and cost-effectively. “By taking advantage of our services, companies can focus more on their core business and free up internal resources while lowering costs and liability risks,” believes Eisert, who acts as a data protection officer for a number of companies and has many years of experience in data protection law. In fact, one of Eisert’s customers recently passed an audit by the German Federal Commissioner for Data Protection and Freedom of Information.
The industry expertise of Prof. Dr. Klaus- Georg Deck and his team ranges from doctors’ practices and IT firms to publishers, printers, production plants and telecommunications companies. The transfer center is a member of the German Association for Data Protection and Data Security (GDD) and trains its own employees comprehensively to ensure they have the required level of expertise.