Following the daily news shows us: Data protection and data security are obviously underrated topics, otherwise there would not be, with great regularity, spectacular incidents involving stolen data in all industries. In addition, the number of unreported cases is certainly high; no company would like to see negative publicity of this kind. The legislature has obviously recognised this and is taking it into account by reorganising data protection law. On 25 May 2018, the transitional period of the EU General Data Protection Regulation (DSGVO) and the new Federal Data Protection Act (BDSG new) will expire.

This increases the intellectual property rights of those affected and the demands made on companies. Compliance with legal data protection regulations ensures the trust on the part of business partners and customers. If more than ten persons are dealing with personal data, a privacy officer has to be appointed. Responsible for the compliance of data protection is the person who is in charge of the process, not the privacy officer. The data privacy officer advises, uncovers irregularities and shows possible solutions.

The European General Data Protection Regulation (DSGVO) standardises the legal data protection provisions within Europe. This clearly governs cross-border data processing. The transfer of data to third-party countries (outside the EU) is subject to specific regulations. Particular attention was paid to the rights of data subjects, including the right to information and the right to take data to another company. Data may only be stored for a specific purpose, only with the permission of the person concerned and, in the case of minors, only with the consent of their parents.

For the processing of personal data, persons responsible are defined. Any transfer to another company (contract data processors) must be regulated by a contractual agreement that includes data protection. The supervisory authorities will be given more audit functions and more rights. The authorities should also be staffed up so that it becomes difficult to duck away in the future, secretly hoping that "they won't check me anyway". The new Data Protection Act (BDSG) has been adapted to the EU Regulation and confirms these provisions.

We are here to help you meet the confusing legal requirements and adapt them to your workflows and operations. Together with you, we define which requirements you need to implement individually. The most important task is to sensitise the employees. If each one keeps a watchful eye, many pitfalls can be avoided. In accordance with these agreements, we will go through your software systems and their interfaces, the premises, existing regulations, declarations of consent, and the contract data processing.

We subsequently prepare the necessary documentation and provide you with guidelines for the corresponding implementations. You can entrust us as your external privacy officer or contact us in case of difficult questions. We also support you concerning the introduction of new software.

In addition to the registration form and credit card information, hotel enterprises have special requirements because they also have access to data requiring special protection. For example, if the food intolerance of a guest is stored in your system, this means information about the state of health and is particularly worthy of protection. Together with you, we will go through your house and analyse your handling of personal data and the current level of protection.

Afterwards, we jointly define the necessary measures according to your favoured security level. Especially smaller hotels would like to appoint their own privacy officer. We will familiarise you with the most important details and provide you with documents for your own transactions. You can engage us at any time as an external data protection officer.

According to the DSGVO, a data privacy officer needs to have the appropriate qualifications and expertise. We have exactly these qualifications. In addition to specialist knowledge, a structured approach is essential.

We are a member of the Society for Data Protection and Data Security (GDD) and our employees are certified.