The Data Privacy Landscape
A Global Strategy
- Take a proactive approach to protecting personal information;
- Develop “cultures of compliance” that demonstrate a deep commitment to, and passion for, privacy;
- Obtain “buy-in” from business executives and other key stakeholders; and
- Have a solid grasp of relevant international, regional, and national laws.
With our global team of lawyers, data privacy consultants, and information security specialists, we can help you achieve these goals.
Data Protection Officer
If you have already appointed a company Data Protection Officer (DPO,) we can provide support for large tasks or problems that require specialized expertise.
Alternatively, you may appoint legitimis as an external DPO.
In either case, the involvement of our employees offers several practical as well as financial benefits:
- Our employees are always up-to-date;
- We offer the possibility of project-related assistance;
- We offer calculable and transparent pricing models through framework or project agreements.
Whether you choose to work with your internal DPO or appoint legitimis as external DPO, we will help make your projects a success, and you will not have to worry about data privacy and security. We will take care of that for you.
Different industries often have different legal requirements regarding data privacy. This is particularly true in countries like the United States, which follows the “sectoral” model. Given this, every company faces a unique set of challenges. Accordingly, our consulting services are tailored to your business model and the industry in which you operate.
We focus on five industries:
- Automobile (Labor Law and International Legal Affairs)
- Telecommunications (Consumer Rights)
- Medical Sector (Patient Rights)
- IT, Entertainment, and Gaming (Consumer Rights)
- Financial Sector (Consumer Rights and Investor Rights)
Running a business enterprise means setting a course and not stopping at national borders. In doing so, however, companies face several challenges and risks pertaining to the international transfer of personal information. To help you address these challenges and risks, we assist you with the development and implementation of “Binding Corporate Rules” (BCR): binding rules for international companies, according to which personal data can be sent across country borders within an organization.
BCR ensure a uniform level of data protection throughout an organization, and thus also provide reliable information for the handling of personal data in daily practice.
The formulation of BCR requires a high degree of specialized knowledge. Our experience shows that the common perception of BCR–that these group-wide rules are costly and difficult to implement– is unfounded. By focusing on a few cornerstones, it is possible to implement Binding Corporate Rules within an organization:
- Compliance with national laws and the development of a uniform level of protection as a basic requirement.
- Involvement of works councils.
- Transparency in the formulation and specification of a uniform structure.
In the modern business world, it can be difficult, if not impossible, to run a company without relying to some extent on third party sub-contractors (commonly referred to as “vendors” or “suppliers”). This reliance carries a certain inherent risk: that your company may be considered liable for a privacy law violation committed by a vendor.
Therefore, your company should comply with obligations to conduct supplier audits. For instance, § 11 of the Federal Data Protection Act (BDSG) (Germany) requires documentation, testing and, evaluation.
We will do this for you.
A main focus is the fulfillment of the obligations of § 11 Federal Data Protection Act (BDSG), particularly with respect to data order processing. We will support you in setting up appropriate vendor management through:
- On-site vendor audits;
- Observance of company-specific guidelines during examinations; and
- Transparent reporting.
We engage with your cooperation partners and vendors to reduce your organizational effort and provide legal certainty. The goal is not to restrict, prohibit, or lecture you, but to implement data protection and information security systems and controls. The whole process is taken over by legitimis, from approaching vendors to reviewing contracts. Our experts carry out a personal inspection of the vendor and its technical/organizational security measures.
This is Vendor Security Management à la carte with a personal touch.
From user experience to interactive design, “user friendliness” is often the primary concern when it comes to website development. But what happens in the background with respect to user data? From Cookies that require special attention under the Cookie Directive 2009/136 / EC to Webtrackers: when it comes to creating a website, there are numerous rules to consider.
- When using a newsletter, not only the regulations of the Telemedia Act (TMG) or Federal Data Protection Act (BDSG) are to be observed, but also paragraphs of the Law against Unfair Competition (UWG) – an often unnoticed error with potentially far-reaching consequences.
- Companies invest a lot of creativity and energy in the attractive presentation of their offerings on their website. However, they tend to show considerably less commitment in formulating the general terms and conditions. This content, typically referred to as “fine print,” is of increasing importance to consumers.
- Privacy Policies: the formulation of these important texts can make you sensitive to the rights of your customers – such as the right to information from § 34 Federal Data Protection Act (BDSG). They also provide a great opportunity to build trust and give your customers an image and sales-promoting sense of security.
Privacy is not a nuisance. Fines are only one potential consequence of not taking privacy seriously–others include damage to reputation and lost business.
Please contact us if you are looking for customized protection for your company in order to avoid data protection risks.
The goal is not to hinder projects, but ensure their feasibility.