Data protection
The “Data Compliance” working group deals with both “classic” data protection issues within the meaning of the General Data Protection Regulation (GDPR) and the regulations on data governance and the EU’s digital strategy. The aim is to promote and support adherence to compliance requirements in a constantly changing digital environment.
Data protection
Data protection has established itself as a core compliance issue since the GDPR came into force. Due to the high level of fines and the increased awareness of both customers and employees, data protection has become an integral part of most compliance management systems.
In addition to avoiding fines, a well-implemented data protection management system offers other advantages for companies:
- Competitive advantages when dealing with customers and suppliers
- Support for smooth implementation and transparency with regard to internal processes and tools
- Low “attack surface” in the event of requests for information and, for example, cookie banner warnings
- Improvement of the corporate image through responsible handling of data
Data protection is particularly important when conducting internal investigations. Otherwise, there is a risk that the goal of compliance would have to be “paid for” with a breach of data protection. A comprehensive understanding of data protection regulations is crucial to minimize legal risks.
Data governance, digital legislation, artificial intelligence (AI) and more
In recent years, not least due to the EU’s digital strategy, there has been an expansion of legislation relating to data protection and data governance in general. With the Artificial Intelligence Regulation (AI Regulation), the EU Data Act, the Digital Markets Act and the Machinery Regulation, the EU is increasing the level of regulation surrounding digital services and the use of modern tools in companies. In doing so, the EU wants to build on the success of the GDPR.
Depending on the design of the respective compliance management system, it is also necessary to examine these topics for your own company and address them in the compliance organization if necessary. Significant synergies with the established data protection organization can be achieved here.
focus-
points
The primary purpose of the “Data Compliance Working Group” is to support compliance officers in companies. Data compliance can only be achieved if there is a broad awareness of the topic within the organization. Regulated processes and responsibilities are necessary to ensure compliance with requirements and to enable the organization and its employees to use data effectively and in accordance with regulations. Due to the high formal requirements, a pragmatic and practical approach is crucial for the acceptance of the topics.
From this, we derive the following priorities for our work, among others:
- Monitoring new regulations: Observing and evaluating relevant EU and national legislative procedures and deriving specific recommendations for action.
- Awareness: Exchange on effective training formats and awareness campaigns for anchoring data compliance (especially privacy compliance) in internationally operating companies.
- Best practice exchange: Open exchange of experience on current challenges and established solutions.
We are delighted with the steady growth of the working group in recent years and offer a trusting atmosphere for an interdisciplinary exchange and open discussion on best practices in a constantly changing environment.
working group results
Working group leader
Patrick Radner
Head of Data Protection
at thyssenkrupp AG
Patrick Radner is responsible for the Compliance Management System Data Protection (CMS DP) at thyssenkrupp and Head of Data Protection at thyssenkrupp AG. Since 2011, he has been responsible for setting up, expanding and continuously developing the CMS DP throughout the thyssenkrupp Group. In this context, he advises the thyssenkrupp companies on all aspects of data protection. Since 2020, Mr. Radner has also been responsible for a team that offers data protection consulting services internally as a service.
Barbara Scheben
Partner & Head of Forensic at KPMG AG
Barbara Scheben is a partner and Head of Forensic at KPMG AG Wirtschaftsprüfungsgesellschaft. As part of her work, she deals with applied data protection on a daily basis. This includes both organizational advice on data protection management systems and the detection and clarification of data protection breaches.
- 030 - 27 58 20 20
- info@dico-ev.de