Notos brochure

Data protection and data security (IT security)

 
For all enterprises the rapid development and increasing importance of and dependence on IT systems for the creation of value have caused the protection of company-critical data as well as the usability in a legally permissible manner of personal data (e.g. of [potential] customers, patients, clients, employees and suppliers) to move from a peripheral role to the centre of attention in recent years.

Today, no company can afford to go without the Internet as marketing and/or sales channel or the use of flexible, cost-favourable IT resources provided by third parties (e.g. cloud computing: SaaS, PaaS, IaaS). It has to be possible for valuable company-critical and/or personal data to be stored in as much detail as possible, systematically and in an immediately and everyplace available manner and for it then to be possible for the data to be analyzed, evaluated and used profitably.

Parallel thereto the (legally set) requirements in respect of data protection and data security are being continuously updated and made more concrete by the supervisory authorities, courts and lobby/interest groups.

For many years, Notos has been supporting companies in the building up of corporate systems that meet data protection requirements as well as in the answering of questions on the legal data protection situation in respect of employees and where necessary represents its clients before supervisory authorities.

A further focal point of Notos's services lies in the advising of its clients in respect of the legal data protection situation when new technologies/communication strategies such as direct-marketing programs, CRM systems, eCommerce, tracking systems, location based services, credit card payment systems (PCI-DSS) and social media links are introduced. Here again we make use of our expertise in the fields of competition, labour and IT legislation.

In the field of health-related data protection we assist not only medical practices but also hospital groups in the establishing of patient-administration or hospital information systems conforming with data protection requirements.

Our advisory services in the area of data protection law include in particular the following fields:

  • Designing and realizing of technical and organizatorial measures in accordance with the German Federal and Federal Land Data Protection acts (BDSG, LDSG) and Technical and Organizational Measures (TOMs)
  • Corporate organizations meeting data protection requirements; outsourcing; cloud-computing
  • Setting up of CRM databases (including across-border and integrated databases)
  • Direct-marketing programmes; co-marketing; co-branding
  • Social media links and applications
  • Generation and use of qualified leads / data on prospects
  • Employee data protection (corporate guide-lines/codes: handling of operational and business secrets; ICT infrastructure, Internet and e-mail; Bring your own device [BYOD])
  • Health-related data protection (design in conformity with data protection requirements/configuration of patient administration systems (PAS), hospital information systems(HIS))

Selection of our work in the field of data protection legislation:

Client / sector Field of tasks
Air transport infrastructure provider Provision of advice on the integration of location-based services in airport building including link options with social media and evaluation platforms in conformity with the German Telecommunications, German Telemedia and Federal German Data Protection acts.
B2B purchasing portal Development of data protection and data security concepts; preparation of IT infrastructure manuals, data protection declarations and a lot more too (German Telemedia Act, Federal German Data Protection Act).
Electronics group in southern Germany Provision of advice on and realization of a direct marketing concept including advising on the CRM configuration, preparation of input screens, data protection hints and obligations (German Telemedia Act, Federal German Data Protection Act).
Housing association with a portfolio of close to 20,000 apartments Provision of advice on and realization of an IT infrastructure manual and data protection guide-lines for the employees in the form of work instructions or company agreements; structuring of the IT services in conformity with the law for the parent and subsidiary companies, data protection concept including data-deletion plan (German Telecommunications and Federal German Data Protection acts).
Professional association governed by public law Supporting of a prior vetting of the Hessian data protection commissioner in respect of a common procedure in accordance with article 15 of the Hessian Data Protection Act.
Hospital group Patient data protection, employee data protection, Internet and intranet links.

Online health portal with facility for the recording of health data

Data protection concept, data protection declaration and references to the German Telemedia and Federal German Data Protection acts.
Training clock/watch and app provider Data protection concept, data protection declaration and references to the German Telecommunications, German Telemedia and Federal German Data Protection acts.
IT security company Development of data protection and data security concepts in respect of an online penetration test and scan portal in accordance with the payment card industry data security standards of the credit card industry.
> 40 manufacturer portals / online dealers eCommerce in conformity with data protection requirements.

Printed from: http://www.notos.de/en/spezialisierung/datenschutz .
© 2017.

  • Deutsch English