Data protection within the public sector

We support you  - pragmatically, practically and future  - oriented.

Data protection is certainly fundamentally anchored in the self-image of the authorities, but it is not easy to comply with all the rules. The large number of regulations and the necessary adjustments with the 2018 data protection reform must be implemented alongside everyday issues - a challenging project. And then there is digitisation.

We support you actively and support your employees wherever possible.

Public authorities, such as municipalities as local authorities, are assigned a large, sometimes highly complex area of responsibility with extensive data protection regulations. With the application of the European General Data Protection Regulation (GDPR), state data protection laws and data protection regulating areas of other laws and ordinances have also changed. Not all of this is already known, understood and implemented on site.

In addition, processes are increasingly being digitised or services outsourced. The requirements of data protection and data security pose major challenges for public authorities. We support you in answering your legal and technical data protection questions.

Our team is always up to date, has in-depth experience in the public sector and supports you wherever it is useful for you.

Since 25.05.2018: Appointment of external official data protection officers

As the external data protection officer of your organisation, we take on the function of an official data protection officer. Our team is always up to date and our participation in the working groups on the 2018 data protection reform gives us excellent insights into the current and future requirements and their implementation in the public sector. We can support you in this:

  • Inventory and risk analysis Data protection
  • Creating and customizing a privacy policy
  • Risk determination through site inspection
  • Basic advice
  • Technical advice on data protection when planning or evaluating new procedures for the processing of personal data
  • Establishment of a data protection concept
  • Creation, actualisation and revision of processing documentation
  • Sector-specific training of employees on data protection
  • Advice and active support in the development and documentation of the necessary technical and organisational measures
  • Examination of existing documentation of technical and organizational measures
  • Checking the status of compliance with the requirements of changed laws (LDSG, BayDSG, ThürDSG, EU GDPR, etc.)

Would you like to know more? Get in contact with us.

Data protection consulting

Do you need support in assessing the current situation of your subject area, your authority or your affiliated institutions (school, day-care centre, nursing facility, etc.) with regard to data protection? Or support for your data protection officer as well as a reliable partner who checks your external service provider relationships for you?

We accompany you comprehensively with all the related points:

  • Bestands- und Risikoanalyse zur Datenschutz-Organisation
  • Advice on data protection law and technical aspects of planning new processing activities
  • Preparation of the data protection rules of procedure
  • Structure of the data protection concept
  • Structure or addition of processing documentation
  • Training employees on data protection
  • Carrying out data protection impact assessments
  • Documentation of technical and organizational measures
  • In-depth risk assessment through site inspections
  • Checking your service providers
  • Basic advice on data protection in your organisation
  • Support for innovative projects
  • Advice and support for employees on personal and official data protection issues

Would you like to know more? Get in contact with us.

Assistance of the official data protection officer

As reinforcement of your official data protection officer, we support you in those places where you need it. Our team is always up to date and has in-depth experience in a wide range of subject areas.

  • Inventory and risk analysis data protection
  • Advice on data protection law and technical aspects of planning new procedures for processing personal data
  • Support in the implementation of data protection requirements
  • Processing documentation
  • Sector-specific training of employees on data protection
  • Carrying out Data Protection Impact Assessments (DPIA)
  • Documentation of technical and organizational measures
  • In-depth risk assessment through site inspections
  • Case-related advice, as well as statements on individual topics of data protection

Would you like to know more? Get in contact with us.

Data protection audit

You want a clear, comprehensible and objective assessment of how your subject area, the authority or institutions affiliated to you are structured in terms of data protection? We take a look at the processes, service providers and documentation relevant to data protection, prepare a report for you and give you concrete recommendations for action.

  • Inventory and risk analysis data protection
  • Checking:
    • for compliance with the data protection requirements specific to the division
    • the processing documentation
    • the training concepts
    • necessary Data Protection Impact Assessments (DPIA)
    • existing documentation of technical and organizational measures
  • In-depth risk assessment through site inspections
  • Checking the status of compliance with the requirements of changed laws (BayDSG, EU GDPR, etc.)

Would you like to know more? Get in contact with us.

Security of information

As an authority you are confronted with requirements regarding IT security (e.g. in the context of ISIS12, VdS10000 or the work aid for information security concepts of the Innovation Foundation Bavarian Municipalities). We give advice and accompany you in the implementation of the requirements, in the development and establishment of the corresponding measures as well as in the ongoing maintenance of your information security management.

Services of rehm Datenschutz GmbH:

  • Support for the official Information Security Officer, if necessary the provision of an external ISO.
  • Execution of information security risk and vulnerability analyses
  • Accompaniment of all measures regarding logical and physical security
  • Creation and regular revision of IT security and IT emergency manuals
  • Simulation and practice of IT emergencies
  • Conducting training events to raise employee awareness
  • Implementation of information security concepts/ ISMS according to art. 32 GDPR
  • Support during the implementation of Federal Office for Information Security IT-Grundschutz (IT Basic protection) 100-x / 200-x

Would you like to know more? Get in contact with us.

Service provider audit

Do your external service providers have access to your personal data? Are you aware of the need to be able to prove that your cooperation complies with data protection regulations? We check your service providers on the basis of available documents and/or on site.

You will receive proof of a legally compliant audit in accordance with applicable data protection requirements.

  • Review of data protection agreements
  • Service provider check based on documents
  • In-depth assessment through site inspections
  • Processing documentation

 

Would you like to know more? Get in contact with us.

Workshop and trainings

We offer workshops on various topics*. Always close to the topic, at eye level, lively and with clear and noticeable effects for your organisation.

Learn more about our detailed offer in the area "Seminars & Lectures".

*Examples of training courses that we have already actively provided:

  • Data protection for press offices
  • Data protection in the field of human resources (civil servants and employees subject to collective agreements)
  • Data protection for staff councils
  • Data protection in everyday working life
  • Data protection management based on StmI recommendations
  • Data protection in research and teaching
  • Data protection in educational institutions
  • Data protection in educational systems
  • Data protection in penitentiary systems
  • Data protection in the social sector

Would you like to know more? Get in contact with us.

Data protection auditing

Do you want to know where your public authority stands when it comes to implementing data protection regulations and where risks await you or where there could be potential for improvement and simplification? Should individual procedures, subject areas or institutions affiliated to you be checked for compliance with data protection technical and legal requirements?

  • Standardised audits in accordance with generally recognised audit catalogues, enriched with sector-specific experience for the respective public agencies
  • Inventory and risk analysis data protection
  • Checking the status of compliance with the requirements of changed laws (BayDSG, EU GDPR, etc.)
  • IT security testing by experts with extensive experience in ISO certification procedures; basic IT protection and other customer-specific certifications

You can find out how we can support you in this in the data protection audit section.

Would you like to know more? Get in contact with us.

Implementation of all data protection legal requirements from DSGVO and BayDSG

Together with your public authority, we implement the necessary measures. We use the data protection tools of the Bavarian State Ministry of the Interior as a model and adapt the corresponding templates and samples to your specific needs.
The basis for most of the steps is the creation of records of processing activities, which we can build up for you efficiently and quickly, if required, with many templates and experience in handling the corresponding software systems, if used.

Thanks to our experience in handling concrete data protection implementation measures, we manage our projects efficiently and in compliance with requirements, do not get bogged down and do not lose sight of the "big picture".

Website analysis

  • Analysis of a website (URL) - without subpages or subdomains
  • Analysis down to the third level in depth
  • privacy statement
  • imprints
  • contact form
  • Dealing with Cookies
  • Dealing with trackers
  • Connections / References to social media functions
  • Newsletter
  • Detailed report on the analysis
  • Clear explanation and individual planning of measures

Would you like to know more? Get in contact with us.

Social media analysis

  • Analysis of social media presences (e.g. Facebook) according to legal data protection standards
  • Detailed report on the analysis
  • Comprehensible explanation and individual planning of measures

Would you like to know more? Get in contact with us.

Website Analysis IT Security

  • Automatic and partly manual scan of a website (URL) without external domains according to internationally recognized OWASP criteria
  • The security and performance of the web page is not affected (Light Weight Scan)
  • Login credentials may be required for the website (to be provided by the customer).
  • Detailed report on the results (generated by the scanning process)
  • Comprehensible explanation and individual planning of measures

Would you like to know more? Get in contact with us.