The basic idea of data protection is that modern data processing endangers the free development of the personality of each individual. The assumption is that those who do not know or cannot control what information is being stored and retained about him or her adjust their behavior out of caution. Data protection therefore protects individuals from the state or a company collecting or storing their personal data without authorisation. The General Data Protection Regulation (GDPR) of 2018 sets strict limits on the processing of personal data. It is important that companies follow these guidelines, otherwise there is a risk of fines, warnings and competitive disadvantages.
On our How it works page you can find out why data protection is relevant for your company and how we at heyData support you. In our FAQs, our data protection basics and in our magazine you will also get an overview of the complex topic of data protection. Our white papers also provide an insight into the important basics of data protection aspects. Finally, we regularly offer free webinars on data protection. These give you the opportunity to educate yourself on exciting topics and to ask an expert questions.
Internally, it is an important task of a data protection officer in accordance with Art. 39 Para. 1 GDPR to point out that data protection regulations are observed. However, this is not an end in itself, but rather protects your company from expensive fines. 17 supervisory authorities monitor compliance with data protection regulations on the state side. If there are violations, your company can be punished with fines of up to 20 million euros or 4% of the turnover. In addition, warnings are threatened.
The Data Protection Act regulates all relevant provisions that affect personal data processing in the company. Every company that operates in the EU is obliged to comply with data protection regulations. Management is responsible for this.
The most important obligations of companies in the data protection area are:
If one or more of the following criteria apply to you and your company, then YES:
- Your company employs more than 20 people
- Special categories of personal data are processed extensively in the company, such as data on a person's ethnic origin, political opinions, religious beliefs, health or sex life
- You use CCTV
- You use new techniques, such as algorithms or artificial intelligence
- Personal data is transmitted, collected, processed or used in a business-like manner and this represents a core activity of the company (this is the case with almost all companies that have a connection to personnel, e.g. software, recruiting, headhunting, consulting)
Even if you don't need a data protection officer after the list, you still have to comply with all data protection regulations in your company.
According to the GDPR, personal data is any information relating to an identifiable natural person. The persons concerned are identifiable if they can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, a location or other characteristics. In practice, this includes all data that can be assigned to a person in any way. Examples of this are telephone numbers, ID numbers, account details, license plates, customer numbers, e-mail addresses or addresses.
Data protection is not a question of company size. The data protection regulations - and unfortunately also the fines - affect the self-employed as well as corporations. If you start early on with the topic of data protection, it will grow with your company - and afterwards no painful changes are necessary.
heyData customers get the best from the combination of helpful data protection software and very personal expert support. With the heyData platform you get your data protection under control. At the same time, our data protection lawyers are true experts in their field.
We start our cooperation with a data protection audit of your company. We screen all departments and check them for data protection compliance. As a result of the audit, you will receive your data protection documentation and important information on how you can improve the level of data protection. As part of this process, your contact person at heyData is always personally at your side. As part of the audit, we start digital data protection training for your employees and provide data protection documents that your employees can digitally sign. Of course, your data protection expert from heyData is also available to you after the audit has ended, e.g. for questions about day-to-day business, any changes or for inquiries from employees or authorities.
The data protection audit is intended to examine the processes of your company and to identify the essential points of data processing. This is not only important in order to provide you with your data protection documentation, we also want to get to know you as your data protection officer. In addition to the data protection documentation, you will receive information from the audit on how to improve the level of data protection. You discuss both with your data protection contact person at heyData. You can also access it at any time on the heyData platform.
We don't need any documents from you. If you become a customer of heyData, we will create all the documents for you.
Overall, the heyData platform helps you to get your data protection under control - from auditing and retrieving important documents to training employees.
We work entirely in German and English. Other languages are available on request.
The regular contract term is 12-24 months.
If you and your company meet one or more of the following criteria, then YES:
- Your company employs more than 20 people
- The employees regularly process automated data
- Special categories of personal data are processed in the company, such as ethnic origin, political opinion, religious conviction, health, the person's sex life
- Business-related personal data is transmitted, collected, processed or used and this represents a core activity of the company (this is the case with almost all companies that are related to personnel, e.g. software, recruiting, headhunting, consulting, etc.)
According to the GDPR, personal data is all information that relates to an identifiable or identified natural person. The persons concerned can be identified if they can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, a location or other features. In practice, this includes all data that can be assigned to a person in any way. Examples of this are telephone numbers, ID numbers, account details, license plates, customer numbers, e-mail addresses or postal addresses.
As soon as you have decided to work with heyData, after an initial needs analysis, we will carry out a data protection audit with your company in order to understand the processes of your company holistically - this process is digitally accompanied and supervised by the data protection advisor. We will then work with you to prepare the necessary documentation and, if necessary, adapt the website of your company according to our instructions, should there be a need for changes in order to achieve conformity. Depending on the package, we are then involved in a wide variety of processes in your company that require the expertise of a data protection officer to protect you in all matters; this usually extends to HR, marketing, product but also business development processes.
Our contract periods are either 12 or 24 months.
The data protection audit is intended to examine the processes of your company and to identify the essential points of data processing. You will then receive documentation of this so that the positions, the type of data processed and the persons responsible are also available as a diagram at any time.
If you and your company meet one or more of the following criteria, then YES:
- Your company employs more than 20 people
- The employees regularly process automated data
- Special categories of personal data are processed in the company, such as ethnic origin, political opinion, religious conviction, health, the person's sex life
- Business-related personal data is transmitted, collected, processed or used and this represents a core activity of the company (this is the case with almost all companies that are related to personnel, e.g. software, recruiting, headhunting, consulting, etc.)
According to the GDPR, personal data is all information that relates to an identifiable or identified natural person. The persons concerned can be identified if they can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, a location or other features. In practice, this includes all data that can be assigned to a person in any way. Examples of this are telephone numbers, ID numbers, account details, license plates, customer numbers, e-mail addresses or postal addresses.
As soon as you have decided to work with heyData, after an initial needs analysis, we will carry out a data protection audit with your company in order to understand the processes of your company holistically - this process is digitally accompanied and supervised by the data protection advisor. We will then work with you to prepare the necessary documentation and, if necessary, adapt the website of your company according to our instructions, should there be a need for changes in order to achieve conformity. Depending on the package, we are then involved in a wide variety of processes in your company that require the expertise of a data protection officer to protect you in all matters; this usually extends to HR, marketing, product but also business development processes.
The regular contract term is 24 months.
The data protection audit is intended to examine the processes of your company and to identify the essential points of data processing. You will then receive documentation of this so that the positions, the type of data processed and the persons responsible are also available as a diagram at any time.