Data Protection Status Assessment - Trigonum - Managementsysteme für Informationssicherheit und Datenschutz auf Basis Mircosoft 365

Data Protection Status Assessment

With the Trigonum Data Protection Check, you can quickly and easily get an overview of your current data protection level to identify potential weaknesses and risks transparently.

Only by knowing where your data protection level stands and how you're progressing can you navigate effectively and find the right strategy for tailored data protection. By combining comprehensive checklists that take into account the requirements of the General Data Protection Regulation (GDPR) and various recognized standards, long-term practical experience, and a targeted approach model, we can work with you to determine your position and find the right path to your Data Protection Management System.

Regular and structured status assessments are an essential part of active risk management. This is the only way you, as the responsible party, can detect vulnerabilities early, identify the need for action, and initiate appropriate measures to improve the level of data protection and IT security.

Our Data Protection Check is based on the legal requirements of the GDPR and internationally recognized security standards such as ISO 27701, ISO 27001, and IT-Grundschutz. This provides you with an objective and recognized assessment of your current data protection level. We use our own audit tool, which allows us to combine the various standards, support the audit process, and create a transparent and traceable report with concrete recommendations for action. We are happy to assist you with the further implementation of the recommendations and necessary measures and provide solution components that we will work with you to implement in a targeted manner.

For this purpose, we have developed our own approach model that enables companies to implement data protection in a legally compliant and requirement-oriented manner within the company, integrating it into existing business processes. Step by step, we will work with you to implement long-term, practical data protection within your company.

Only by knowing where your data protection level stands and how you're progressing can you navigate effectively and find the right strategy for tailored data protection. By combining comprehensive checklists that take into account the requirements of the General Data Protection Regulation (GDPR) and various recognized standards, long-term practical experience, and a targeted approach model, we can work with you to determine your position and find the right path to your Data Protection Management System.

Regular and structured status assessments are an essential part of active risk management. This is the only way you, as the responsible party, can detect vulnerabilities early, identify the need for action, and initiate appropriate measures to improve the level of data protection and IT security.

Our Data Protection Check is based on the legal requirements of the GDPR and internationally recognized security standards such as ISO 27701, ISO 27001, and IT-Grundschutz. This provides you with an objective and recognized assessment of your current data protection level. We use our own audit tool, which allows us to combine the various standards, support the audit process, and create a transparent and traceable report with concrete recommendations for action. We are happy to assist you with the further implementation of the recommendations and necessary measures and provide solution components that we will work with you to implement in a targeted manner.

For this purpose, we have developed our own approach model that enables companies to implement data protection in a legally compliant and requirement-oriented manner within the company, integrating it into existing business processes. Step by step, we will work with you to implement long-term, practical data protection within your company.

Our Services

  • Structured status assessment with a tool-supported approach
  • Preparation and planning of the status analysis
  • Independent and objective auditing
  • On-site or remote audits
  • Transparent results report
  • Identification of discrepancies and determination of necessary actions
  • Formulation of concrete recommendations for action

What We Offer

Professional Checklists

We work with comprehensive checklists that take into account the requirements of various recognized standards (GDPR, ISO 27701, ISO 27001, ISO 20000, TISAX, ISO 9001, etc.). These provide you with a holistic view of data protection and information security as well as other relevant standards such as IT service management or quality management if needed.

Years of Experience

Our consultants have extensive practical, leadership, and project experience in the areas of data protection, information security, organizational development, and business processes across various industries and companies, from SMEs to large corporations. Our team combines decades of know-how and experience in implementing data protection requirements, as well as building, operating, and developing data protection management systems. The wide range of our proven methods, procedures, and solutions enables a holistic view of challenges and helps avoid dead ends and mistakes.

Certified Consultants

Our team of consultants holds a variety of certifications from trusted institutions such as TÜV, DEKRA, and the Federal Office for Information Security (BSI). They are not only trained in the latest data protection and IT security practices, but they continuously expand their knowledge through regular training and real-world audits. This ensures that our consultants remain at the forefront of industry standards, allowing them to deliver high-quality, up-to-date consulting services tailored to your needs. Whether you are navigating GDPR compliance or building an integrated management system, our certified experts will guide you every step of the way.

Personal Consultation at Eye Level

Together with you, we develop tailored solutions for your company through open and personal exchanges on an equal footing. Our goal is to consider your wishes, ideas, and requirements in the individual solutions.

Location Hamburg - Active Nationwide and Internationally

Trigonum GmbH – based in Hamburg, active throughout Germany and internationally. Depending on your needs and preferences, we provide consulting to our clients both on-site and remotely.

Structured Approach Model

We have developed our own approach model for integrated management systems that addresses data protection and information security together to create synergies. This model considers the compliance requirements of relevant standards and regulations. In addition, we have developed a framework of measures, processes, templates, guidelines, and documents to effectively and sustainably translate extensive compliance requirements and evidence obligations into operational practice.

Our structured approach has allowed us to break down the complex requirements for building a GDPR-compliant data protection management system into manageable work and solution components—our Workpackages.

In addition to the structured approach model, our framework includes a holistic and audit-proven documentation concept that we rely on. This includes management manuals, process descriptions, guidelines, templates, forms, and implementation concepts.

Transparent Results Report with Concrete Action Recommendations

We provide you with a clear results report featuring transparent traffic light reporting. This gives you a structured overview of the current data protection and security situation, as well as the implementation status of the respective controls (requirements). Additionally, you receive professional feedback along with concrete action recommendations to help you safely achieve your goals.

Innovative DSMS Tool

For the creation and operation of a professional data protection management system, we have developed our innovative tool suite “TRIGovernance” for integrated management systems. This suite combines the necessary solution components, such as document management and control, information classification, asset and risk management (including DPIA), processing descriptions, as well as audit and task management, into a unique collaboration platform for integrated management systems.

Functioning and Audited Solution Components

Our solution components are not only carefully designed but have also been tested and refined through numerous audits. Each component is crafted to meet the highest standards of data protection and information security, ensuring compliance with relevant regulations such as GDPR and ISO standards. From document management to risk assessments, our solutions are designed to function seamlessly within your organization’s existing processes. This means you can rely on a comprehensive, tested framework that helps you maintain compliance while optimizing your workflows. Whether through independent audits or internal assessments, our solution components have demonstrated their effectiveness and practicality in real-world scenarios.

Data Protection Status Assessment – What Are the Benefits?

  • Identification of vulnerabilities
  • Transparency regarding discrepancies and areas requiring action
  • Raising awareness and sensitizing the company areas involved in the audit to data protection issues
  • Active risk management
  • Concrete recommendations for action within a proven approach model
  • Advice and guidance from experts with high data protection expertise
  • Flexibility through personal consultation and auditing on-site or remotely
  • Fast implementation through a proven approach model

Data Protection Status Assessment – What Are the Benefits?

  • Identification of vulnerabilities
  • Transparency regarding discrepancies and areas requiring action
  • Raising awareness and sensitizing the company areas involved in the audit to data protection issues
  • Active risk management
  • Concrete recommendations for action within a proven approach model
  • Advice and guidance from experts with high data protection expertise
  • Flexibility through personal consultation and auditing on-site or remotely
  • Fast implementation through a proven approach model

More on Data Protection

  • Status Assessment Approach
  • Our structured approach to the status assessment is conducted in four steps.

    Defining the Scope of Investigation
    The initial meeting with you is aimed at aligning the objectives, audit standards, and scope of the status analysis. In a personal exchange, the framework for the status analysis is established. This includes determining which companies (in a group context), departments, IT systems, and applications will be audited. Additionally, the participants and audit contacts are defined.

    Preparing for the On-site or Remote Audit
    To prepare for the audit, the necessary checklists are compiled, and the interview partners are selected. The checklists serve as interview guides and systematically document the status. They structure the audit and assist with document verification.

    Conducting the Status Assessment
    The status assessment is conducted through interviews based on the checklists. Together with the interview partners, the current implementation status of data protection is evaluated and compared with the standards’ requirements. Additionally, document audits are carried out.

    Creating the Results Report
    Based on the audit, a results report is created. This report identifies discrepancies, highlights risks and areas requiring action, and provides specific recommendations for improvement measures. It includes a combination of traffic light reports and annotated block and action overviews, giving the client a transparent status of the current data protection situation.

  • Transparent Results Report
  • As a result of your data protection status assessment, you will receive a clear and comprehensive results report on the state of data protection in your company. This provides transparency and serves as a foundation for further steps in building a professional data protection management system. The results report summarizes the findings from the audits and organizes them according to data protection processes. Trigonum uses a traffic light reporting system to show where action is still needed and which requirements have already been well implemented. Additionally, the report provides individual recommendations for implementing data protection in your company, along with measures and suggestions for building a DSMS. If desired, we can also assist with the implementation of these recommendations and measures.

  • Structured Approach Model
  • We have developed our own approach model for integrated management systems that addresses data protection and information security together to create synergies. This model considers the compliance requirements of relevant standards and norms, which we have consolidated into controls. In the next step, we developed a framework of measures, processes, templates, guidelines, and documents to sustainably and purposefully translate extensive compliance requirements and evidence obligations into operational practice.

    Our structured approach allows us to break down the complex requirements for building a GDPR-compliant data protection management system into manageable work and solution components—our Workpackages.

    The foundation for a functioning data protection management system is an initial audit for the status assessment. Only when we know where you currently stand can we plan the right path to your goal together.

    The advantage of this approach is that clear answers are provided to the following questions:

    • What measures are required to fulfill the controls?
    • Which “DSMS documents” are needed for a GDPR-compliant DSMS?
    • Which measures are typically covered in which documents?
    • Which requirements have already been implemented in our company, and what still needs to be done to meet the applicable standards?
    • What must be considered when establishing a GDPR-compliant data protection organization?
    • Who is responsible for what, and what are the next steps?

    This approach allows you to answer external auditors’ (e.g., data protection authorities, accreditation bodies) questions about the evidence requirements quickly and confidently.

    In addition to the structured approach model, our framework includes a holistic and audit-tested documentation concept. This concept comprises management manuals, process descriptions, guidelines, templates, forms, and implementation concepts.

  • Innovative Tool TRIGovernance
  • To meet the requirements of the General Data Protection Regulation (GDPR), particularly regarding risk management, documentation and evidence obligations, regular auditing, and continuous process improvement, it is essential to establish a data protection management system (DSMS). Ideally, this system should be integrated with other management systems relevant to your company (QMS, ISMS, etc.) to avoid duplication of effort and increase transparency.

    For this purpose, we have developed our innovative tool suite “TRIGovernance” for building and operating integrated management systems. This suite combines the necessary solution components, such as document management and control, information classification, asset and risk management (including DPIA), processing descriptions, and audit and task management into a powerful collaboration platform for integrated management systems. This way, companies have all the information and solution components centrally in one place, simplifying processes and leveraging synergies for the implementation of various management systems.

    If you would like to conduct a data protection check,
    contact us!

    Direct Contact with Trigonum:
    +49 40 3199 1618 0
    Trigonum GmbH
    Notkestrasse 9
    22607 Hamburg

      We need the data marked with an asterisk in order to process your enquiry. We process the data you enter in the contact form in accordance with our Privacy policy.