Data Processing on Behalf A chain is only as strong as its weakest link! Legally Compliant – Professional – Pragmatic Whether you are a client or a service provider – we support you in meeting the legal requirements for secure data processing on behalf. Today, companies increasingly rely on external service providers to handle tasks. In many cases, this involves the transmission of personal data to third parties, which presents a particular challenge from a data protection perspective. To find a pragmatic solution, the legislator has defined ``processing on behalf`` (data processing), allowing external service providers to be classified, under certain conditions, as an internal department of the company from a data protection standpoint. As a result, there is no data transfer to third parties from a data protection perspective. However, data processing on behalf is tied to a series of obligations to ensure the protection of personal data. To implement data processing on behalf in a GDPR-compliant manner, several steps are necessary. First, a contract for data processing (data processing agreement) must be concluded with the service provider. The individual rights and obligations of both parties, which must be regulated in the data processing agreement, are defined in Article 28 of the GDPR. The data controller also has a duty of care in selecting the processor. This means that the controller may only work with processors who can adequately guarantee, in accordance with Article 28(1) GDPR, that “appropriate technical and organizational measures are implemented so that processing is carried out in compliance with the requirements” of the GDPR and the rights of the data subjects are protected. This must be ensured not only at the start but throughout the entire duration of the contractual relationship. We are happy to help you ensure compliance with the legal requirements for data processing on behalf – regardless of whether you are a client or a service provider. We also assist you with the legally required and regularly scheduled audits of your service providers. Today, companies increasingly rely on external service providers to handle tasks. In many cases, this involves the transmission of personal data to third parties, which presents a particular challenge from a data protection perspective. To find a pragmatic solution, the legislator has defined ``processing on behalf`` (data processing), allowing external service providers to be classified, under certain conditions, as an internal department of the company from a data protection standpoint. As a result, there is no data transfer to third parties from a data protection perspective. However, data processing on behalf is tied to a series of obligations to ensure the protection of personal data. To implement data processing on behalf in a GDPR-compliant manner, several steps are necessary. First, a contract for data processing (data processing agreement) must be concluded with the service provider. The individual rights and obligations of both parties, which must be regulated in the data processing agreement, are defined in Article 28 of the GDPR. The data controller also has a duty of care in selecting the processor. This means that the controller may only work with processors who can adequately guarantee, in accordance with Article 28(1) GDPR, that “appropriate technical and organizational measures are implemented so that processing is carried out in compliance with the requirements” of the GDPR and the rights of the data subjects are protected. This must be ensured not only at the start but throughout the entire duration of the contractual relationship. We are happy to help you ensure compliance with the legal requirements for data processing on behalf – regardless of whether you are a client or a service provider. We also assist you with the legally required and regularly scheduled audits of your service providers. Our Services Support in complying with the legal requirements for data processing on behalf (GDPR) Assistance with the auditing of service providers (service provider audits) Guidance and advice for clients and service providers in implementing processes for data processing on behalf and service provider management Professional data protection consulting and support from experts What We Offer Increased Security Through Certified and Qualified Consultants For your security and compliance, our consultants have earned a wide variety of certifications from organizations such as TÜV Rheinland, TÜV Nord, DEKRA, the Data Protection Certification Company mbH (DSZ), and the Federal Office for Information Security (BSI). They are available to you as certified data protection officers, data protection auditors (DSZ), ISO 27001 lead auditors, ISO 27001 audit team leaders of the BSI, IT baseline protection auditors (BSI), ISO 20000 auditors, and IT security officers to enhance security in your company. Personal Consultation at Eye Level Together with you, we develop practical, tailored solutions for your company through open and personal exchanges on an equal footing. Our goal is to consider your wishes, ideas, and requirements in the individual solutions. Years of Experience Our consultants have extensive practical, leadership, and project experience in the fields of data protection, information security, organizational development, and business processes across various corporate areas and industries in SMEs and large corporations. Within our team, we combine decades of knowledge and experience in implementing data protection requirements, as well as in the establishment, operation, and further development of data protection management systems. The wide range of our proven methods, procedures, and solutions enables a holistic approach to addressing challenges and helps to avoid mistakes. Comprehensive Expertise Our experienced and highly qualified data protection and information security team possesses interdisciplinary competencies in the areas of data protection, information security, law, and IT. The team, consisting of legal experts, IT professionals, economists, certified data protection officers, ISO 20000 auditors, IT security officers, as well as ISO 27001 auditors and ISO 27001 lead auditors, supports you in complying with legal requirements as an external data protection officer. Through continuous training and education and ongoing knowledge exchange in the fields of data protection and IT and information security, our consultants maintain a high level of expertise and stay up to date. Location Hamburg – Active Nationwide and Internationally Trigonum GmbH – based in Hamburg, active nationwide and internationally. Depending on your needs and preferences, we advise our clients both on-site and remotely. Data Processing on Behalf – What Benefits? Compliance with the legal requirements of the GDPR GDPR-compliant data processing on behalf Avoidance of fines and penalties Benefit from professional and proven templates and frameworks Access to up-to-date data protection expertise through regular training of our consultants and participation in committees. We continue to learn for you! Flexibility through personal consultation on-site or remotely Data Processing on Behalf – What Benefits? Compliance with the legal requirements of the GDPR GDPR-compliant data processing on behalf Avoidance of fines and penalties Benefit from professional and proven templates and frameworks Access to up-to-date data protection expertise through regular training of our consultants and participation in committees. We continue to learn for you! Flexibility through personal consultation on-site or remotely More on Data Protection Integrated DSMS + ISMS In today’s world, data protection and information security can no longer be viewed in isolation. It is increasingly important to address the requirements of both disciplines regarding the technical and organizational measures (TOMs) in an integrated manner. A key success factor for an effective data protection and information security management system is also its integration into existing business processes to avoid duplication of work and impractical solutions. Based on these insights, Trigonum has developed an integrated approach that aligns with the requirements of the General Data Protection Regulation (GDPR), ISO 27701, ISO 27001, TISAX, and other recognized standards, addressing both information security and data protection together. Structured Approach Model We have developed our own approach model for integrated management systems that addresses both data protection and information security together to create synergies. This model considers the compliance requirements of relevant standards and norms, which we have consolidated into controls. In the next step, we developed a framework of measures, processes, templates, guidelines, and documents to sustainably and effectively translate the extensive compliance requirements and obligations into operational practice. Through our structured approach, we have succeeded in breaking down the complex requirements for establishing a GDPR-compliant data protection management system into manageable work and solution components – our work packages. The foundation of a functioning data protection management system is an initial audit to determine the current status. Only by knowing where you currently stand can we plan the appropriate path to the goal together. The advantage of this approach is that it provides clear answers to the following questions: What measures can be taken to meet the requirements (controls)? What “DSMS documents” need to be created for a GDPR-compliant DSMS? Which measures are typically regulated in which documents? What requirements have already been implemented in our company, and what still needs to be done to meet the respective audit standards? What do I need to consider when setting up a GDPR-compliant data protection organization? Who is responsible for what, and what are the steps I need to take? This will enable you to quickly and confidently answer questions from external auditors (e.g., data protection authorities, accreditation bodies) regarding the documentation and evidence obligations. In addition to the structured approach model, our framework includes a holistic and audit-proven documentation concept. This includes management manuals, process descriptions, guidelines, templates, forms, and implementation concepts. Protecting Data and Knowledge More and more companies are recognizing the importance of information and data in the digital age, so alongside the legally required protection of personal data, the protection of corporate knowledge is also becoming a focus. Information and data are valuable assets for companies and must be appropriately protected. Since most information and personal data today are at least partially created, stored, transmitted, or processed with information technology (IT), it is necessary to take measures to ensure the adequate protection of this information. Simply purchasing antivirus software, firewalls, or data backup systems is often no longer sufficient to achieve an adequate level of security for all business processes, information, and IT systems within a company. To meet this challenge, a holistic concept is essential. This primarily includes a functioning and integrated security management system within the company. To achieve this, so-called TOMs (technical and organizational measures) must be implemented as part of risk management to ensure the confidentiality, integrity, and availability of information, applications, and IT systems. This is a continuous process in which strategies and concepts must be regularly reviewed for their effectiveness and adjusted as needed. Trigonum supports companies in building tailored data protection and/or information security management systems to adequately protect both personal data and corporate knowledge. Innovative Tool TRIGovernance To meet the requirements of the General Data Protection Regulation (GDPR), particularly in risk management, documentation and evidence obligations, regular auditing, and continuous improvement of defined processes, it is necessary to establish a Data Protection Management System (DPMS). Ideally, this should be integrated with other relevant management systems for your company (QMS, ISMS, etc.) to avoid duplication of work and increase transparency. For this purpose, we have developed our innovative tool “TRIGovernance” for the creation and operation of integrated management systems. The close integration of solution components for document management and control, information classification, asset and risk management, processing descriptions, data protection impact assessments, as well as audit and task management, makes “TRIGovernance” a powerful collaboration platform for integrated management systems. This allows companies to centralize all information and solution components in one place, streamline processes, and leverage synergies for mapping different management systems. If you need help with data processing on behalf, get in touch with us! Der direkte Draht zu Trigonum: +49 40 3199 1618 0 Trigonum GmbH Notkestrasse 9 22607 Hamburg Your Name* Bitte lasse dieses Feld leer. Your E-Mail-Adresse* Bitte lasse dieses Feld leer. Subject* Your message (optional) We need the data marked with an asterisk in order to process your enquiry. We process the data you enter in the contact form in accordance with our Privacy policy.