The topic of data protection is at the centre of public attention. The legal requirements in the national and international environment are becoming increasingly complex and harbour a number of unresolved issues. Breaches of data protection regulations can have drastic consequences for affected companies and their data controllers. This has been the case not least since the EU General Data Protection Regulation (GDPR) came into force on 25 May 2018.

Companies now face fines of up to four per cent of the previous year's global turnover for failing to maintain data protection-compliant processes. Fines that have already been issued show that the supervisory authorities are taking noticeable action. In particular, there has been a significant increase in the amount of fines imposed, with fines running into the millions. The GDPR also means that companies must be able to prove that they fulfil the requirements of the regulation - an effort that should not be underestimated.

Violations of data protection regulations can have drastic consequences

In addition to fines, data protection violations can have further consequences, such as claims for damages by data subjects or fines and prison sentences. The responsible bodies and managers can also be held personally liable if they fail to fulfil their supervisory duties. Not to mention the reputational damage associated with data protection breaches. Effective and efficient prevention of data protection breaches is therefore essential for companies. This requires the establishment of an appropriate and effective data protection management system.

Due to the complexity of the subject matter, the requirements of labour, criminal and telecommunications law as well as other laws must regularly be observed in addition to data protection requirements when processing personal data. Data protection issues play an indispensable role in the specific activities of all company units, i.e. not only the audit, compliance, HR, IT or security departments, but also the specialised departments. An interdisciplinary approach is required to answer organisational, legal and technical questions.

Ready to talk? Contact us

contact_phone

KPMG Forensic emergency hotline

We are there for you around the clock:

0800 SOS KPMG (0800 767 5764)

Email: de-sos@kpmg.com

Our range of services

KPMG helps you to recognise and apply the legal requirements for your company and also supports you in the context of prevention and in recognising and responding to data protection incidents.

Support in the conceptualisation and implementation of a data protection management system
Design and implementation of the core data protection processes relevant to this system, risk analyses and the central register of processing activities for the GDPR
Conceptualisation of extinguishing concepts
Ensuring the transparency requirements
Establishment of data protection-compliant service provider management with regard to third country transfers and order processing
Advice on order processing constellations and joint responsibility
Carrying out service provider audits

Adequacy and effectiveness review of the data protection management system according to recognised standards
Clarification and investigation of data protection or data security breaches
Support in communicating with the data protection supervisory authorities
Recommendations for any necessary reorganisation of systems and processes
Conducting training courses at both management and employee level
Advice on the legal requirements of the ePrivacy Directive and ePrivacy Regulation-E, where applicable.