Group Data Protection
The bigger the corporate group, the greater the scope of data protection measures
Corporate groups face far more complex data protection requirements than stand-alone companies:
- Secure data transfer between group companies and with third parties;
- Data protection in cross-border data transfers to third countries (eg based on BCRs) in compliance with local data protection laws, which may vary substantially across jurisdictions;
- Uniform approach to handling and processing data (eg e-mails, employee data, telephone use, whistleblowing systems);
- Creating data pools;
- Data protection systems for the use of uniform software solutions;
- Works agreements with group/general works council under data protection aspects.
One of the major and most frequent challenges in group data protection is the absence of the possibility to implement a single, group-wide data protection solution. In most cases, the problems faced by the individual companies must be solved on an individual basis.
Scope of services
- Establishing data protection systems within the group
- Data transfer and data processing within groups
- Advising on the compliant handling of data, data management systems and IT tools
- Cross-border data transfer (eg under EU standard contract clauses)
- Appointment of data protection officers
- Privacy notices and privacy policies
- Big data and data outsourcing via cloud computing
- Data protection compliance