On May 25, 2018, the GDPR came into force. Data protection officers are therefore becoming increasingly important for companies and associations. TeamDrive helps data protection officers organize personal data in a data protection-compliant manner.

What is a data protection officer?

A person charged with data protection can either be an employee of an organization themselves or be appointed externally. In the first case, a company data privacy officer reports directly to the management and monitors and evaluates all work processes from a data privacy perspective. An external data protection officer can advise several companies on all data protection issues. In order to perform his or her duties, a data privacy officer must have the necessary expertise, which he or she acquires in the course of further training.

Companies must provide data protection officers

As of May 25, 2018, the General Data Protection Regulation (GDPR) requires a company to appoint a data protection officer. This applies in particular if the company:

  • has at least nine employees and data processing of personal data takes place,
  • collects and manages personal data or
  • processes particularly sensitive data such as health data.

Personal data according to the GDPR is personal information such as:

  • Name, age, date of birth
  • Address data such as telephone number or e-mail address
  • identification card numbers as well as social security numbers
  • financial information
  • and health information.

There are two options for the company: appointing an external data protection officer or training an employee as a data protection officer. Smaller companies usually rely on an external data protection officer.

In principle, any employee in the company can be appointed as a data protection officer. However, according to GDPR, the following criteria must be met:

  • Proof of certain professional qualifications, which, however, are not specifically defined in the GDPR.
  • The data protection officer must have expertise in the area of data protection.
  • A data protection officer must not have a conflict of interest with his/her existing activities. This occurs particularly in smaller companies when the data protection officer continues to perform his or her existing duties.

If a company data protection officer is appointed, he or she must also be registered with the relevant supervisory authority. In addition, contact details must be published in public places such as the website. This includes, in particular, the telephone number or e-mail address of the officer.

The rights and duties of a data protection officer

The main task of a data protection officer is to monitor compliance with data protection law in the handling of personal data. If the data protection officer identifies one or more violations of regulations of the German Federal Data Protection Act (BDSG) or the new General Data Protection Regulation (GDPR) as part of his or her review of work processes, it is his or her task to work with management to find suitable measures to correct the violations.

As part of his function as an independent supervisory body, he is also responsible for working towards the establishment of an internal data protection organization within the company. Particularly important with regard to the new EU GDPR and the right to be forgotten is his monitoring function of the lawful disposal and deletion of personal data. To ensure that he can perform his duties in the long term and, above all, predominantly independently, he is subject to a duty of confidentiality and also has a right to refuse to testify. In addition, the employee’s employment in the company is secured by special protection against dismissal.

Right of complaint to the supervisory authority

Deficiencies in the processing of personal data do not always have to be uncovered by the data protection officer alone. If a violation of the GDPR is suspected, any private individual can report to the supervisory authority. The Federal Commissioner for Data Protection and Freedom of Information has compiled a list of all official data protection officers and all competent supervisory authorities.

Data protection officers and TeamDrive – data protection at the highest level

Data protection officers are jointly responsible for the security of personal data in particular. For this reason, high demands are also placed on their own data protection as part of their activities. Data storage in the cloud is a particularly important issue here. With TeamDrive, data protection officers can organize themselves in a completely data protection-compliant and simple manner. The basis for this is the server location of the online storage, because the storage as well as the processing of personal data is only possible on servers within the European Union without any problems.

Unlike other providers such as Microsoft or Google, TeamDrive only offers server locations in Germany for cloud computing. In addition, your sensitive data is already protected from being viewed by unauthorized third parties during loading into the cloud thanks to comprehensive end-to-end encryption. What’s more, the data is safe even if a data carrier is lost or stolen. In such a case, you can restore your data from a backup in just a few steps. In addition, TeamDrive offers comprehensive rights management, which allows you to distribute individual access rights at any time and maintain control over them.

Doctors and lawyers also rely on TeamDrive

Doctors, lawyers and tax consultants also rely on TeamDrive’s certified cloud. The high level of data security is an indispensable part of communication for these professional groups, especially when dealing with sensitive data of patients and clients. The secure data transfer coupled with the trusted “Made in Germany” make the TeamDrive software one of the most secure sync&share software in the world. Test TeamDrive today for comprehensive data protection!