Data privacy

Implementation of the GDPR - together with the data privacy experts from dhpg
Data privacy

The data privacy experts at dhpg will support you with your project

Whether you want to draft a data protection declaration for your website or establish a data privacy guideline or strategy for your company - you can count on the experienced data privacy experts at dhpg. Our lawyers and certified data security officers are very familiar with the GDPR and know what counts when implementing the General Data Protection Regulation. Personal data are important assets of a company. The sensitive handling of these data, i.e. their processing and storage in compliance with the GDPR, is not only a compliance issue but also crucial to a company's repute. You can rest assured that you are in safe hands with us.   

What tasks can we perform for you?

Why dhpg?

One less worry

Data are of great economic importance to companies, and their use is a key factor conditioning success. This makes it all the more important to devote the utmost attention to sensitive data and ensuring their security. You can place all the tasks involved in the hands of our experienced data privacy experts with a clear conscience. 


Wide-ranging expertise

Our data privacy experts are lawyers with many years of experience in dealing with data privacy and government authorities. This is precisely why many companies have appointed us as their external data security officer. In addition, you also benefit from our keeping a close and vigilant eye on other topics and industries.


Time savings

We specialise in standardised and optimised processes. What does this mean for you? You have time to concentrate on those tasks essential to your company. Because there's one thing we don't want: to leave you, the person in charge of a company, mired down in some time-consuming project. 


Cost transparency

Being able to budget costs make your calculations easier. We can deliver here - in the form of an annual flat rate with a clearly defined range of services.

Your contact persons for data privacy

Would you like to get together for a personal meeting to obtain advice? We would be happy to schedule a non-binding appointment with you so that we can get to know each other. We look forward to your call or e-mail and to meeting you.

To the contact persons

FAQ - Questions about data privacy

Checklist on the GDPR: What are the key points of the General Data Protection Regulation?

  • Data use: Personal data may only be used with written consent or on a legal basis.
  • Data security: Companies are obliged to take technical and organisational measures to protect personal data and to document this.
  • Right to be forgotten: If data subjects so desire, companies must delete their data from all directories.
  • Documentation of protection: Companies must document the protection and risk-mitigating measures they take to protect data.
  • Data privacy impact assessment: Prior to data processing, a detailed report must be issued explaining the foundations upon which the data processing is to be carried out and how risks are to be assessed.
  • Reporting of data breaches: If data breaches occur, the data subject and supervisory authority must be informed within 72 hours.
  • Severe fines: Non-compliance can result in severe fines of up to € 20 million or up to 4% of the annual turnover of the entire group.

What must a data privacy guideline contain?

A data privacy guideline is a binding instruction from the employer to the employees. It must be ensured that all employees have been made aware of the content of the data privacy guideline. For this purpose, the guideline should be handed out in writing and countersigned. A data privacy guideline must always be individually tailored to the company concerned, so there is a certain amount of latitude. Nevertheless, there are a few rules and arrangements that definitely need to be included in the guideline, especially technical-organisational measures, or TOMs for short. These include inter alia:

  • Use of IT
  • Use of data carriers
  • reation of data backups
  • Password management
  • Use of the company's internal e-mail accounts
  • Storage and deletion of personal data
  • Work instructions
  • Dealing with data subjects' rights

The contents of the guideline should be defined in close consultation between management, the IT department and the data security officer. The data privacy experts at dhpg will be happy to help you with this. 

Why do I need a data protection declaration?

You always need a data protection declaration if you operate a website and collect and process personal data on it. This is not only necessary in obvious cases, like when you use a contact form. In this case, you should inform your users precisely that their personal data will only be stored and used for the purpose of the contact, i.e. to answer a question, to send goods, etc. Any use above and beyond this data protection declaration is not in compliance with the GDPR and therefore punishable by law. As the operator of a website, however, you also process personal data in a manner that is not immediately recognisable. This includes, for example, log files and IP addresses that the server queries. You must also inform users of your website about this as well in your data protection declaration. Likewise, you need to list all information and data collected with the use of cookies and plug-ins in detail here. 

The data protection declaration should be quickly available, i.e. accessible with one click from the homepage. It is best to also inform your users about their rights as data subjects in the data protection declaration and state who they can contact in the event of a breach. This is usually the company's data security officer. 

What exactly are personal data?

Basically, personal data are considered to be all information or data that can be used to identify a specific person. This includes, for example:

  • Name
  • Address
  • Telephone number
  • Credit card or personal number
  • Car license plates
  • Account details
  • Online data such as IP address or location data 

Physical data, such as hair or eye colour, also fall under this category. In addition, there is so-called special personal data, which are particularly sensitive and all the more deserving of privacy. These include political opinions, ethnic origin or medical data.  

What is a data privacy strategy?

A data privacy strategy supports the protection of data privacy at companies and is a compliance issue. The data privacy strategy should be clearly structured and specify the tasks for all departments and positions in the area of data privacy. This way, everyone involved can understand which measures they have to take to ensure data privacy. It thus lays down an internal control framework. Just like the data privacy guideline, the details of the data privacy strategy depend on the company and its structures and varies in scope accordingly. A few central components must be integral parts of the data privacy strategy, however. These include:

  • Register of processing activities
  • Legal basis (GDPR)
  • How the deletion of data is dealt with
  • Contract processing
  • Appointment of the data security officer
  • Definition of access authorisations
  • Provision of information in the event of data breaches

The data privacy strategy should be drawn up in close consultation between the management and the data security officer and regularly checked to make sure it is up-to-date and compliant.

What data privacy means to us

Data - especially personal data - are of great economic importance. It is an important asset for companies, and their use is a key factor in a company's success. This makes it all the more important to pay the utmost attention to data and their security. It is necessary to be aware of what personal data are stored and processed at a company. Leverage the knowledge of our data privacy experts to implement important aspects of the GDPR at your company. We will be happy to provide you with a GDPR checklist tailored to your individual needs or carry out a target/actual analysis right away. Our data security officers specialise in the creation of a holistic data privacy strategy for companies - this includes the drafting of a data privacy guideline as well as a data protection declaration. Contact us if you would like to professionally implement the General Data Protection Regulation at your company - our data protection officers will be happy to support you. 


Get in touch with us

Mail Contact form Telefon +49 228 81000 0
By uploading the YouTube video, you consent to cookies being set by YouTube and Google and to data being transferred to these providers. We process the data in order to be able to analyse access to our YouTube videos or to evaluate the effectiveness of our advertising and ads. YouTube and Google also process the data for their own purposes. In addition, you also agree that your data may be transferred to the USA, although there is a risk in the USA that the US authorities may gain access to your data for surveillance purposes and that you may not have adequate legal protection against such. You will find further information in our Data Protection Policy.
Load YouTube Video