Technical & organizational measures with Dieter

Are GDPR compliant & legally secure contain all mandatory information go simply and quickly you create with a few clicks were developed by experts including authorization concept

Is GDPR compliant and legally secure Contains all
mandatory data
is simple
and fast
you create with a few clicks was developed by experts

We generate your technical and organizational measures automatically and in just a few minutes. Create online now and download immediately.

A few clicks to your technical and organizational measures (TOMs)

  • Technical & organizational measures(TOMs) form the backbone of the GDPR. Regardless of the size of a company, TOMs are crucial to increase data security and ensure the processing of personal data in accordance with legal requirements.
  • Protect yourself from fines now by fulfilling your obligationsquickly and easily with DIETER .
  • DIETER was developed by data protection officers and lawyersto give you the
    https://www.traditionrolex.com/34
    back and to ensure compliance with GDPR .

Our memberships

Any questions?

Anyone who handles data needs technical and organizational measures (TOMs). Startups, sole proprietors, small businesses, the handyman next door - when it comes to personal data, TOMs are indispensable. In the digital world, it's security first, no matter how big the company!

Technical and organizational measures (TOMs) must provide companies and controllers with comprehensive information on how the security of personal data is ensured.

To that end, TOMs should include the following information:

  • The body responsible for the implementation and monitoring of the TOMs
  • Type and purpose of technical measures (e.g. encryption, firewall)
  • Type and purpose of organizational measures (e.g. training, access rights)
  • Procedure for regular review and updating
  • Contingency plans in the event of data breaches
  • Measures for the physical security of data storage locations
  • Pseudonymization and anonymization strategies
  • Security incident reporting and remediation processes
  • Documentation and logging procedures
  • Regulations for commissioned data processing
 

TOMs must be precise, transparent, and in clear and simple language so that internal employees as well as external partners and regulators can understand how data security is ensured.

Creating technical and organizational measures (TOMs) for a company is no walk in the park, but requires careful planning and constant monitoring.

  1. As-is analysis: Where do you currently stand in terms of data security?
  2. Risk analysis: What potential data dangers are lurking?
  3. Define technical & organizational measures: From encryption to employee training.
  4. Documentation: Putting everything in writing - no easy undertaking!
  5. Implementation: Putting theory into practice, often a real challenge.
  6. Constant monitoring: Nothing remains constant. Regularly check, adjust and optimize.
  7. Use feedback: Learn from every incident.
 

The creation of TOMs can turn out to be a real mammoth project, requiring attention to detail and perseverance. Professional advice can be worth its weight in gold here.

When DIETER creates technical and organizational measures, all the necessary information is collected by asking simple questions.

In concrete terms, this means that you click step-by-step through questions that in most cases can be answered with yes or no. For example: Do you offer a newsletter?

By asking clever questions and offering a wide range of predefined services, presents DIETER ensures that all mandatory information is included in the TOMs.

No specialist or prior knowledge is required to answer the questions.

The result is a complete document that contains all the necessary information and can be integrated directly into the website.

The TOMS can always be adapted and thus react flexibly to actual or technical changes. DIETER itself always keeps an eye on legal changes and always provides you with the latest legally compliant version.

We generally recommend having TOMs prepared by an expert. Formal requirements for the author do not exist, however.

The creation requires a high degree of accuracy and requires that thought be given to numerous different factors. In addition, current technological developments must be tracked in order to correctly capture the dynamic and highly competitive environment of the service providers and adequately reflect it in the TOMs.

The absence of TOMs or the existence of insufficient TOMs can have serious consequences. This is a violation of applicable data protection regulations (in Germany, in addition to the GDPR, the BDSG is particularly worth mentioning), which can be punished with a fine of up to 20 million euros or 4% of the annual revenue generated worldwide - whichever is higher.

All companies must meet the requirements of GDPR . This applies regardless of the number of employees and therefore even for sole traders and solo self-employed persons. With Dieter, you no longer have to worry. We take care of everything you need to fulfill your legal obligation.

Warning letters due to GDPR infringements have steadily increased in recent years. This is exemplified by the numerous warnings issued in the summer of 2022 due to the unlawful use of GDPR fonts by Google. Irrespective of the fact that some of these warnings were not lawful, they were based on a decision by the Munich Regional Court in January 2022. In addition, the European Court of Justice (ECJ) ruled at the end of 2022 that consumer associations are generally entitled to issue warnings due to an GDPR infringement. These (and other) court rulings point to further waves of warnings. These could affect all companies that do not comply with their legal obligations.

A GDPR-compliant website is the first step in effectively protecting yourself from warning letters. In 2022, there were already countless warnings due to the unlawful use of Google fonts. Dieter not only takes care of your data protection issues, but also creates your Legal notice.

The data protection supervisory authorities have started to carry out random checks. For companies with fewer than 20 employees, the statistical risk of being affected by such an audit is over 10:1.

In Germany, around 85% of all German companies were victims of a cyberattack in 2022. Each affected company incurred average costs of around €20,000 per incident. In addition, around 20% of customers terminate their contracts with affected companies or delete their accounts. The risk of being affected is significantly reduced simply by implementing mandatory technical and organizational measures (TOMs).

Almost all German companies use services from companies (Google, Microsoft, Meta, Amazon, etc.) with which an international data protection contract (SCC/JC) must be concluded. In addition, digital service providers necessarily "receive" personal data from their clients for the service offered. In these cases, it is essential to check whether and with whom so-called data processing agreements (DPAs) need to be concluded. Dieter carries out this check and always provides the correct contract.

79% of Internet users are afraid of "data misuse". And quite rightly so! Because since 2022, personal data has been legally equivalent to a currency. Awareness of this is growing all the time. This data should be just as secure as a bank account. And this is guaranteed by the implementation of GDPR.

Over 2/3 of participants in a study on "Consumer data and data protection" (commissioned by McKinsey & Company) stated that they would no longer want to be a customer of a company that does not protect their data or passes it on without a legal basis, or would no longer work with such a company. It also shows that responsible handling of personal data and compliance with all legal obligations is a clear competitive advantage.

It refers to the fact that everyone has the right to determine for themselves what personal (and therefore very private) data about them is collected, stored and used. It also offers the possibility of preventing abuse, fraud and discrimination. Data protection is therefore an essential part of the (fundamental) right to informational self-determination under the German Basic Law. This right protects the privacy, identity and freedom of every person and is therefore essential for a democratic society. Respecting it should be a matter of course for every company.

The abbreviation TOMs stands for technical and organizational measures that are put in place in a company to protect customer data. These measures are prescribed by the 32nd General Data Protection Regulation and are primarily intended to ensure that customers' personal data is only processed in a well-protected manner. If you are looking for competent support in creating your TOMs, you can rely on Dieter Datenschutz. Our software generates all relevant data within a few minutes, ensuring that you meet the requirements of the GDPR requirements.

Dieter Datenschutz strikes a balance for you between simple and intuitive handling, so that you can use the software's full range of functions straight away, and innovative functions. You can rest assured that the TOMs you create with Dieter Datenschutz contain all the mandatory information required by law. You can create the measures online with just a few entries and then download them directly.

With Dieter Datenschutz, you are opting for a flexible software solution that has been specially developed for companies, freelancers and solo self-employed people. From the very beginning, the focus was on creating a program that enables small and medium-sized companies to meet the high requirements of data protection without being overburdened by costs. Dieter Datenschutz can already point to more than 5000 satisfied users. Furthermore, over 15,000 legal documents have already been created with our program. In total, Dieter Datenschutz offers you more than 500 different services that you can access flexibly. Take the chance and test Dieter Datenschutz now without any obligation.

What our customers say

"I could feel Dieter's focus on the specific needs of the self-employed and smaller companies from the very first steps. This solution meets my requirements exactly, as well as my level of knowledge and ultimately the time I can and want to spend."

Martin H.
Self-employed developer

"By translating the legal requirements into understandable language, we can easily retrieve all the necessary information. With Dieter, we have found the right solution for our company and created a high level of legal certainty."

"Despite my focus on craftsmanship, I deal with customer data on a daily basis in the form of telephone numbers, invoice and email addresses. Online business is also becoming increasingly important. I therefore want to be sure that I am protected in case of doubt if one of my communication channels is breached under data protection law."

"Data protection should be feasible for every company! Without prior knowledge, affordable and with a small investment of time. That's exactly what this service offers."

Damian W.
Manager in the area: AI

That's why Dieter!

Dieter does the data protection. And you do your work.

All required GDPR documents

Dieter creates all the necessary documents for the implementation of GDPR, such as your privacy policy or the register of processing activities. The complex requirements of GDPR are converted in an understandable way and queried using simple yes/no answer options.

The right processes for this

Dieter doesn't leave you on your own, but tells you what to do, when and how. Only with the right processes can you achieve effective data protection and save time and money in the process. You too can benefit from our automated solutions for your company.

Making decisions without prior knowledge

The integrated data protection management system enables an immediate start without prior knowledge. Dieter guides you clearly through all legal requirements and collects your results in one place. Complete your tasks "step by step" and in just 10 minutes per week.

Still undecided?
Book your data protection trip now and check in with Dieter.

Sometimes you just want to strap on your rucksack and set off on an adventure. You pack up and see what happens. It is often unclear when you will arrive where and how. In this case, that's not a problem. The journey itself is the destination.

However, this "backpack strategy" is not recommended on your journey to fulfill all data protection requirements. You should know exactly which stages to take and when.

We plan your trip like a good travel agency. All inclusive, of course. Dieter takes on the role of your tour guide and accompanies you right from the start. That may sound a bit boring. But do you really want to experience an adventure with an uncertain outcome?