Yes, your company absolutely needs a processing directory.

It is an essential part of GDPR compliance and serves to transparently document all processing of personal data. This directory is crucial in order to be able to prove that you comply with data protection regulations in the event of inspections by supervisory authorities or in the event of data breaches. It minimizes the risk of fines and strengthens your customers' trust in your company. A processing directory is therefore not only a legal necessity, but also a tool for documenting your company's sense of responsibility towards data protection.

The processing directory must contain the following information:

• Controller: Name and contact details of the controller (and, if applicable, the data protection officer).
• Processing purposes: Purposes for which personal data is processed.
• Categories of data subjects: For example, customers, employees, suppliers.
• Categories of personal data: For example, names, addresses, e-mail addresses.
• Categories of recipients: Who receives the data? For example, third parties, external service providers.
• Data transfers: Information about data transfers to a third country or an international organization.
• Deletion periods: Periods after which the various categories of data are routinely deleted.
• Technical and organizational measures (TOMs): Description of the security measures used to protect the data.

This information is necessary to demonstrate compliance with data protection regulations and to ensure transparency regarding data processing within the company.

The creation of your processing directory with DIETER works by answering simple questions and a comprehensive range of predefined data processing processes. This ensures that all mandatory information is included in the processing directory .The result is a complete document with all the necessary information.

No specialist or prior knowledge is required to answer the questions.

Your processing directory can be adapted again and again and thus respond flexibly to actual or technical changes. changes. DIETER itself has taken the legal changes and always provides you with the latest legally compliant version.

Yes, your company needs a deletion concept.

The erasure concept is an essential component of data protection and ensures that personal data is not stored for longer than is necessary for the purpose of processing. The GDPR explicitly requires that data whose storage no longer serves a legitimate purpose must be deleted. A structured deletion concept is therefore not only a legal necessity, but also an expression of a sense of responsibility towards the data protection interests of the data subjects.

Your company's deletion concept must include the following points:

• Data types: List of the types of personal data that are processed.
• Deletion periods: Definition of the period after which or the conditions under which the various types of data are deleted.
• Deletion methods: Description of the technical procedures used to delete the data.
• Responsibilities: Assignment of responsibilities for carrying out the deletion process.
• Data protection measures: Details of the security measures taken during the deletion process to protect the data.
• Documentation and verification: Procedure for documenting the deletion processes as proof of GDPR compliance.

These points ensure that your company complies with the requirements of GDPR with regard to the proper deletion of personal data.

The creation of your er asure concept with DIETER is largely automatic. We derive the necessary information from your details on the processing activities and create a customized erasure concept for your company.

This also ensures that all mandatory information is included and that you receive a legally compliant document.

No specialist or prior knowledge is required to answer the questions.

Your deletion concept can be adapted again and again and thus react flexibly to actual or technical changes. changes. DIETER himself has taken the legal changes and always provides you with the latest legally compliant version.

All companies must meet the requirements of GDPR . This applies regardless of the number of employees and therefore even for sole traders and solo self-employed persons. With Dieter, you no longer have to worry. We take care of everything you need to fulfill your legal obligation.

Warning letters due to GDPR violations have increased steadily in recent years. This is exemplified by the numerous warnings for the GDPR-compliant use of Google Fonts in the summer of 2022. Irrespective of the fact that some of these warnings were not lawful, they were based on a decision by the LG Munich in January 2022. In addition, the European Court of Justice (ECJ) ruled at the end of 2022 that consumer associations are generally entitled to issue warnings for a GDPR violation. These (and other) court decisions suggest further waves of warning letters. These can affect all companies that do not take care of their legal obligations.

In Germany, around 85% of all German companies were victims of a cyber attack in 2022. Each affected company incurred average costs of around €20,000 per incident. In addition, around 20% of customers terminate their contracts with affected companies or delete their accounts. Implementing mandatory technical and organizational measures (TOMs) alone significantly reduces the risk of being affected.

Almost all German companies use services from companies (Google, Microsoft, Meta, Amazon, etc.) with which an international data protection contract (SCC/JC) must be concluded. In addition, digital service providers necessarily "receive" personal data from their clients for the service they offer. In these cases, it is imperative to check whether and with whom so-called order processing agreements (AVVs) must be concluded. Dieter takes over this check and also always provides the correct contract.

79% of Internet users are afraid of "data misuse". And quite rightly so! Because since 2022, personal data has been legally equivalent to a currency. Awareness of this is growing all the time. This data should be just as secure as a bank account. And that is what the implementation of the GDPR ensures.

More than 2/3 of the participants in a study on "Consumer data and data protection" (commissioned by McKinsey & Company) stated that they would no longer want to be a customer of or work with a company that does not protect their data or passes it on without a legal basis. It also proves that responsible handling of personal data and compliance with all legal obligations is a clear competitive advantage.

It refers to the fact that every person has the right to determine for themselves what personal (and therefore very private) data about them is collected, stored and used. It also provides the opportunity to prevent abuse, fraud and discrimination. Data protection is thus an essential component of the (fundamental) right to informational self-determination under the German Basic Law. This right protects the privacy, identity and freedom of every person and is therefore essential for a democratic society. Respecting it should be a matter of course for every company.