Data Protection Management. HWD operates a data protection management system. To this end, HWD has appointed a data protec- tion officer, who maintains the data protection management system and reports directly to the manage- ment. Within the scope of the data protection management system HWD logs all procedures and ac- tions that involve the processing of personal data in internal company procedure directories. Likewise, HWD operates an ISMS according to ISO-27001 on the basis of IT-Grundschutz and has been certified by the (German) Federal Office for Information Security (BSI) according to this standard. The certificate is re-assessed on an annual basis, and every three years a new application has to be submitted and a full audit performed. Technical organizational measures are audited on an annual basis, also within the annual certificate surveillance audit. Within the framework of the data protection management system, HWD makes data protection impact assessments, if the need is identified. Additionally, HWD ensures, that all staff commit to compliance with confidentiality and data protection laws in writings, and renew their commitment annually. Likewise, a periodic awareness-raising and training process of all staff has been established.
Data Protection Management. Description of existent or taken measures by processor: Demonstrable compliance with data protection regulation through • Company data protection is an ongoing compliance process • Appointment of an external Data Protection Officer • Appointment of an internal Information Security Officer • Ongoing update sessions regarding any changes or new data protection regulation • Setting up company data protection guidelines and • Continuous improvement process • Records of processing activities • Information requirements according to Art. 13 & 14 GDPR available • Contract management • IT Security policies • Internal regular Data Protection Awareness Training • Process for data breaches is available and documented • Data protection is included in the vendor management internal policy
Data Protection Management. The Contractor's employees are regularly informed about the requirements of data protection. All of the Contractor's employees commit to data secrecy and agree to maintain confidentiality. This is documented in a docket. A data protection officer has been appointed who is involved with all questions concerning the protection of personal data. The data protection officer monitors compliance with the requirements of data protection and is supported by data protection coordinators.
Data Protection Management. Documented security concept ● external data protection officer ● minimum annual review of the effectiveness of the technical protection measures ● training of employees with regard to the confidentiality of personal data ● commitment of employees to data secrecy ● data protection impact assessment is conducted on a regular basis
Data Protection Management. Objective: Demonstrable compliance with data protection and data protection regulations Existing / implemented measures: • Privacy policy • Privacy trainings • Data protection obligation for employees • Data protection guidelines for visitors and external partners • Certificates of conduct of the employees without entries, annual update • Involvement of the internal data protection officer • Reporting process in case of data breaches • Order data agreement • IT terms of use and security policy • Compliance hotline
Data Protection Management. The data protection at Atos is organized in a global organization with data protection officers and legal experts for the individual Global Business Units (GBU) and countries. The GBU Germany has a data protection office with three appointed Data Protection Officers and at least one legal expert. The Data Protection Office is part of the data protection and information security organization, which regularly exchanges on its topics. The Group Data Protection Policy is the basis for data protection at Atos, which describes the principles of data pro- tection as well as the processes concerning the rights of the persons concerned, audits, training and awareness rais- ing and refers to the global information security policy with its further regulations. The Data Protection Office provides predefined documents in the Atos Integrated Management System (AIMS), such as forms, checklists, manuals, and work instructions used in HR and business processes. All employees are commit- xxx to data secrecy and the observance of company and business secrets and are dependent on GDPR, Articles 29 and 32 (4) to process personal data only on the instructions of the data controller. In addition, they were obliged to comply with the Telecommunications Act (Section 88) and, if appropriate, to safeguard social secrecy and / or bank secrecy. In annual mandatory training sessions, Atos employees must update their privacy awareness. The technical and organizational measures for data protection pursuant to GDPR, Article 32, are regularly reviewed within the scope of the ISO certification and the ISAE3402 audits. In addition, internal process audits also take ac- count of data protection-relevant issues.
Data Protection Management. The data protection at Atos is organized in a global organization with data protection officers and legal experts for the individual Global Business Units (GBU) and countries. The GBU Germany has a data protection office with three appointed Data Protection Officers and at least one legal expert. The Data Protection Office is part of the data protection and information security organization, which regularly exchanges on its topics. The Group Data Protection Policy is the basis for data protection at Atos, which describes the principles of data protection as well as the processes concerning the rights of the persons concerned, audits, training and awareness raising and refers to the global information security policy with its further regulations. The Data Protection Office provides predefined documents in the Atos Integrated Management System (AIMS), such as forms, checklists, manuals, and work instructions used in HR and business processes. All employees are committed to data secrecy and the observance of company and business secrets and are dependent on GDPR, Articles 29 and 32 (4) to process personal data only on the instructions of the data controller. In addition, they were obliged to comply with the Telecommunications Act (Section 88) and, if appropriate, to safeguard social secrecy and / or bank secrecy. In annual mandatory training sessions, Atos employees must update their privacy awareness. The technical and organizational measures for data protection pursuant to GDPR, Article 32, are regularly reviewed within the scope of the ISO certification and the ISAE3402 audits. In addition, internal process audits also take account of data protection-relevant issues.
Data Protection Management. In addition to the access control rules set forth in Sections Access control of processing areas and Access control to data processing systems, Controller/Data Exporter controls access to its Cloud Services and to Personal Data and other data through its authorized personnel. Personal Data from different Controllers/Data Exporters’ environments are logically segregated. CSU’s policy does not allow the replication of Controller/Data Exporter’s production data to non-production environments unless explicitly requested by Controller/Data Exporter.
Data Protection Management. Together with its externally appointed data protection of- ficer, Intevation GmbH has established a data protection management system based on the PDCA cycle.
Data Protection Management. 15.1 Appointed Data Protection Officer Mr. Xxxx Sneftrup Xxxxxxxx C/O FastTrack Software Aps Novi Science Park Niels Xxxxxx Xxx 00 0000 Xxxxxxx Xxxxxxx
