Data protection officers have a variety of experiences in their contacts with corporate customers. There is still widespread ignorance about data protection, and many people find dealing with it a nuisance. Yet companies can benefit from the Data protection benefit economically. We spoke about their experiences with Wolfgang Evers and Stefan Schumann, the managing directors of Datenschutzzentrale GmbH. The consulting firm has mainly medium-sized companies from many industries and municipalities as clients and is a partner of Robin Data. Learn more in our article "Data protection officers report from practice".
Interview: Data protection officers report from practice
What are the most common problems you are confronted with in your consulting practice?
EversCompanies have no time, little money and no competence for data protection.
SchumannMany people mistakenly believe that a privacy statement on the website is sufficient. In fact, this represents only a small percentage of the necessary concern with privacy. The importance of employee privacy is also often overlooked. Employment contracts are not documented, there are forbidden records of employees and identifiers are not deleted, even though the employees concerned have long since left the company.
Does dealing with data protection have economic advantages for companies in addition to compliance with legal regulations?
EversThere are synergies between data protection and management. The management gets a better overview of the processes and becomes aware of construction sites in the company. Examples are the time recording of employees, their video surveillance and sick leave lists. Everything that leads to behavioral control is in conflict with data protection. We must create awareness of this, especially because some processes have been practiced in this way for decades.
SchumannCompanies that have experienced data breaches have informed the affected customers. This had such a positive effect on them that they made further purchases from these companies. So you can score points with a high awareness of data protection among customers.
Was sind die Hauptknackpunkte in der Umsetzung aus Ihrer Sicht als Datenschutzbeauftragte?
SchumannThese are the extensive documentation obligations. The situation is made more difficult by the fact that some data protection officers make companies insecure and disseminate false information. This applies to both external and internal officers. Among the external ones there are dubious ones and not all of the internal ones are sufficiently trained.
Which questions are asked particularly frequently in practice?
EversMost customers are ignorant. Therefore, we first give a one-hour orientation on data protection.
SchumannI'm usually asked about the record of processing activities This results in the necessary measures in IT security and organisation. There is also a lack of understanding in the contracts for commissioned data processing. If the external service provider does not take care of data protection, it is of no use to comply with it yourself.
What is your motivation to deal with the topic of data protection?
Schumann: Data protection does not only concern companies, but every single one of us. Just ask Apple or Amazon and make use of your right to information according to Article 15 GDPR use. I did this at Apple and was amazed at the extent and dimension of the data stored about me and my devices.
EversI have been educating people about data protection since 1993, back then as an employee of the Federal Employment Agency, the largest German authority. At that time, data protection only played a marginal role. As IT security became more and more important, the importance of data protection also grew. When the Citizens' Network started in Bavaria after the year 2000, I informed people at adult education centers about the data traces of users. So I grew into data protection.
As a partner of Robin Data, you regularly work with the data protection management software. What is your experience?
EversThe software can automate processes that would otherwise have to be carried out manually. This means that data protection can be implemented in just a few hours. The fact that the costs can be calculated on a monthly basis is also attractive for medium-sized companies. Originally, we wanted to develop such software ourselves, but we didn't push and elaborate on it enough. Robin Data, on the other hand, has done so.