Data protection emergency assistance
What should you do in the case of data theft or similar security breaches?
Almost every day there are new cases of data theft, data scandals become public, tax-data CDs are sold or IT systems are hacked. In order to retain the trust of your customers and partners and keep the damage to a minimum, you must now proceed discreetly, quickly and in compliance with the law.
The experts at activeMind AG act fast to support you confidentially and courteously. We have already successfully led several companies out of a dangerous crisis. In a data protection emergency, every step must be carefully considered and carried out in accordance with an effective data protection plan, because the confidence in your business is at stake!
What does German law stipulate when a data breach occurs?
In the case of data theft as well as data loss, the new notification and information obligations from the Federal Data Protection Act [Bundesdatenschutzgesetz (BDSG)] require expertise and experience in data protection law. During a data breach, we are able to support you in many areas on short notice.
In addition to the well-justified questions regarding technical data security, for such cases in the future, it will also always be necessary to verify if the company complied with the newly introduced obligatory reporting of § 42a BDSG. This still insufficiently known provision requires companies to immediately notify the respective supervisory authority and those affected when sensitive data has been unlawfully disclosed to third parties. For serious violations of this provision, fines of up to 300,000 euros may be imposed according to § 43 paragraph 2 BDSG.
Our consultation in a data protection emergency
Our experts provide comprehensive support in the area of matters subject to obligatory notification in accordance with § 42a BDSG in two steps:
First step: Identifying the issues that are subject to obligatory notification
- Who is obligated to notify the respective parties?
- Is the commissioned data processor (§ 11 BDSG) obligated to disclose information?
- Which types of data are involved?
- In which cases could unauthorised parties have attained knowledge about the data?
- In which cases could severe impairments ensue?
Second step: Determining and performing obligatory action(s)
- When must notification of the supervisory authority and the affected parties occur?
- What information must be provided to the supervisory authority?
- What information must be provided to the affected parties?
- In which form must the affected parties be notified?
- What consequences are possible if the notification does not occur?
- What ramifications are there for the internal organisation?
In addition to these statutory measures and considerations, we’ll gladly assist you in taking further steps after the data protection emergency:
- Devising an emergency strategy
- Documenting the data protection incident
- Negotiating with insurances
- Clarifying who has to bear the costs, and much more
Our immediate assistance
Our experts will provide you with the best possible assistance during a data protection emergency. Please contact us to discuss the details of your situation, which will be handled with the utmost confidentiality:
+49 (0)89 / 418 560 170