The employee representative body or works council has the legally defined task of representing the interests of the employees of a company. Consequently, protection against misuse in the collection, processing and use of personal employee data also lies within their area of responsibility.
Since the members of the employee representative body or works council usually have little or only limited knowledge of the regulations in the area of data protection, the experts at Digital Compliance Consulting GmbH offer various types of support for the representatives of the company’s employees.
The support can start at the following points:
- Training of employee representatives and works councils on the topic of employee data protection.
- Coaching in the processing of operational topics on the subject of data protection
- Advice on technical and data protection issues relating to the introduction and use of technical equipment and systems
- Support in drafting company agreements on the subject of data protection
- Support in exercising control rights vis-à-vis the employer, e.g.
- Examination of the directory of procedural activities
- Examination of compliance with data protection principles
- Monitoring of compliance with the purpose limitation of data
- Review of the proper appointment of the company data protection officer
- Support in the implementation of data protection requirements in the work of the works council
Data protection documentation software
The structure of the data protection documentation software we use follows the principle of “keep it small and simple”. The topics that are important for proper documentation are processed. In doing so, the structure of the software we use helps us to limit ourselves to the elements that are essential in the GDPR. For example, our data protection software supports the documentation of procedural activities, processors, technical and organizational measures, the assignment of documents to deletion obligations, and the fulfillment of data subject rights and information obligations. It also supports other obligations of the GDPR that are important for a company or a data protection officer, such as the report for the supervisory authority, evaluation lists for the DPO, and much more.
Our software was developed by “data protection practitioners” taking into account the current legal requirements.
The software implements the documentation requirements of the GDPR and, as a German cloud solution, offers both line and storage media encryption in addition to automated backups.
Many processing activities, types of personal data and categories of personal data are stored as selection lists for recording documentation in the electronic register of processing activities. These help to create the documentation and facilitate the work.
Our data protection documentation software is called DigiBizS Solutions and can be used in multiple languages. Currently, the following languages are available: German, English, French, Dutch, Polish, Italian, Spanish and Russian.
The data protection documentation software includes a function that supports automated risk assessment of data processing operations. This automat is based on the explanations of the DSK for risk assessment as well as the protection level concept of the LfD Lower Saxony. An exemplary result of a risk assessment is shown on the following screenshot. Of course, the questions of the threshold analysis according to WP248 rev. 01 as well as the control questions for the “blacklist” are integrated in the risk assessment. Likewise, the data protection documentation software allows the DPO to assess each processing activity and formulate notes about it.