Flat-rate package: DSB on demand

nationwide | digital | individual consulting

Externer Berater in Köln für den Datenschutz und DSGVO
Page Content

    External Data Protection Officer

    DPO on demand - whatever it takes

    Flat-rate package for larger companies with complex requirements, B2C and for corporations from industry, trade, services or manufacturing.

    Services and Prices

    • We supply your data protection officer
    • incl. data protection manual (DSMS), employee training, warning-proof website(s)
    • Consulting by certified specialists from law, IT and web
    • Remote and / or on site
    • Individual service package as needed

    Personal data protection consultant

    DPO on demand - These services are included:

    1

    Onboarding

    Have you selected the right package for your company? Then you can get started right away: Your new DPO introduces himself and discusses the further procedure with you. The foundation for the project that follows have been laid.

    datenschutzbeauftragter

    DPO
    Appointment and registration of the ext. data protection officer

    datenschutzbeauftragter

    Personal DPO

    Cortina Consult provides the external data protection officer (DPO) for your company - and supports you in creating and implementing an effective data protection concept. From day 1 of the cooperation, the following services are included:

    • Providing an external data protection officer (DPO) by Cortina Consult.
    • Ext. DPO is mentioned on your website and/or privacy policy
    • Registration of the DPO with the state data protection authority
    • Introduction of the external data protection officer in the company
    • Contact person for authority, customers, employees
    • Short communication for acute questions: 2x per month
    audit

    Audit
    Assessment as the basis for cooperation

    audit

    Audit

    An initial assessment is the first official act of an external data protection officer. It determines the current situation of the data protection in the company, on the basis of which recommendations for action can be made.

    • Assessment of the situation regarding data protection (via questionnaire)
    • Status report and recommendation for action
    • Results Meeting of the Status Report
    • Creation of an implementation plan/roadmap
    management

    DSMS
    as the basis of compliance with the GDPR

    management

    Data protection management system

    A data protection management system (DSMS) is the basis for compliance with the GDPR in a company, because it supports the fulfillment of the verification and documentation obligations. We provide our DSMS. Here you can manage and check your documents easily and clearly.

    • Hosting and update of the data protection manual
    • Introduction to the DSMS: Remote Meeting
    • Updating of templates, checklists, etc.
    • Maintenance of the data protection manual
    • Active further development (PDCA cycle)
    2

    Project

    Step-by-step implementation of the tasks at hand. After the initial assessment, we start the joint project - from the legally compliant website to the order-processing-contracts and TOM (technical-organizational measures).

    datenschutzberatung

    Information requirements
    Implementation of the requirements of Art. 13 /14 DSGVO

    datenschutzberatung

    Information requirements Art. 13/14 DSGVO

    Companies (and also public authorities) are obliged to inform subjects about data processing when collecting personal data.

    • Remote meeting to introduce the implementation of all relevant procedures in the company
    • Listing and documentation of all relevant procedures
    • Providing a HTML and Word template
    • Hosting of the privacy information and providing a link to include it in your own email signature.
    • Monitoring and up-to-dateness according to FSGVO, BDSG etc.
    • Active further development (PDCA cycle)
    web

    Website
    Privacy Policy and Cookie Consent Tool

    web

    Website

    Nowadays, almost every company has a corporate website. According to DSGVO, this requires an imprint, a privacy policy and in most cases also a cookie banner. As web specialists, we take over the creation of imprint as well as PP and CMP for you.

    • DSGVO Website Check
    • Creation of privacy policy (PP): up to 3 websites
    • Social Media PP
    • Hosting and update service for PP, incl. protection against warning fees
    • Consent Management Platform (CMP) Review and Report
    • CMP Tool / License
    • DSGVO compliance monitoring
    datenschutzbeauftragter-dsb

    Employee data protection
    Onboarding of new employees and staff

    datenschutzbeauftragter-dsb

    Employee data protection

    The requirements of the DSGVO must be taken into account - and documented - when onboarding new employees. In your data protection manual, you will find all the necessary templates, checklists and documents.

    Templates for onboarding new employees:

    • Drawing sheet
    • Commitment forms
    • Declarations of consent
    datenschutzbeauftragter

    Employee training
    Data protection training for your staff

    datenschutzbeauftragter

    Mitarbeiterschulung

    Raising employee awareness is an important part of the DSGVO in companies, not only for compliance, but also to prevent data protection incidents.

    • General introduction to the DSGVO (live webinar): max. 75 persons
    • Company-specific introduction to the DSGVO with individual choice of date (live webinar)
    • Documentation and proof of successful training participation
    • IT Security (Awareness) Training
    ressourcen

    OPC
    Review and creation of order processing contracts

    datenschutzbeauftragter-dsb

    Order processing contracts

    Order processing contracts (OPC's) regulate the transfer of personal data between the controller and the processor/sub-provider to ensure that the data entrusted to it is only processed for the agreed purpose.

    • Provision of a list for the purpose of identifying all service providers (incl. updating)
    • Guidance for the introduction, creation and maintenance of OPC's: Remote Meeting with DSK
    • Provision of an OPC documentation template with sample sheet
    • Maintenance of OPC and service provider list
    • Number of checks of submitted OPC's: on request
    • Creation of OPC's
    audit

    Deletion concept
    Introduction into the creation of a deletion concept

    audit

    Deletion Concept

    Companies are obliged to delete personal data if it is no longer required and there is no legal obligation to retain it.

    • Provision of a template for the creation of a deletion concept.
    • Introduction to individualization and maintenance of content: Remote meeting with DSK
    • Creation of a company-specific deleting concept
    datenschutzberatung

    Data protection incident
    Support guide for data protection incidents

    datenschutzbeauftragter

    Data protection incident

    Should a data protection incident occur in the company, it is a matter of acting quickly and taking the right actions.

    • Providing an employee guide: "Guidance on handling data protection incidents".
    • "Guidance on handling data protection incidents"
    • Ext. DPO is recipient of notifications from internal and external data subjects
    • Communication and correspondence with data subjects and supervisory authority
    ressourcen

    DPA
    Compiling the register of processing activities

    ressourcen

    Verzeichnis Verarbeitungstätigkeiten

    In einem Verzeichnis Verarbeitungstätigkeiten (VVT) werden die wesentlichen Angaben zur Datenverarbeitung gemacht, um sie der Aufsichtsbehörde auf Anfrage zur Verfügung stellen zu können. Unter die wesentlichen Angaben fallen der Zweck und die Art der Datenverarbeitung sowie die Beschreibung der Empfänger.

    • Bereitstellen einer Prozessliste, inkl. Aktualisierung
    • Bereitstellen einer VVT-Vorlage mit Musterblatt
    • Anleitung zur Erstellung und Pflege der Prozessliste: Webkonferenz mit DS-Team remote / vor Ort
    • Erstellen des VVT gemäß Prozessliste
    it-security

    TOM
    Concepts for technical-organizational measures

    it-security

    Technical-Organizational Measures

    Technical and organizational measures relate to the framework conditions for data processing. They are implemented by means of instructions, processes and procedures and include rules, specifications and instructions for data protection such as

    • Provision of templates for concepts, documentation, guidelines.
    • Company-specific introduction to customization and maintenance of content: Web conference with DS team / on-site
    • Creation and customization of company-specific employee policies and IT concepts
    • Templates for various employee policies and IT concepts, including:
    1. Guideline for dealing with IT systems
    2. Guidelines for dealing with the Internet and e-mail
    3. Authorization concept
    4. IT documentation
    ressourcen

    DPIA
    Data protection impact assessment (if required)

    cookie-banner

    Data protection impact assessment

    A data protection impact assessment is a risk analysis resulting from the audit of the existing data protection concept in order to weigh up future measures.

    • Conducting DSFA
    datenschutzbeauftragter

    Affected party requests
    Guideline for dealing with inquiries from affected parties

    datenschutzberatung

    Affected Party Requests

    Data subject rights refer to the right of data subjects to request information about the processing of their data. A data subject request must be followed up within a period of one month in a specific form (keyword: encryption).

    • Provision of an employee guide: "Guidance on handling data protection inquiries".
    • Ext. DPO is recipient of inquiries from internal and external data subjects
    • Communication and correspondence with data subjects and supervisory authority
    management

    Projectmanagement
    Updating the data protection management system

    3

    Ongoing services

    Some aspects require recurring attention. For example, if new employees join the company, they must also be trained. New service providers need an data processing agreement. The website evolves, adjustments to cookie banners and privacy policy may be required. The following services are therefore part of ongoing operations:

    datenschutzberatung

    DSGVO News
    Providing a newsletter (data protection information)

    datenschutzberatung

    DSGVO News

    HR departments and marketing departments in particular deal with personal data and need to keep up to date with the frequently changing legal situations. We provide you with the necessary information for a permanently secure handling.

    • Newsletter and regular information on relevant data protection news
    hilfe

    Questions?
    Write a message!

    Looking for external data protection consulting?

    Pragmatic implementation of the DSGVO requirements. Would you like to learn more about Cortina Consult's remote DPO on demand?

    FAQ

    Frequently Asked Questions about the DPO Packages

    Why Cortina Consult?

    The Cortina Consult team has been consulting large and small companies on data protection matters for over 10 years. In the meantime, we have grown into a team of data protection experts, lawyers, IT security experts and specialists for web compliance (privacy policy, cookie banners, information requirements) as well as programmers and UX designers. This extraordinary combination enables exceptional service from a single source, from which our customers from all industries benefit. Our claim is not only to offer the best quality service, but also to work budget-oriented and efficiently. For this reason, we offer more and more of our services online/remote.

    What is remote data protection consulting?

    In remote consulting, communication between consultant and client takes place via e-mail / telephone / video conference / data exchange server and other digital media. The physical presence of the consultant is therefore no longer necessary, which brings many advantages for both sides. After all, remote is not a trend that has only come about through Covid. For years, more and more services, especially in the area of consulting, have been offered online. We have all the necessary means to make the consulting and the process of implementation personal and effective. 

    What are the advantages of remote consulting?

    • Reduced consultant fee
    • No travel costs
    • Low infrastructure requirements
    • Flexible scheduling
    • Efficient and simple communication 
    • Time savings thanks to efficiency and flexibility 
    • Preservation of the personal level through video communication
    • Protection against contagion (Covid) 

    What are the requirements for remote consulting?

    1. Stable internet connection
    2. Installation of collaboration softwares like Zoom or similar
    3. Access to data exchange folders 

    Which package suits me best?

    DPO Small: 
    The Small package is for companies with a small budget or few data protection needs, such as retail, hospitality, and craft businesses. An initial assessment provides an overview of the current situation. The subscription price already covers the most important aspects of data protection, such as the assignment of the data protection officer, the data protection manual, the privacy policy and employee training. Templates and completion aids/instructions for contracts and more help with the implementation of other GDPR regulations. Following the principle of Do-It-Yourself and save money, the customer's own commitment is required during implementation.

    DPO Medium:
    The Medium package is for medium-sized companies with manageable data protection needs, such as advertising agencies, lawyers, consultants or online stores. A detailed assessment at the beginning creates the basis for further steps. The subscription price already covers the most important aspects of data protection, such as the assignment of the data protection officer, the data protection manual, the privacy policy and employee training. We support the implementation of further regulations with the help of templates and instructions.

    DPO Scale:
    The Scale package is for companies that need comprehensive data protection and do not want to do it themselves such as financial companies, HR service providers, software companies, corporations, international companies or data processing companies. You leave all the work to our data protection experts and enjoy full protection. The scope of the packages will be individually tailored to you after an initial needs analysis. Of course, all basic content such as the data protection handbook, a compliant website (privacy policy and cookie banner, information obligations) and employee training are included. Our legal, IT & web experts will advise you on all other data protection issues. If the issues are too complex, this can also be done on site.

    For small & medium enterprises, B2B

    145€ /Month

    • We provide your DPO
    • Initial analysis (document analysis)
    • Digital privacy manual (web-based platform)
    • Onboarding, coaching & progress review included.
    • Employee training (eLearning up to 25 employees)
    • Cookie banner (check & consulting), subsequent monitoring / reporting
    • Privacy policy for websites (1x CLOUD DSE), incl. protection against warning costs
    • Communication via TEAMS, phone & e-mail
    • Project management via service desk & ticket system
    • Support Hotline (IT, Legal, Web)
    • No travel expenses, flexible scheduling
    • Update Service & Newsletter
    • Personal contact

    Perfect for e-commerce, logistics, IT & B2C

    245€ /Month

    • We provide your DPO, incl. subsidiaries
    • Inventory (audit & document analysis)
    • Digital data protection manual (web-based platform) with 3 access points
    • Onboarding, coaching & progress review included.
    • Employee training (eLearning up to 75 employees)
    • Cookie banner (check & consulting), subsequent monitoring / reporting
    • Privacy policy for websites (3x CLOUD DSE), incl. warning cost protection
    • Social Media Privacy Policy (e.g. Xing, FB, IG)
    • Communication via TEAMS, phone & e-mail
    • Project management via service desk & ticket system
    • Instant support (IT, Legal, Web)
    • Controlling: We keep an eye on your projects
    • No travel expenses, flexible scheduling
    • Update Service & Newsletter
    • Data protection seal
    • Personal contact

    Perfect for companies with more complex requirements & B2C

    Upon request

    • We provide your DPO, incl. subsidiaries, groups etc.
    • Inventory (audit & document analysis)
    • Digital data protection manual (web-based platform) with any number of accesses
    • Employee training (onsite, individual webinars, eLearning).
    • Cookie Banner (implementation, configuration), subsequent monitoring / reporting
    • Privacy policy website (CLOUD DSE), incl. protection against warning costs
    • Social Media Privacy Policy (e.g. Xing, FB, IG)
    • Communication via TEAMS, phone & e-mail
    • Project management via service desk & ticket system
    • Instant support (IT, Recht, Web)
    • Onboarding, coaching & progress review including communication.
    • Data protection seal
    • Update service & newsletter (company-specific)
    • Personal contact & project manager
    • Individual package: scope according to contract
    Datenschutzsiegel-blau-coco_Zeichenfläche 1
    • Specialists from Law, IT & Web and Performance Marketing
    • Support tailored to your needs
    • Personal consultants
    • Digital project management

    Do you still have questions about the topic or about data protection in general?

    We are happy to help you:

    joerg-ter-beek-datenschutzexperte-mitauszeichnung-in-berlin

    Your data protection officer

    Jörg ter Beek
    Data protection expert