External DPO (S)
Data protection officer for small businesses
nationwide | secure | individual consulting
External Data Protection Officer
External DPO (S) - GDPR for small businesses
Are you looking for a (new) data protection officer? Custom fit, support and consulting included? We take care of your concerns - quickly and straightforward.
Flat-rate package S for start-ups and small companies: Takeover of an existing DPO mandate or initial appointment by Cortina Consult - one price, everything included.
Services and Prices
175 € a month
Audit | Implementation | Prevention
3 steps to a data protection-compliant organization
Onboarding
Have you selected the right package for your company? Then you can get started right away: Your new DPO introduces himself and discusses the further procedure with you. The foundation for the project that follows have been laid.
DPO
Appointment and registration of the ext. data protection officer
Personal DPO
Cortina Consult provides the external data protection officer (DPO) for your company - and supports you in creating and implementing an effective data protection concept. From day 1 of the cooperation, the following services are included:
- Providing an external data protection officer (DPO) by Cortina Consult.
- Ext. DPO is mentioned on your website and/or privacy policy
- Registration of the DPO with the state data protection authority
- Introduction of the external data protection officer in the company
- Contact person for authority, customers, employees
- Short communication for acute questions: 2x per month
Audit
Assessment as the basis for cooperation
Audit
An initial assessment is the first official act of an external data protection officer. It determines the current situation of the data protection in the company, on the basis of which recommendations for action can be made.
- Assessment of the situation regarding data protection (via questionnaire)
- Status report and recommendation for action
Service-Desk
Communication via teams, ticket system, phone & email
Ticket System
Efficient support can be ensured with a modern, software-based ticket system. Simple handling facilitates communication so that your concerns can be processed as quickly as possible.
DSMS
as the basis of compliance with the GDPR
Data protection management system
A data protection management system (DSMS) is the basis for compliance with the GDPR in a company, because it supports the fulfillment of the verification and documentation obligations. We provide our DSMS. Here you can manage and check your documents easily and clearly.
- Hosting and update of the data protection manual
- Introduction to the DSMS: Remote Meeting
- Updating of templates, checklists, etc.
- Maintenance of the data protection manual
Project
Step-by-step implementation of the tasks at hand. After the initial assessment, we start the joint project - from the legally compliant website to the order-processing-contracts and TOM (technical-organizational measures).
Information requirements
Implementation of the requirements of Art. 13 /14 DSGVO
Information requirements Art. 13/14 DSGVO
Companies (and also public authorities) are obliged to inform subjects about data processing when collecting personal data.
- Remote meeting to introduce the implementation of all relevant procedures in the company
- Listing and documentation of all relevant procedures
- Providing a HTML and Word template
Website
Privacy Policy and Cookie Consent Tool
Website
Nowadays, almost every company has a corporate website. According to DSGVO, this requires an imprint, a privacy policy and in most cases also a cookie banner. As web specialists, we take over the creation of imprint as well as DSE and CMP for you.
- DSGVO Website Check
- Creation of privacy policy (PP): 1 website
- Social media DSE: on request
- Hosting and update service for PP, incl. protection against warning fees
- CookieBanner check and report: 1 website
Employee data protection
Onboarding of new employees and staff
Employee data protection
The requirements of the DSGVO must be taken into account - and documented - when onboarding new employees. In your data protection manual, you will find all the necessary templates, checklists and documents.
Templates for onboarding new employees:
- Drawing sheet
- Commitment forms
- Declarations of consent
Employee training
Data protection training for your staff
Employee Training
Raising employee awareness is an important part of the DSGVO in companies, not only for compliance, but also to prevent data protection incidents.
- General introduction to the DSGVO (live webinar): max. 25 persons
- Company-specific introduction to the DSGVO with individual choice of date (live webinar): on request
- Documentation and proof of successful training attendance
OPC
Review and creation of order processing contracts
Order processing contracts
Order processing contracts (OPC's) regulate the transfer of personal data between the controller and the processor/sub-provider to ensure that the data entrusted to it is only processed for the agreed purpose.
- Provision of a list for the purpose of identifying all service providers (incl. updating)
- Guidance for the introduction, creation and maintenance of OPC's: Remote Meeting with DSK
- Provision of an OPC documentation template with sample sheet
- Maintenance of OPC and service provider list
- Number of checks of submitted OPC's: 5 OPC's/year
Deletion concept
Introduction into the creation of a deletion concept
Deletion Concept
Companies are obliged to delete personal data if it is no longer required and there is no legal obligation to retain it.
- Provision of a template for the creation of a deletion concept.
- Introduction to individualization and maintenance of content: Remote meeting with DSK
Data protection incident
Support guide for data protection incidents
Data protection incident
Should a data protection incident occur in the company, it is a matter of acting quickly and taking the right actions.
- Providing an employee guide: "Guidance on handling data protection incidents".
DPA
Compiling the register of processing activities
Register of Data Processing Activities
In a register of processing activities (DPA), the essential information on data processing is provided in order to make it available to the supervisory authority upon request. The essential information includes the purpose and the type of data processing as well as the description of the recipients.
- Providing a process list, incl. updating
- Provision of a DPA template with sample sheet
- Instructions on how to create and maintain the process list: Remote meeting with DSK
- Creating the DPA according to the process list: Remote meeting with DSK
TOM
Concepts for technical-organizational measures
Technical-Organizational Measures
Technical and organizational measures relate to the framework conditions for data processing. They are implemented by means of instructions, processes and procedures and include rules, specifications and instructions for data protection such as
- Provision of templates for concepts, documentation, guidelines.
- General introduction to customization and maintenance of content: Remote Meeting
- Templates for various employee policies and IT concepts, including:
- Guideline for dealing with IT systems
- Guidelines for dealing with the Internet and e-mail
- Authorization concept
- IT documentation
DPIA
Data protection impact assessment (if required)
Data protection impact assessment
A data protection impact assessment is a risk analysis resulting from the audit of the existing data protection concept in order to weigh up future measures.
- Number of accompanied DPIA: on request
Affected party requests
Guideline for dealing with inquiries from affected parties
Affected Party Requests
Data subject rights refer to the right of data subjects to request information about the processing of their data. A data subject request must be followed up within a period of one month in a specific form (keyword: encryption).
- Providing an employee guide: "Guidance on handling data protection requests".
Questions?
Write a message!
Projectmanagement
Updating the data protection management system
Service Desk
Communication and support via ticket system, TEAMS, telephone and e-mail
Ongoing services
Some aspects require recurring attention. For example, if new employees join the company, they must also be trained. New service providers need an data processing agreement. The website evolves, adjustments to cookie banners and privacy policy may be required. The following services are therefore part of ongoing operations:
Updating the data protection manual
Updating of all documents created in the project
Compliance Report
Website check incl. update service of the Cloud DSE
Compliance Report
The CLOUD DSE we create and host is checked and updated automatically by us.
DSGVO News
Providing a newsletter (data protection information)
DSGVO News
HR departments and marketing departments in particular deal with personal data and need to keep up to date with the frequently changing legal situations. We provide you with the necessary information for a permanently secure handling.
- Newsletter and regular information on relevant data protection news
Communication
Easy communication and accessibility for follow-up questions
Employee Training
Data protection training for your staff
Service Desk
Even after project completion: communication and support via ticket system, TEAMS, telephone and e-mail
Privacy Seal
Cortina seal for your website + individual status URL for your company
Privacy Hub
Individual access to own company profile (Space)
Looking for external data protection consulting?
Pragmatic implementation of the GDPR requirements. Would you like to learn more about the Remote DPO's from Cortina Consult?
FAQ
Frequently Asked Questions about the DPO Packages
The Cortina Consult team has been consulting large and small companies on data protection matters for over 10 years. In the meantime, we have grown into a team of data protection experts, lawyers, IT security experts and specialists for web compliance (privacy policy, cookie banners, information requirements) as well as programmers and UX designers. This extraordinary combination enables exceptional service from a single source, from which our customers from all industries benefit. Our claim is not only to offer the best quality service, but also to work budget-oriented and efficiently. For this reason, we offer more and more of our services online/remote.
In remote consulting, communication between consultant and client takes place via e-mail / telephone / video conference / data exchange server and other digital media. The physical presence of the consultant is therefore no longer necessary, which brings many advantages for both sides. After all, remote is not a trend that has only come about through Covid. For years, more and more services, especially in the area of consulting, have been offered online. We have all the necessary means to make the consulting and the process of implementation personal and effective.
- Reduced consultant fee
- No travel costs
- Low infrastructure requirements
- Flexible scheduling
- Efficient and simple communication
- Time savings thanks to efficiency and flexibility
- Preservation of the personal level through video communication
- Protection against contagion (Covid)
- Stable internet connection
- Installation of collaboration softwares like Zoom or similar
- Access to data exchange folders
DPO Small:
The Small package is for companies with a small budget or few data protection needs, such as retail, hospitality, and craft businesses. An initial assessment provides an overview of the current situation. The subscription price already covers the most important aspects of data protection, such as the assignment of the data protection officer, the data protection manual, the privacy policy and employee training. Templates and completion aids/instructions for contracts and more help with the implementation of other GDPR regulations. Following the principle of Do-It-Yourself and save money, the customer's own commitment is required during implementation.
DSB Medium:
The Medium package is for medium-sized companies with manageable data protection needs, such as advertising agencies, lawyers, consultants or online stores. A detailed assessment at the beginning creates the basis for further steps. The subscription price already covers the most important aspects of data protection, such as the assignment of the data protection officer, the data protection manual, the privacy policy and employee training. We support the implementation of further regulations with the help of templates and instructions.
DPO Scale:
The Scale package is for companies that need comprehensive data protection and do not want to do it themselves such as financial companies, HR service providers, software companies, corporations, international companies or data processing companies. You leave all the work to our data protection experts and enjoy full protection. The scope of the packages will be individually tailored to you after an initial needs analysis. Of course, all basic content such as the data protection handbook, a compliant website (privacy policy and cookie banner, information obligations) and employee training are included. Our legal, IT & web experts will advise you on all other data protection issues. If the issues are too complex, this can also be done on site.
For small & medium enterprises, B2B
175€ /Month
Perfect for e-commerce, logistics, IT & B2C
275€ /Month
Perfect for companies with more complex requirements & B2C
Upon request
Do you still have questions about the topic or about data protection in general?
We are happy to help you:
Your data protection officer
Jörg ter Beek
Data protection expert
Mitarbeiterschulung
Sensibilisierung neuer MitarbeiterInnen
Service Desk
Auch nach Projektabschluss: Kommunikation und Support via Ticketsystem, TEAMS, Telefon und E-Mail
Datenschutzsiegel
Cortina DSB-Siegel für deine Website + individuelle Status-URL für dein Unternehmen
Privacy Hub
Individueller Zugang zum eigenen Unternehmensprofil (Space)