Direct call
EMail


Protegas te et data
External data protection officer

External data protection officer

Your advantages through the external data protection officer

  • Certified expertise (TÜV certified)
  • Extensive know-how
  • Transparent cost structure
  • Low commitment of company resources
  • Termination possible at any time
    (Compared to the special protection against dismissal in the case of an internal data protection officer).

Our services for the implementation of the DSGVO

  • Level 1
    • Inventory of online services
    • Inventory of processing activities
    • Inventory of the IT system and its data security
  • Level 2
    • Establishment of a register of processing activities
    • Drawing up a catalogue of measures according to (target and must implement)
    • Draft contractual measures to ensure data protection

Notification of cooperation to the supervisory authority
(The data protection officer here becomes the contact point for the supervisory authority in questions related to the processing of personal data).

  • Level 3
    • Informing and advising data controllers and employees regarding their obligations under data protection law (in particular under DSGVO and "BDSG-Neu")
    • Monitoring compliance with data protection regulations







Data protection in the health sector

Data protection in the health sector

Personal data in the medical and health care sector
In no other industry is the processing of personal data as risky as in the medical and healthcare sectors.
With our years of experience in this sector, we accompany you in the legally compliant handling of your data and the legally compliant implementation of the GDPR.

Trainings

Trainings

Our trainings:

  • Employee training and awareness-raising in the area of data protection according to DSGVO
  • Data protection for employees in logistics
  • Data protection for healthcare workers
  • Data protection knowledge for managers

You can choose the form of the training yourself:

  • Training on site
  • Training in our training rooms
  • or via eLearning conveniently on your PC

Audits

Audits

Qualified data protection audits


With our team of IT and data protection experts, we conduct qualified data protection audits throughout Germany.

For further information, please do not hesitate to contact us at any time.

NEWS

News

  • · Cloud 26.10.2023

    Dragon Data is making new online servers available to its customers.

    We achieve a guaranteed availability of 99.9 % for our systems. In the last two years we achieved an availability of 100 % !

    By updating our systems, we also keep our security technologies up to date. The most important features of the new servers at a glance:

    • · New operating system
    • · Latest MS Office version
    • · Once again significantly improved security mechanisms
    • · More performance

  • · Data protection 23.06.2023

    Windows10 security updates

    As of now, Windows10 has only one version that will continue to receive security updates (22H2). We recommend all Windows 10 users to check their installed version and update if necessary.

  • · Logistics 29.05.2023

    New features in DDS WebConnect online

    Notification of orders, several GGVS forms for one load position, statistics. New features in your customer portal are online.

  • · DDS 07.07.2023

    DDS research project in the field of AI + BMBF

    Dragon Data Solutions was already commissioned by the Federal Ministry of Education and Research with a research project in the field of AI in 2020. Now we are also allowed to "decorate" our services with the BSFZ-Seal.

  • · Data protection 27.09.2023

    Top GDPR fines in September

    • 200.000 € SAF LOGISTICS (France) - Processing of non-relevant data in the employment relationship
    • 4.800 € Wallbox Chargers S.L. (Spain) - Data protection breach due to faulty e-mail dispatch
    • 4.992.083 € Spotify AB (Sweden) - Inadequate and deficient response to requests for information
    • 20.000 € Azienda Usl Toscana Sud Est (Italy) - Real health data on public information poster

  • · Data protection 26.05.2023

    Whistleblower Protection Act - What companies must do now:

    Above all, companies with usually more than 50 employees are affected by the Whistleblower Protection Act ("HinSchG"). They will have to set up and operate internal whistleblowing units as of the entry into force in June 2023.



Newsletter

We publish two newsletters, the DDS Software Newsletter (contains all news about DDS Logistics, DDS Cloud + DDS Archive) and the DDS Data Protect Newsletter (contains everything about DDS data protection).




Newsletter subscription

Register here and you will automatically receive our latest news by e-mail.

DDS Software Newsletter  DDS Data Protect-Newsletter

Your E-Mail-Adresse: 


You would like to subscribe to our newsletter

subscribe  unsubscribe

ABOUT US

The DRAGON DATA SOLUTIONS GmbH

emerged from NWS GmbH (Laufach) we are a software company specialising in the development of logistics software. With our many years of experience in the logistics and IT security industry, we have an efficient answer to today's and tomorrow's requirements. In addition to the classic use of software, the services of Dragon Data Solutions GmbH also include the provision of a complete and secure IT infrastructure for transport service providers in the cloud.
Consulting services relating to data protection and the secure operation of an IT system are just as much a part of the portfolio of Dragon Data Solutions GmbH as specialised and individual consulting services relating to the integration of IT in logistics. as well as specialised and individual consulting services for the integration of IT in logistics.

Management


Marcus G. Walker | Managing Directors | Axel Karl

Contact details


Map


KNOWLEDGE

Do I have to appoint a data protection officer?

Pursuant to Section 38 (1) sentence 1 BDSG, in addition to Article 37 (1) b DSGVO, a data protection officer must be appointed by the controller and the processor. as well as the processor, insofar as they generally "permanently employ at least ten persons with the automated processing of personal data". processing of personal data".

„Where the controller or processor carries out processing operations subject to a data protection impact assessment pursuant to Article 35 of Regulation (EU) 2016/679, or process personal data on a business basis for the purpose of transfer, anonymised transfer or for the purposes of market research or opinion polling, they shall, irrespective of the number of persons involved in the processing, they shall appoint a data protection officer, irrespective of the number of persons involved in the processing.“


What is personal data?

"Personal data" means any information relating to an identified or identifiable natural person ("data subject"). The term "identifiable" also includes information that does not directly identify a person: For example, a customer number, For example, a customer number, a telephone number, an e-mail address or an IP address often allow the indirect identification of a natural person and are therefore considered to be in the same category as, for example, a direct name!

In practice, this definition means that, as a rule, every employee of a company who has a VDU workstation, processes personal data.


Liability for data protection breaches

With the entry into force of the GDPR on 25 May 2018, regulations on liability for data protection violations have also become legally effective:

  • Liability or right to material and immaterial damages (according to Art. 82 GDPR)
  • Fines of up to €20 million or 4% of the company's annual global turnover (under Art. 83 GDPR).
Breaches of duty in the area of data protection can make managing directors and board members personally liable for compensation. Compliance with the data protection regulations is, in the opinion of the European legislator, one of the central tasks of the management. It is the strict standard of care of the general clause of § 43 GmbHG and § 93 para. 2 AktG. A managing director may therefore not plead therefore not be able to claim that he does not have sufficient knowledge or skills or that he has delegated the tasks. Rather, it is the Rather, it is the duty of the managing director to inform himself comprehensively about data protection law or to seek advice and to monitor compliance with the rules in the company on an ongoing basis.

In case of violation of these duties, the liability of the management is therefore also threatened with his/her private assets!


The so-called double opt-in procedure

If you want to send newsletters and advertising mails, you need the explicit consent of the recipients. The double opt-in procedure requires that you have this consent confirmed again.
This is what you have to bear in mind with E-MAIL-MARKETING:
  • The recipient must actively agree (opt-in)
  • The recipient must confirm their consent a second time by validating their data (double opt-in)
  • A confirmation email must not contain advertising
  • Recipients must be able to unsubscribe at any time
Get recipients to actively agree
The recipients of your newsletters must tick the box themselves or otherwise actively consent to receiving newsletters. Consent must be completely voluntary and must not be given under pressure or coercion. An order in the online shop must, for example be possible without a newsletter subscription.

Have your consent confirmed (double opt-in)
If the recipient has agreed to receive newsletters, you must actively confirm the consent via an email with a confirmation link.
Save the consents so that you can prove them in court
You should be able to collect and present the following information to a court:
  • What did the text look like to which the recipient gave consent?
  • What did the confirmation email look like?
  • Date and time of the click on the confirmation link
  • If easily possible: IP address used to click the confirmation link
Recipients must be able to unsubscribe from the newsletter at any time
Put a revocation link in every newsletter you send out. Newsletter recipients can revoke their consent at any time via this link.

CAUTION:
Pre-filled checkboxes are no longer permitted!


BGH ruling on cookie guidelines

Now there is clarity about the correct design of a cookie consent
Rulings on the use of cookies: First the ruling from the ECJ then the ruling from the BGH on 28 May 2020 (I ZR 7/16): In fact, there is now clarity about the correct design of a cookie consent ('cookie banner').

This is what your cookie banner should look like:
The ECJ and now also the BGH have decided that the user must actively consent before cookies are used. A "click OK to continue" banner without a decision option for consent is not sufficient! Even a preselected checkbox is not (any longer) permitted.
The user must be able to actively choose his consent and achieve it just as easily as a rejection!
In summary:
  • You need - especially for tracking cookies as well as tools and plug-ins that set cookies - a real (selectable or deselectable) consent of the users of your website.
  • A button "OK - I accept all cookies" or a cookie banner with a pre-selected checkbox is not enough!
  • The cookie banner must also actually block your cookies as long as the user has not consented.