3030 Auditorium 01/04 - DEKRA Certification
3030 Auditorium 01/04 - DEKRA Certification
3030 Auditorium 01/04 - DEKRA Certification
Erfolgreiche ePaper selbst erstellen
Machen Sie aus Ihren PDF Publikationen ein blätterbares Flipbook mit unserer einzigartigen Google optimierten e-Paper Software.
DATA PROTECTION<br />
For further information<br />
please contact:<br />
Klaus-Peter Junk<br />
<strong>DEKRA</strong>-ITS<br />
<strong>Certification</strong> Services GmbH<br />
Tel. +49.711.78 61-29 02<br />
klaus-peter.junk@dekra-its.com<br />
BDSG phase-in deadline<br />
to expire!<br />
The phase-in period pursuant to the Federal Data Security Act (BDSG) for<br />
the collection, processing and use of personal data that began on 23 May<br />
20<strong>01</strong> is due to end on 23 May 20<strong>04</strong>. By no later than the end of April<br />
companies should therefore ensure that their procedures comply with the<br />
latest version of the act dated 14 January 2003.<br />
Complete duty of<br />
documentation<br />
It is the legal obligation of every company<br />
to ensure the protection and security of<br />
personal data, particularly if it is electronically<br />
processed. In this respect, the<br />
exacting demands of the Federal Data<br />
Protection Act (BDSG) of 23 May 20<strong>01</strong><br />
must be fulfilled, regardless of company<br />
size or industry. The objective of this<br />
legislation is to protect personal rights<br />
whenever data is used by a third party.<br />
One of the basic provisions of the BDSG<br />
requires each company to prepare a<br />
register of the data processing systems<br />
used for personal data. All details of<br />
processes and persons authorised to<br />
access such data must be included in the<br />
register. The register of processes must<br />
be suitably open to examination by any<br />
person requesting access.<br />
The data protection officer advises and<br />
supports the company management in<br />
setting up a data protection and data<br />
security system and monitoring the same.<br />
Important role of the<br />
data protection officer<br />
Companies in which more than four<br />
employees are regularly engaged in the<br />
collection, processing or use of personal<br />
data (personnel department, marketing<br />
or purchasing) must appoint a data<br />
protection officer in writing within one<br />
month. The principal duties of this –<br />
internal or external – data protection<br />
officer are to ensure compliance with<br />
the BDSG and all other data protection<br />
regulations.<br />
Essentially, a person may only be<br />
appointed data protection officer if he<br />
or she has the proven qualifications and<br />
level of reliability needed to perform<br />
the duties related to the position. This<br />
may be a specially trained employee<br />
or an external service provider such<br />
as <strong>DEKRA</strong>-ITS. The selection process<br />
should be performed with due care.<br />
Failing to comply with BDSG requirements<br />
is punishable by law. Breaches<br />
may be punished by a fine of up to<br />
¤ 250,000.