The Data Protection Directive

Data protection directive or data protection manual - Art. 5 Para . 2 GDPR


Respecting the GDPR, companies are obliged to meet the data protection requirements selectively and structurally. Specifically, this means that in the event of an audit, a company must not only be able to demonstrate that it was working in compliance with data protection regulations at a certain point in time. Rather, also for a case in the past, evidence must be provided that the data protection requirements are continuously met in business practice.
Therefore, the uniform recommendation of the data protection supervisory authorities is that companies (depending on their size) should adopt a data protection guideline or a data protection manual in order to be able to address the data protection requirements.

Implement data protection in practice:




  • Design of an information security and data protection management. Security policy. Emergency planning for immediate reaction to a data breakdown. The deletion concept.


  • Complete orientation via the EU GDPR, so that you can not recieve fines due to insufficient compliance with information, storage or deletion obligations. Are you obliged to create a deletion concept?


  • The rights of data subjects: can my business processes and systems immediately delete personal data? Proof of data deletion using the backup?


  • Order data processing. When is a contract to be signed? if the external tax advisor takes over payroll accounting, for example?


  • The legal framework of the cloud - do they correspond to the security standard of the EU GDPR? Does limited access or “public access” make sense?

  • Do your employees have a "digital fitness" in their everyday work to be able to distinguish "BEC phishing" from the instructions given by the CEO? Only then they will know the appropriate reaction.


  • Accountability - do you comply with your legal obligation to provide evidence - compliance with the basic values ​​in data protection: transparency, data minimization, confidentiality, integrity and availability - towards the supervisory authorities?


  • The website data protection declaration etc.


  • Automated software solution : With the software provided by the contractor, every company can implement data protection without their own know-how and without much effort, provided the data protection coordinator has good IT skills. The creation of any data protection documentation can be carried out fully automatically with our software, a web-based solution.

Your orientation support in the implementation of the GDPR is our online test.
Make an appointment with us.

  • Weißes Xing
  • LinkedIn Social Icon

Kontakt: Monika Wehr

CyberWehr RMS GmbH
Alte Landstrasse 109
8803 Rüschlikon

T. +41 79 348 55 63