Eva Späthe, Philipp Danylak

Background

In the wake of the digital transformation, we are seeing the continuous development of new digital platforms and applications in all areas. Organizations are increasingly digitizing services and processes, which leads to increased data exchange between different actors - be it within an organization, between organizations, or between organizations and consumers.

However, every data processing operation harbors risks in terms of data protection and data security. In this context, demonstrable GDPR compliance has become a priority for companies and organizations to maintain consumer trust and avoid legal consequences. Against this background, companies must implement effective and demonstrable methods to verify their GDPR compliance. The legislation provides various ways to demonstrate GDPR compliance or data protection-friendly behaviour.

Objectives

The aim of the work is to identify different options for proving GDPR compliance and compare them in terms of their processes and advantages and disadvantages.

Starting Literature

• Müller und Spiecker (2022) Extra DSGVO nulla salus? - Zur weiteren Zulässigkeit nicht akkreditierter Datenschutzsiegel neben akkreditierten Gütesiegeln im Sinne der Art. 42 f. DSGVO, Deutsches Verwaltungsblatt, Band 137, Heft 4, S. 208–214.
• Art. 40 GDPRC - Codes of conduct
• Art. 42 GDPR - Certification
• ISO/IEC 17050 - Supplier's declaration of conformity