Strategic data protection and information security consulting
Data protection and information security are integral components of all projects in digital medicine. A well thought-out and strategically sensible concept for dealing with these issues not only creates trust among sales and cooperation partners, but also in particular among the users of digital applications who entrust you with their data. In doing so, it is important to maintain not only the regulatory but also the legal perspective and thus develop an all-around coherent concept that can be applied sustainably in the company.
We are happy to provide you with selective consulting in the areas of data protection and information security using both our regulatory and our legal know-how. The aim is always to harmonize the fundamental corporate strategy with the requirements in a pragmatic way.
External data protection officer
The GDPR requires the appointment of a data protection officer under certain conditions. Frequently, this role cannot be filled internally because either the required expertise is not available or simply no personnel capacities can be freed up.
We are happy to serve as your external data protection officer. With us, you have a reliable partner at your side who will guide you unerringly and effectively through the requirements of data protection. In doing so, we do not want to be “hinderers”, but rather work with you to find possible solutions to keep legal requirements and corporate strategy in harmony.
Regulatory support ISMS / DSMS
Due to the modified requirements of the DiGAV, manufacturers of digital health applications (DiGA) in particular face the challenge of setting up an information security management system and having it certified by an appropriate body (e.g., TÜV Süd). However, other players in the digital healthcare industry (e.g., physicians, medical care centers and clinics) can also benefit from such a system in the long term – if it is done correctly. We are of the opinion that only a process-oriented approach is expedient and can be practicably implemented. In doing so, we try to keep the requirements of the relevant standards (ISO 27001, ISO 27701) as effective as possible in order to meet the requirements, but also not to restrict business operations.
We will gladly assist you with your certification process or support you in carrying out internal audits in this area.