Checklists,
no thanks!

Magellan doesn’t send out checklists on the basis of which you finish up doing the work yourself. We take care of everything ourselves – from start to finish.

Data protection is a complex matter.

And our service portfolio is correspondingly comprehensive!

You are here: Home » Services

To keep you in the picture, we have compiled the following list of services that may become relevant in connection with data protection. Divided into three subgroups: data protection, IT security and legal consultancy.

It’s no coincidence that this is exactly the same as our service portfolio. After all, our aim is to support you as comprehensively as possible when it comes to data protection. And in every situation imaginable. Promised.

CHECKLISTS, NO THANKS!

Magellan doesn’t send out checklists on the basis of which you finish up doing the work yourself. We take care of everything ourselves – from start to finish.

DATA PROTECTION IS OUR CORE AREA OF EXPERTISE

Both domestic and international data protection requirements are becoming increasingly stringent and complex. With our experienced project managers we support you and your company in the implementation of all the necessary measures.

Thanks to our recognised high level of consulting competence we work together with your specialist departments to create effective solutions and thus provide your company with real added value.

And if desired, we can also provide an experienced external data protection officer.

  • External data protection officer
  • Implementation of the GDPR
  • Preparation for the ePrivacy Directive
  • Dealing with the rights of data subjects
  • Data protection audits
  • Agreements on contract processing
  • Privacy impact assessments
  • List of processing activities
  • Special features of employee data protection
  • Contact with supervisory authorities
  • International data flows
  • Documentation of your data protection compliance
  • Advice on technical data protection
  • CCTV surveillance
  • Advice on direct marketing strategies
  • Development of a corporate data protection system
  • Dealing with data glitches
  • Introduction of a data protection management system
  • Special features of healthcare data protection
  • Data protection training

IT-SECURITY IS BECOMING INCREASINGLY COMPLEX – AND MORE IMPORTANT

The security of your IT is of central importance in view of modern business processes such as collaboration, cloud computing and mobility, and the resulting increasing complexity of IT systems.

In this context an all-round security concept including certification and audits is a growing challenge, but also a solid basis for your growth strategy.

  • Development of an IT security concept
  • Risk management
  • ISO 27001 certification
  • IT security audits
  • ISO 27701 certification
  • List of basic IT protection measures
  • Documentation of your IT compliance
  • Advice on cloud computing, collaboration and mobility strategies
  • Performance of penetration tests
  • Introduction of an information security management system (ISMS)
  • IT security training

LEGAL ADVICE – BECAUSE DATA PROTECTION IS RARELY JUST DATA PROTECTION

In order to be able to provide you with the best possible support in areas relating to data protection, our service portfolio also includes legal consulting.

Our consultants are experienced and recognised experts in IT law, intellectual property law, employment law and all related legal fields.

And of course we also represent clients in court.

  • Data protection law
  • IT law
  • Employment law
  • Intellectual property and competition law
  • Telecommunications law
  • Online and Internet law
  • Software contract law
  • Media law
  • Copyright law
  • Trademark law
  • Company law
  • Procedural law

Interview with Markus Säugling, founder of Magellan

“Data protection must finally be given a positive status again!”

Mr. Säugling, why is data protection such an unpopular topic?

Markus Säugling: Because companies associate data protection with the fact that they can no longer act the way they wish, and because there are only a handful of consultants in Germany who can show companies real solutions. Unfortunately, data protection has become a kind of “smelly nappy” that nobody wants to hold.

 

But you’re happy to deal with it, aren’t you?

MS [laughs]: Yes, I’m happy to deal with it, just like everyone at Magellan! For all of us, it’s the highlight of the day – it’s what gets us out of bed in the morning. If you look into the faces of your clients during a sales pitch or consultation while you present the solution to a previously insurmountable data protection problem and you see the tension disappear from their faces and give way to a broad smile – honestly, these are moments when I love what I do even more than normally. That’s the motivation for everyone in my teams! We’re all passionate about this topic.

 

But let’s be honest: are you the only ones who can manage that?

MS: Of course we are! That’s why Magellan exists. It’s for others to decide if we’re the only ones who can do it. But over the last 20 years I myself have developed a very clear opinion on this [laughs].

Read more ...

Can you share your operational approach with us?

MS: I could, but I won’t. Our methods involve a wealth of in-house experience and industry know-how from many years spent as external consultants – and you can’t seriously expect me to reveal it all! Even without such information our competitors are already copying us much more than I think is legal, but instead I’ll give you an insight into the problems in practice. Let’s simply run through the usual development of a data protection project, and believe me, I can no longer count how many times I have experienced this myself:

Lena from Marketing is scheduled to implement an important advertising campaign with an external agency this month. The sales figures are not what they should be. She develops the concept, the graphic implementation and the product details, and now only needs the approval of the data protection officer, the IT department and the company lawyer.

And so Lena first describes her project to the data protection officer and gets a template downloaded from the Internet pressed into her hand. She is sent to the IT department because the template has to be supplemented with appropriate technical and organisational measures in line with the latest technology. There are penalties involved and the issue of the burden of proof still needs to be clarified. The subjects of the advertising campaign must have provided the appropriate consent and the company needs to be able to prove this – even though the customer data is taken from an old customer management system and nobody has ever been able to completely determine its origins.

Lena now goes to her colleagues in the IT department. She can’t solve the issue of consent and hasn’t fully understood the technical content either. She can therefore only formulate the concrete IT requirements in vague terms. Her helpful colleagues in the IT department tell her that they’ll be happy to support her, but that they regard themselves as a service unit that needs to be told exactly what it is they need to implement.

A sufficient budget will have to be available, a requirements ticket will have to be created and a management decision regarding the use of resources for the next IT release will be required. But with the best will in the world, nobody can decide what exactly is appropriate and what the latest technology is. The company’s own lawyers will have to determine this. But in any case, the data will have to be transmitted securely, i.e. encrypted, ideally with two-factor authentication. In the end the advertising agency will have to delete the relevant data in all primary systems in compliance with data protection regulations and also clean up the backups. A separate partition is recommended in any case.

With this information, Lena now goes back to the in-house lawyer and asks for the contract to be finalised as quickly as possible, because her campaign urgently needs to get going. The lawyer promises to work on it – once he receives clear guidelines from the departments involved, because he can only work with what he is given.

Lena is now on the verge of despair and has no prospect of a quick and appropriate solution. She discusses the situation with Marc from the agency, who shakes his head while making notes in his MacBook Air, which is logged into the public Wi-Fi system of Starbucks around the corner. He has organised all his projects neatly on the desktop of his MacBook and of course uses Dropbox, because the programme is so wonderfully simple. He has never heard of such requirements – none of his customers have ever asked for anything like this. He tells her that at the end everything will of course be deleted. All they need to do is find out exactly where to find the data.

By this time four weeks have passed and the project has either been abandoned or is the subject of countless escalation meetings at various management levels.

 

That really doesn’t sound easy.

MS: I didn’t claim it was. Viewed from the outside it’s very complicated. And by the way, from the inside too [laughs].

It’s always the same three divisions that are friendly strangers to each other. Three areas that speak a different language. Legal, IT and the specialist departments are always on a kind of collision course. The “smelly nappy” is left lying around and nobody wants it, because none of these divisions can work completely within its own particular comfort zone – that’s simply human.

You have to be able to communicate with all three departments, and do so their own language. That’s the only way to achieve the desired results. And you must then bring together the results of these mutually alien worlds.

As a lawyer you need to bring along the legal basis, but during the actual consultation you also have to be a computer scientist and a process designer. It’s not enough just to have a good contract – that isn’t even 20% of the road to success. Believe me, I’ve seen every mistake that can possible be made, and this experience is invaluable in practice-oriented consulting.

 

Okay, so now why Magellan?

MS: That’s very simple. If you ask me about my opinion as the founder of our “embedded tech lawyering” idea, I would say because we’re the only ones who can do it! But of course that’s what every company founder will tell you with conviction.

However, we’ve been doing this for more than 18 years now and not – unlike many of our competitors – only just since the introduction of the new EU legislation in 2018. Today you get the impression that data protection consultancy is practised by anyone who thinks they can spell the word correctly. It’s terrible what’s going on out there on the market.

We refer to the combination of law, process and IT in a uniform consulting approach created by us as “embedded tech lawyering”. One-stop shopping for the entire service.

You give us the smelly nappy, we take charge of the entire process and provide you with a finished product, finalised and approved by the individual departments. The people involved are sensitised and made aware of typical mistakes. Everything’s ready and the client is good to go!

And now what I mentioned earlier happens. All of a sudden data protection smells good again and you hear reactions such as: “What on earth were we worrying about!”, “Why didn’t we do it that way from the beginning?”, and “It’s even better than before!” You remember – that’s the “Eureka” moment we get up for in the morning. And this positive basic attitude now makes everything possible. Well, almost everything, provided the project is set up correctly from the beginning.

It’s something you simply have to experience for yourself. We enjoy every single day here, and this is clear to everyone who is in contact with us. We look forward to every new day!

 

Thank you very much for the interview.

In only two days we knew our timetable in the matter of data protection basic regulation. With Magellan, it’s now our turn.

Nicole Jaskolla, Agiles GmbH & CO. KG

Better safe than sorry!
Especially when it comes to your data

Magellan offers you as the client a free, penetration-proof Secure Data Room for the exchange of all data and documents. The operations and processes of the Magellan Secure Data Room are ISO 27001-certified and meet all the requirements of the EU’s General Data Protection Regulation in terms of data protection and data security.

Next steps? A call is all it takes.

We take care of everything else: +49 89 5880316-10 or
info@magellan-rechtsanwaelte.de