SMEs are increasingly finding that they (alongside large corporations) also need to set up their own compliance departments to adequately deal with the multitude of regulatory requirements. It is, however, complicated for compliance officers to sufficiently screen all of the company’s business processes. Using the latest technologies provides effective support, for example by monitoring global processes or optimally designing a compliance management system.
The internal investigation of criminal offenses or other compliance violations is one of the important tasks of the compliance department.
In some cases, entire e-mail or document databases have to be examined for these purposes, which quickly pushes the department’s own personnel resources to their lim-its. Today, innovative software applications are able to provide effective sup-port for such forensic analyses. And even after the violations have been re-solved, such systems offer the possibility of preventing or quickly detecting fu-ture violations and other compliance risks through effective monitoring. Of course, such processing must comply with data protection regulations. We support you in the internal investigation as well as in the development and implementation of the above compliance systems and ensure the legal con-formity of the implemented measures.
Compliance Management & Whistleblower Systems
The large number of regulatory requirements usually necessitates the use of an IT-supported compliance management system.
Compliance management systems
This system must be aware of and be able to control all internal business pro-cesses so that the personal liability of managers and board members can be reduced to a minimum. We have already assisted clients in a large number of cases with introducing compliance management systems and are familiar with the problem areas that arise in this context.
An important task of the Compliance department is also the internal transposi-tion of the new EU Whistleblower Directive. As of December 17, 2021, com-panies with more than 250 employees are obligated to set up an internal re-porting channel that ensures the confidentiality of the identity of whistleblow-ers. When setting up a whistleblower system, requirements under co-determination law and data protection law must be observed, not least to en-sure that the reporting threshold is particularly low. The need for anonymity of the whistleblower must be balanced against the need to notify the affected party in a legal and documented manner. We support our clients in this pro-cess from a legal point of view.
Cyber Crime and Remediation
Cyberattacks on companies have increased massively in recent years. Ac-cording to Article 32 GDPR, companies are obligated to take appropriate tech-nical and organizational measures to prevent such attacks as best as possible and to document this.
Procedures must be developed and introduced in the company to enable rap-id restoration of systems (remediation). Violations of the above obligations re-sult in severe penalties from the supervisory authorities. We support our cli-ents in setting up an IT security management system and the technical and organizational measures required under the GDPR, as well as in responding to cyberattacks, including reporting data protection incidents to supervisory authorities, initiating criminal proceedings, and handling insurance claims against providers of cyber insurance.