Challenge.

To better manage the complexities of the EU’s General Data Protection Regulation (GDPR) and Germany’s Federal Data Protection Act (BDSG), Schukat electronic aimed to centralise and organise all relevant processes and documents across its organisation. The goal was to establish clear policies governing the use of information technology, employee communication, and customer data. By bolstering data protection, the company wanted to reinforce the trust of its customers and optimally prepare for all regulatory requirements.

Thanks to Bechtle, we are now able to enforce data protection through even more stringent processes. Bechtle not only helped us develop our data protection management system but also continues to provide an external data protection officer who assists us with all relevant matters and quickly resolves any questions that arise. The transparent structure of related processes along with Bechtle’s consistency in guiding us through the jungle of regulations take a real load off our shoulders in our day-to-day operations.

Georg Schukat, Managing Director, Schukat electronic Vertriebs GmbH

Solution.

Bechtle began with an assessment of existing processes and documents relevant to data protection. The results informed Bechtle’s design of a data protection management system that fulfils both GDPR and BDSG requirements. AKARION GRC (governance, risk and compliance) was introduced as a cloud-based platform for documentation and risk management, incorporating all technical and organisational measures (TOMs) and enabling Schukat to approach data protection systematically and effectively. Bechtle trained Schukat’s employees in relevant tools and processes, developed comprehensive policies for data protection and technology use, and established a record of processing activities (RoPA).

The RoPA lists every single activity through which personal data are being processed, including video surveillance, payroll accounting, visitor records, personnel management, marketing, and even website hosting. With Bechtle’s assistance, Schukat electronic comprehensively clarified all questions regarding the legal framework, data use and retention, related hardware, and data subjects. In addition, Bechtle adapted the company’s websites and social media channels to ensure compliance with all legal requirements as well as transparency into data protection policies. Bechtle continues to conduct regular audits and training seminars at Schukat so the company can rest assured they’re always on top of current and future data protection requirements.

Business benefits.

  • External data protection expertise – Bechtle injects knowledge and relieves internal resources.
  • Cloud-based GRC tool – Efficient management of all data and documents subject to data protection rules.
  • Hands-on training – Ongoing training programmes enhance employee awareness and practical skills.
  • Transparent processes – Every step handling sensitive data is documented and auditable.
  • Optimised web security – Enhanced transparency across all websites and social media channels.
  • Legal security – GDPR-compliant processes ensure personal data are always protected.