background

GDPR & National Laws

The General Data Protection Regulation (GDPR) sets out a wide range of obligations designed to protect personal data. This does not only include clearly identifiable information such as names, email addresses, telephone numbers, tax IDs, or social security numbers. Even business contact details of partners or suppliers may fall under the definition of personal data if they relate to an identified or identifiable individual.

Depending on the nature and scale of processing activities, companies may be required to appoint a Data Protection Officer (DPO). In addition, every organization subject to the GDPR must maintain a record of processing activities and be able to present it to supervisory authorities upon request. Data subjects must be informed transparently about their rights — such as the right of access, rectification, erasure, or data portability — and organizations must implement clear procedures for responding to such requests.

Europe GDPR
GDPR Mobile

Another central obligation is the duty to report personal data breaches to supervisory authorities, and in certain cases to the affected individuals, within strict timelines. Where an internal DPO is appointed, the company must ensure they receive appropriate resources, sufficient independence, and adequate training to fulfill their role effectively. Employee training in general is considered a key element of compliance, as awareness at all levels of the organization is essential to prevent violations.

In addition to the GDPR, national laws in EU member states impose further obligations. In Germany, for example, the Federal Data Protection Act (BDSG) contains specific requirements such as the obligation to appoint a Data Protection Officer already when at least 20 employees are regularly involved in the automated processing of personal data, as well as rules on employee data protection and video surveillance. Similar national variations exist in other EU countries. For international companies, this creates an additional layer of complexity: while the GDPR provides a harmonized framework, diverging national rules make compliance more demanding, as obligations may differ from country to country and must be carefully observed in each market.

How Core Supports You

Achieving GDPR compliance is not a one-off task, but an ongoing process that requires expertise, structured methods, and practical solutions. CORE helps organizations identify gaps, implement improvements, and establish a framework that ensures both immediate compliance and long-term resilience.

External Data Protection Officer

We take over the formal role of DPO where required, ensuring official registration with supervisory authorities and acting as a reliable point of contact for both regulators and data subjects.

Privacy Audits and Process Reviews

Through systematic audits we uncover weaknesses in existing processes, contracts, and workflows. We then provide clear recommendations and support you in implementing corrective measures.

Staff Training and Awareness

From entry-level employees to executives, we provide targeted training programs that raise awareness, build competence, and establish a culture of responsibility for personal data.

Product and Service Analysis

We review new and existing products or services from a data protection perspective, identifying risks early and helping you design GDPR-compliant solutions without slowing innovation.

Rapid-Response Support

When acute issues arise — such as inspections, data subject requests, or breaches — our experts provide immediate assistance. Our ready-to-use action plan helps companies quickly improve their GDPR compliance in critical situations.

We help our clients stay compliant and secure!

Reach out via our contact form or send us your details — our team will get back to you promptly with practical guidance.

Internationally operating data protection advisory firm supporting companies with smart, practical compliance solutions.
Get started