Checklist on the Benengebergerschutzgesetz
The Nobil Protection Act is there.
Answer the questions on the checklist to find out what you should best do as a private employer.
1.) Am I an employee?
The employer is every person, every corporation (e.g. GmbH, AG), every foundation, every legal association (ZBEV), every legally capable partnership (e.g. OHG, KG, GmbH & Co. KG), provided that at least one other person employs.
It does not depend on the payment of employment. Interns, volunteers, volunteers, trainees, employees in workshops for disabled people are considered to be employees - as are (probably also) agency workers.
[] No - the Hinschg does not apply.
[] Yes - continue with question 2.)
2.) Do I have to set up a registration office?
Employees who employ 50 or more must set up a registration office. The decisive factor is the employment situation that the company generally characterizes. Capital market service companies have to set up registration offices regardless of the number of employees.
[] No - a registration office does not have to be set up.
[] Yes - continue with question 3.)
3.) By when do I have to set up the registration office?
Employees with 250 or more employees must have set up and operate the registration office on July 2, 2023 at the latest. Employees with 50 to 249 employees must have set up and operate the registration office from December 17, 2023.
[] July 2, 2023 - Immediately with question 4.)
[] December 17, 2023 - I can still breathe a little, but continued with question 4.)
4.) Have I already carried out a data protection consequences for the registration office?
The operation of a registration office is associated with high risks for the rights and freedoms of the data subject due to the necessary processing of personal data. Therefore, a data protection sequence assessment must be carried out before commissioning the registration office. The purpose of data protection consequences is to name the risks and to evaluate and manage them.
[] No - continue with question 5.)
[] Yes - continue with question 7.)
5.) Did I name a data protection officer?
If a data protection officer is named, its advice must be obtained to carry out the data protection sequence. The implementation of a data protection sequence assessment is a data protection and data protection-demanding task, which corresponding expertise is indispensable for coping with it.
[] No - If a data protection officer is not named, the data protection sequence assessment should be carried out with external data protection support. Then continue with question 6.)
[] Yes - the advice of the data protection officer must be obtained. In addition, the external data protection assessment of the council of the data protection officer is advisable. Then continue with question 6.)
6.) Is there a works council in my company?
When carrying out a data protection consequence of the consequences, the point of view of the representatives of the data subject must be obtained. The employees of the company are primarily affected by the operation of the registration office. Therefore, the position of the works council must be obtained.
[] No - continue with question 7.)
[] Yes - external legal advice should be obtained when obtaining and for assessing the position of the works council. Then continue with question 7.)
7.) Do I want to commission an external service provider to operate the registration office?
The internal registration office can be set up by either entrusting a person employed by the employer with the tasks of the registration office or the internal registration office is operated by (external) third parties. The commissioning of an external third party does not release the employer from his obligation to take suitable measures himself in order to dismiss a violation. In addition, the registration office must - even if it is operated by an external third party - to carry out internal studies with the employer.
[] Yes - continue with question 8.)
[] No - continue with question 10.)
8.) Is there a written contractual relationship with the external service provider?
The operator of the registration office provides a service for the business owner. The operator gives sensitive and possibly explosive information about the company and the employees. At the same time, the company owner must be able to eliminate reported grievances based on the activity of the external service provider. This complex network of responsibility and responsibility between the external service provider and the employee requires a balanced contract.
[] Yes - let the existing contract check the existing contract! In this way, regulatory gaps or ambiguities can be eliminated before they become unexpectedly disputed in a conflict case. Then continue with question 9.)
[] No - do not accept the pre -formulated contract offer of the service provider without a legal examination. Let us create a suitable contract for you by the legal expert. Then continue with question 9.)
9.) Is there also a contract for the processing of personal data on behalf (order data processing contract) with the external service provider?
When operating the registration office, the external service provider necessarily processes personal data about the whistle providers for the employee and on his behalf, about the persons related to the reference and about other people who can be relevant for the reported violation. The rights and obligations of the employee and the external service provider must be regulated in an order processing contract.
[] Yes - External data protection advice should be obtained here in order to check the conformity for both the HinschG and the GDPR, then continue with question 10.)
[] No - pre -formulated contract texts often do not match the specific requirements in individual cases. Get external legal advice so that "your" contract suits you. Then continue with question 10.)
10.) Do I have the professional resources in the company in order to be able to process legal issues in connection with the information incurred in the registration office?
The subject of the information incurred by the registration office can be criminal offenses or administrative offenses, violations of money laundering regulations, data protection grievances, environmental sins, accident hazards and much more. Böswiltlordungen or reckless allegations are also conceivable. In all of these cases, in addition to the examination and remedial of the reported grievance, it is necessary to correctly assess the reported incident in order to assess existing legal risks for the company and for the people concerned in good time. The operator of the registration office must be sensitized to include expert legal experts in case processing at an early stage.
[] Yes - are you sure? If so, continue with question 11.)
[] No - When determining the processes in the registration office for processing in detail, it should be defined when and how legal expertise is consulted. Then continue with question 11.)
11.) Do I have any other questions related to the introduction and the operation of the registration office?
The entry into force of the Refugees Protection Act raises a variety of new, previously unanswered legal questions. This applies in particular to questions of labor law, including dismissal protection law and data protection law, […]
[] No - sure? Please back to question 11.) and critically question.
[] Yes - then I immediately call the Aderhold Rechtsanwaltsgesellschaft mbH in Leipzig and arrange an appointment with men Dirk H. Laskawy and Friedrich Vosberg :
(+49) 0341 44924-300
