The Elisabeth Vinzenz Association (EVV) is one of the largest Catholic sponsors of hospitals, care facilities and training centers in Germany. The group data protection officer Dr. Niclas Krohm navigates EVV through two data protection worlds (GDPR and KDG) and also uses caralegal's Privacy Solution Platform.
The Elisabeth Vinzenz Verbund (EVV) employs more than 9,500 people in its thirteen hospitals, making it one of the largest Catholic sponsors of hospitals, care facilities and training centers in Germany.
The association operates facilities in seven federal states and has to navigate data protection through state legal requirements, the General Data Protection Regulation and Catholic data protection law.
Dr. As head of data protection and group data protection officer at EVV, Niclas Krohm is responsible for overseeing and optimizing data protection in the complex network structures.
This includes the task of continually questioning and improving the internal data protection management system. In addition, data protection impact assessments must be carried out regularly as EVV operates in the health sector.
Other topics that concern the Group data protection officer are digitalization and specifically the Hospital Future Act (KHZG). This includes, among other things, implementing the principle of “Privacy by Design” when designing processes.
In 2022, Dr. Krohm's plan is to make the EVV more digital in terms of the data protection management system and, above all, to further standardize it in certain areas. In particular, it was important to move away from Excel spreadsheets that were used to maintain part of the processing directory.
In the search for the right partner for the digitalization of data protection management, many providers were contacted, but mapping Catholic data protection law was a challenge for everyone.
But finally Dr. Krohm talks to caralegal. caralegal's existing experience in health data protection, coupled with its willingness to integrate the requirements of Catholic data protection law into the platform, were convincing.
“We saw that in caralegal we had a partner who wanted to find solutions for the special features that Catholic data protection has in store,” said Dr. Krohm.
For example, all data that the EVV processes must be divided into three special protection classes, which are specified in the so-called implementing regulation for the law on church data protection. caralegal then developed the functions together with the EVV to reflect Catholic data protection law in the software.
The caralegal solution was also able to help save time in the EVV's area of application: For example, an update of the processing directories in the EVV facilities can be carried out directly on site or remotely with the individual process managers. In both cases, the changes are immediately entered into the system, versioned and standardized. “This is of course much more comfortable and intuitive than working with Excel tables,” says Dr. Krohm.
An important criterion for a data protection solution is the adaptability and flexibility of the software: new requirements are continually brought to the EVV, for example by the Catholic data protection supervisory authority. In these cases, the Group data protection officer Dr. Krohm with the product experts from caralegal on how these changes can also be reflected in the data protection management software. Thanks to these quick adjustments, the EVV can always react in a timely manner as required by supervision.
“In my central control function, it is particularly important that I get an overall overview of data protection in the network. caralegal now offers the possibility of retrieving important information with a click of the mouse in the future, instead of having to obtain it from all locations by email,” says Dr. Krohm.”
Due to the many adjustments made to the EVV, caralegal is now ideal for institutions that are subject to Catholic data protection. They have also found a reliable partner who specializes in healthcare.
This article contains an interview with the Group data protection officer Dr. Niclas Krohm from the Elisabeth Vinzenz Association. You can read the full interview here.