GDPR – Compello works hard to protect customer data


Compello is aware of the EU General Data Protection Regulation (GDPR) and is on schedule to be compliant with its terms by the May 25th, 2018 deadline. During the implementation period we are evaluating all requirements covered in GDPR and we will take action to ensure that we handle customer data in compliance with the law by the 2018 deadline.

The regulation builds on many of the 1995 Directive’s requirements for data privacy and security, but includes several new provisions to bolster the rights of data subjects and adds stricter and larger penalties for violations.

While the current EU legislation (the 1995 EU Data Protection Directive) governs entities within the EU, the territorial scope of the GDPR is far wider in that it will also apply to non-EU businesses who

  1. Market their products to people in the EU or who
  2. Monitor the behaviour of people in the EU

So, even if you are based outside of the EU, but you control or process the data of EU citizens, the GDPR will apply to you.

Compello is updating its data privacy management system according to the requirements of the GDPR. We have established our data protection guidelines covering all relevant parts of the regulations and we are working closely with our sub-contractors and customers to make sure they are compliant and aware.

Frank Dieffenbach

Frank Dieffenbach

Certified Data Protection Officer

Our Data Privacy Officer is Frank Dieffenbach, and if you have any questions about how Compello collects and stores your data, feel free to contact us via

About Frank Dieffenbach:
With a background of post-graduate studies in Business Administration Frank started 1991 as Head of IT and Controlling and Data Protection Officer at a hospital in Mannheim. After several years as Vice President of Administration he started his business as a consultant offering services related to project and quality management. He has been a Certified Data Protection Officer (DSB-TÜV) since 2014 and works as external DPO for several companies in the IT and healthcare sectors.


The Compello Data Protection Management System covers procedures and documentation on


Storage and collection of personal data from all relevant data subjects such as customers, employees, subcontractors and applicants.

Transparency about what we store and for what purpose

Information about the data subjects’ rights regarding their data

• Processes for the correction of data
• Processes for erasing data
• Processes to restrict the processing of data
• Support of the right to transfer data
• Processes to follow up the right to object

Processor and controller guidelines

Technical and organisational methods to guarantee data confidentiality, availability, integrity and security

• Physical Access Control
• Electronic Access Control
• Internal Access Control
• Isolation Control
• Pseudonymisation
• Data Transfer Control
• Data Entry Control
• Availability Control
• Recovery Control
• Incident Response Management
• Contract Control
• Regular PDCA walk-throughs

We are working so that our staff is trained and committed to confidentiality to comply with the new regulations, and so that all our internal procedures are documented in accordance with the regulations.
Our third-party vendors who process personal data on our behalf have shall all sign contracts that include the same processor requirements.
If you want to know more about GDPR follow this link