«Don’t Panic!» This advice, written in beautiful letters on the front page of the «Hitchhiker’s Guide to the Galaxy», is considered to be a far more exciting situation than the entry into force of the Basic Data Protection Regulation on Friday, May 13. No: 25 2018. Oops, that’s practically NOW!
My message to the companies is, «Don’t panic!» EU Justice Commissioner Vera Jourova tries to smooth the waves in the run-up to 25 May. Recent surveys among companies in Europe have shown that most of them are not properly prepared for the consequences of the General Data Protection Regulation. To do the minimum, you should consider a disclaimer for your next mass mailings. You will find the text at the end of the blog.
The aim of the DSGVO or GDPR is to regulate the processing of personal data by private companies and public authorities uniformly throughout the European Union. The challenge is twofold: to enforce the protective function of the regulation and to enable the free movement of data within the EU. The concept of personal data is not redefined, but taken from the previous regulations. However, six principles for their processing are new. It regulates the legality of earmarked storage, data economy, correctness, limitation, integrity and confidentiality.
This is where the problems begin: Do you really know where, how and according to which criteria your personal data can be stored and made available for use by third parties? It is not just about where and how this personal data is stored, but it is also about which internal services and applications you have granted access to the data. How? This isn’t documented? The application dates from the eighties, nineties of the last century and the code is not deposited? The documents disappeared with the departure of the person responsible at that time? Welcome to the club.
As I said: «Don´t Panic». In most cases, an e-mail helps. See below.
Otherwise, the second most convenient way is to ask the developer of the software used – if he has not already contacted us. The third most convenient way is to simply move your own applications to the cloud of a «trusted service provider».
The safest way is to transfer the storage of personal data to a separate data module in the medium term and to assign new rights from there. With the actesy framework, we are able to extract the data from your existing applications and store it in our own database, which can then only be accessed in a controlled manner. That sounds elaborate, but it isn’t.
Our promise is: We secure your investments because we are fast, flexible and innovative. Skeptical? Then test us. We look forward to hearing from you at email@example.com.
See you on your next digital project. Dear, Mrs/Mr…., We have been sending you information and services to your e-mail address for a long time.
With effect from 25 May 2018, the new basic EU data protection regulation will enter into force. This makes it necessary to update data protection regulations and obliges us to check our address database with regard to data protection requirements.
Of course we would like to keep in contact with you. If you agree, you do not have to do anything because then we would refer to our legitimate interest according to Article 6 paragraph 1 sentence 1 f DSGVO, which mentions the DSGVO among other things in Article 85 (freedom of the press) and, if applicable, ErwG 47 (direct advertising).
Your interests are protected by the opt-out option. If you no longer wish to be contacted with information from our company, we will remove you from the relevant distribution list and delete your data.
If you wish to do so, please use the following link with the note «I wish my data to be deleted from the databases»:
[Individual link in each case]
Disclaimer: This text was formulated to the best of our knowledge and belief. This does not imply any responsibility for complete legal conformity. The advice of actesy AG does not replace the advice of a law firm.