GDPR or: Why this could be the last newsletter we send you
Four letters that spell more security
GDPR – these four letters are currently making life difficult for a lot of companies and entrepreneurs.
Thought it might sound like a new e-bike motor, or perhaps an additive in the latest energy drink, in reality this is the abbreviation for the EU-wide General Data Privacy Regulation.
As the GDPR comes into effect on 25 May, many of those affected are becoming aware that they:
- actually handle data,
- have to protect this data, and
- have no idea at all what the GDPR is going to change.
In light of this, the Economic Chambers are holding daily information events, and it’s a hot topic at just about every conference at the moment. Some events are even focused solely on GDPR – such as Data Protection Day in Salzburg (which our two Data Protection Officers attended, of course – the buffet was divine).
But what does it all mean in practice? What data can actually be collected and processed, and who is ultimately responsible for ensuring this data is protected?
What the GDPR covers
Personal data must be handled with the utmost care. This data not only includes a person’s name, date of birth and address: according to the GDPR, an IP address also directly relates to an individual.
There are four main points to consider when handling personal data:
The information obligation: no matter whether analogue, photographic or digital, whenever users’ data is collected, they must be informed about precisely how their data is saved and processed.
The rights of the persons affected afford every individual the right to access data held about them along with the so-called “right to be forgotten” (i.e. to have data relating to them deleted). Individuals must also be able to correct data about them, have it transferred or revoke their consent to data being collected.
A register of processing activities must record contact details, the reason for the data processing and a description of the data categories.
What’s more, data privacy must be considered at the initial design stages and throughout development of processes and applications. Privacy by design and by default dictates that, as a fundamental rule, data should only be collected if it is relevant to provision of a service or product and such data collection is absolutely essential. This should put an end to the unrestricted, rather manic compulsion to collect data.
How we’re dealing with it
As a data processing and communications service provider, we consider it our responsibility to support our clients as they seek to conform to the GDPR. Our specialist GDPR contact number has been ringing off the hook for weeks, with all manner of queries about cookies, data privacy statements, mandatory fields in online forms, etc. However, we do more than simply provide information on the provisions of the new legislation: we also adjust and adapt applications and websites we manage for our clients. By doing so, we ensure that these four letters afford everyone affected a feeling of security rather than discomfort and worry.
The last thing we would want for ourselves and our clients is to suffer a rude awakening and have to deal with penalties for failing to adhere to the new regulations. As is so often the case, prevention is the best protection.
To make sure this isn’t the last newsletter you get…
…we need your active consent to receiving this concentrated blast of information and other important news from Identum.
To agree to this, click the opt-in link by 25 May, or else we’ll be forced to opt you out as an artefact dating from pre-GDPR times.
We hope you’ll hear from us again in future. Of course, your data is always safe with us!