Influence of GDPR Guidelines on the Work of Companies and PCOs
The new General Data Protection Regulation (GDPR), which standardises data protection guidelines within the EU community, entered into force on 25 May 2018. It is binding for all legal persons and entities that process data pertaining to EU citizens. It is intended as an approach to control excessive data collection in an increasingly networked world.
The GDPR defines responsibilities and processes in order to ensure data protection among data processors. For this purpose, data processors are grouped into those commissioned to carry out data processing (‘processors’) and those responsible for the processing (‘controllers’). Processors must ensure that the systems and processes they use for data processing comply with the GDPR. Companies and PCOs are usually considered to be controllers with ultimate responsibility for processing.
In this capacity, companies and PCOs need to ensure that the entire data processing process complies with the GDPR. The regulations set out in the GDPR concerning the processing of sensitive data (personal, booking and financial data) concern first and foremost:
- Access options
CPO HANSER SERVICE introduced the following measures to implement the obligations of data controllers as set out in the GDPR: :
- Data is only processed for defined purposes if consent has been given
- No general clauses for data processing
- Security and data protection through appropriate technological design
- Data hosting only in high-security data centres in Europe, mainly in Germany
- Cooperation only with GDPR-compliant data processors and technology partners
- Implementation of data protection and emergency plans
- Internal data protection guidelines and data protection training for companies
- Collection of data is only compulsory with mandatory data
- Data is deleted when it is no longer needed
- No data use without explicit consent
- No data sharing with third parties
- Existence of data processing contracts (DPCs) with all processors acting on behalf of the controller
- A record of all data processors, including the contact details of personal contacts and data protection officers
- GDPR-compliant data protection guidelines, including information about contracted processors and technical systems as well as their data protection guidelines
- Information about data processing processes and data retention periods
- Information about the purposes of data processing
- Customers have control over their data at all times
- It is possible to modify and delete data
- A qualified internal data protection officer
- A complete data processing record with documentation of data processing and emergency processes
- Close cooperation with contracted processors to optimise data protection in processing chains
- Regular security checks of all IT systems and data processing processes
- Regular review of work processes
- Regular updates to data protection guidelines and data protection training for employees
CPO HANSER SERVICE and its own IT company GLOBIT GmbH, based in Germany, are prepared for strict data protection requirements. However, our responsibility does not end there as far as this issue is concerned.
We also support our customers and partners in their efforts to comply with data protection guidelines. Contact us today!