The General Data Protection Regulation contains clear requirements for the controller. These requirements apply throughout the EU to all institutions, organisations, companies and individuals that process personal data.
The regulations and requirements may seem very extensive and perhaps a little daunting at first glance, but they ensure that our personal data is adequately protected. Those responsible also receive a lot of support to fulfil this responsibility. On the one hand by their team, and on the other hand by the national data protection authorities, which provide support and numerous tools for questions relating to data protection.
What does that mean for me in concrete terms?
Your role in the company or organisation will determine the significance of these regulations for you personally.
If you are in the role of a responsible person:
- Ensure the implementation of the GDPR.
- Ensure that key elements of the GDPR, such as the processing directory, the documentation of technical and organisational measures and the deletion concept, are created and implemented in the company.
- If in doubt, set up a data protection working group to deal with these issues on an ongoing basis. In addition to the data protection officer (if available), members of such a working group should include people from administration, IT and other specialist departments.
- Sensitise your employees. Data protection must be lived throughout the entire organisation.
- Check other legal obligations and regulations to which you may be subject, especially at national level.
- Ensure that you fulfil all necessary documentation obligations (e.g. data protection notices to employees and customers, conclusion of data processing agreements with external service providers, etc.).
In your role as an employee or project manager:
- Actively consider the topic of data protection in your day-to-day work.
- Talk to other project participants and / or superiors about data protection-related topics as soon as you recognise a need.
- Actively ask internally about the implementation of data protection in your company. You may not be responsible, but your observations and comments can help to raise the organisation's awareness of the issue.
Source: Harish Sharma on Pixabay