Digital services for communication and collaboration are now used in almost every project. From a data protection perspective, however, their use must be well thought out and clear agreements, measures and instructions must be in place to ensure the security of the data processed there.

Ensuring data protection

• Discuss with your project partners in advance which software solutions will be used. Determine who will be responsible for data protection compliance in the respective offers.
• Agree with those involved in the project which data will be shared via the various communication channels. For example, avoid sending personal data unnecessarily by email or messenger. Instead, save this data in a file and only send the link to the file storage.
• Only use data protection-compliant software solutions. If third-party providers process data, check the providers and conclude an order processing contract if necessary. 
• Ensure that all systems are configured in a data protection-friendly manner.

Duty to inform

The project partners usually agree on the internal use of communication and collaboration services at the start of the project. In practice, detailed information about data processing is often not provided. However, as soon as people outside the project use these services, you must fulfil the information obligation as specified. For example, if you invite external parties to your video conferencing solution, you as the controller must provide the data subjects with appropriate data protection information. 

Documentation

The same applies here: document all data protection-relevant topics. These can serve as a basis for future projects.