Coursepath is ready for GDPR

Annika Willers · Product News · 3 years ago

On May 25, the European General Data Protection Regulation (GDPR) will become effective and raises and it’s kicking up a lot of dust around data processing. We believe it’s a good thing. Because data protection is important and as a consumer you have a right to transparency and, if necessary, to intervene in the event of improper data processing. In this article, you can read how we implement data protection – and thus comply with GDPR – at Coursepath.

DSGVO

What does GDPR mean for you as a consumer?

You may be asking yourself: What’s all this talk about GDPR? It’s a valid question and yet the answer is simple: If you are a consumer and live in Europe, then the new legislation applies to you. It is intended to protect your person and therefore also your personal data. Organizations are no longer allowed to process your data without being asked. Your consent is crucial.

Here are the most important rules:

Right of access to own personal data

People have the right to access their own personal data without having to give specific reasons for doing so. This means that you can ask any organization whether your data is being processed there, and if so, which data. The organization is obliged to provide information about the following:

  • which data are processed
  • why data are processed
  • to whom data may be passed on
  • where the data originates

A Post-it with a note that you are not working on Monday afternoon does not fall under the category “personal data”. Only when the information is added to a collection of information or shared with third parties is the organization required to provide the information. Incidentally, if information is incorrect, you can request that it be corrected.

The right to be forgotten

Nobody really wants to be forgotten. But suddenly the buzzword “right to be forgotten” is circulating. Of course, it’s not the person, but the digital identity, based on data stored in all kinds of systems. As a consumer you have the right to have this data deleted. This is possible if:

  • the data are no longer required by the respective organization
  • the consent already granted is withdrawn
  • appeal is filed against direct marketing measures
  • data are processed unlawfully, for instance because there is no legal basis for it
  • children under 16 years of age are affected whose data had been collected via a website or app

The respective organization is legally obliged to delete data after a certain period of time. For example, in the case of salary payments, there is a period of 2 years after the end of the employment after which the data must be deleted.

Cyber Security

Right to data transmission (portability)

The issue of portability is about the possibilities of transferring personal data. Under certain circumstances, you have the option of receiving your personal information from the organization in question. You can store this data and send it to third parties. You can also request that the data be transferred directly to a new contractor, if this is technically possible. The organization holding the data must not stand in the way of this process: it has to ensure that data collections can be easily sent and forwarded.

The following data fall under portability:

  • Digital information exclusively. Data collections recorded on paper are not covered by the law.
  • Personal data obtained and processed either with the consent of the consumer or on the basis of a contractual arrangement concluded with the consumer.

GDPR also applies to small and medium-sized enterprises

The General Data Protection Regulation applies to all organizations that process personal data, including small and medium-sized enterprises. Here too, agreements with customers, telephone numbers etc. are recorded digitally.

This article is primarily about data collected at Fellow Digitals – through the use of one of our products or the websites. For an overview, here is an infographic from endpointprotector.com, which summarizes GDPR for consumers in general.

Infographic GDPR

How does Fellow Digitals implement GDPR?

Fellow Digitals is ready for the new legislation. We have made various changes to meet the strict requirements of GDPR. Customers and website visitors can therefore rest assured that Fellow Digitals will process the collected data with the utmost care and in accordance with the law.

Order processing

With legal support we have adapted our systems and our contracts with third parties (e.g. Google) to the new legislation. As a result, our customers have a new regulation on order processing (AV). The AV stipulates how internal data of software use is processed and stored. As a European Software-as-a-Service provider we have always had an extremely high standard in this respect.

Privacy policy

Every organization is obliged to publish a privacy policy. Fellow Digitals has been offering this statement for a long time. In accordance with GDPR, this declaration has now been adapted and can be found at https://www.coursepath.com/privacy.