On May 25, the European General Data Protection Regulation (GDPR) will become effective and raises and it’s kicking up a lot of dust around data processing. We believe it’s a good thing. Because data protection is important and as a consumer you have a right to transparency and, if necessary, to intervene in the event of improper data processing. In this article, you can read how we implement data protection – and thus comply with GDPR – at Coursepath.
You may be asking yourself: What’s all this talk about GDPR? It’s a valid question and yet the answer is simple: If you are a consumer and live in Europe, then the new legislation applies to you. It is intended to protect your person and therefore also your personal data. Organizations are no longer allowed to process your data without being asked. Your consent is crucial.
Here are the most important rules:
People have the right to access their own personal data without having to give specific reasons for doing so. This means that you can ask any organization whether your data is being processed there, and if so, which data. The organization is obliged to provide information about the following:
A Post-it with a note that you are not working on Monday afternoon does not fall under the category “personal data”. Only when the information is added to a collection of information or shared with third parties is the organization required to provide the information. Incidentally, if information is incorrect, you can request that it be corrected.
Nobody really wants to be forgotten. But suddenly the buzzword “right to be forgotten” is circulating. Of course, it’s not the person, but the digital identity, based on data stored in all kinds of systems. As a consumer you have the right to have this data deleted. This is possible if:
The respective organization is legally obliged to delete data after a certain period of time. For example, in the case of salary payments, there is a period of 2 years after the end of the employment after which the data must be deleted.
The issue of portability is about the possibilities of transferring personal data. Under certain circumstances, you have the option of receiving your personal information from the organization in question. You can store this data and send it to third parties. You can also request that the data be transferred directly to a new contractor, if this is technically possible. The organization holding the data must not stand in the way of this process: it has to ensure that data collections can be easily sent and forwarded.
The following data fall under portability:
The General Data Protection Regulation applies to all organizations that process personal data, including small and medium-sized enterprises. Here too, agreements with customers, telephone numbers etc. are recorded digitally.
This article is primarily about data collected at Fellow Digitals – through the use of one of our products or the websites. For an overview, here is an infographic from endpointprotector.com, which summarizes GDPR for consumers in general.
Fellow Digitals is ready for the new legislation. We have made various changes to meet the strict requirements of GDPR. Customers and website visitors can therefore rest assured that Fellow Digitals will process the collected data with the utmost care and in accordance with the law.
With legal support we have adapted our systems and our contracts with third parties (e.g. Google) to the new legislation. As a result, our customers have a new regulation on order processing (AV). The AV stipulates how internal data of software use is processed and stored. As a European Software-as-a-Service provider we have always had an extremely high standard in this respect.