After half a year with GDPR we received a lot of multifold correspondence being attempts to adapt to the new EU General Data Protection Regulation (GDPR) directive. Most of it could have been spared, but insecurity is huge, and with the upcoming first warning wave and first precedence sentences there probably will be more clarity soon. But it’s already clear again: There is nowhere more effort put in it than in Germany !
What is it really that the GDPR requires from us? I’m not a lawyer nor is this a legal advice, but I feel that’s pretty simple: It is mandatory that we, at any time, on request can give evidence:
- Which personal data do we record?
- Where / how do we store it?
- How long is it stored / when will it be deleted?
- Who has access?
- What is it used for?
- Is there an explicit declaration of consent (Opt in) for that?
In addition we are obliged to delete this data on request verifiably.
So it’s nothing much. There has been a lot of it in the German UWG for a long time already, lawsuits have been limited, and there were even few who cared. Actually I keep on receiving a vast number of spams and unwanted advertising…