The principles of the GDPR- Art. 5 GDPR
The GDPR is based on principles. The new European Data Protection Act came into force on 25 May 2018. It aims, among other things, to harmonise European data protection legislation to reflect the increasing digitisation and thus cross-border use of personal data.
The principles of the GDPR are:
Lawfulness of processing
The Art. 6 GDPR defines lawfulness of the processing in detail. This is particularly the case if the subject to personal data has given consent.
Processing in good Intent
This principle relates, above all, to whether the actions of companies processing personal data are upright. This cannot be defined as clearly as consent and must, consequently, be assessed on a case-by-case basis. Certifications of various kinds are a way of expressing one's honesty.
Transparency
The principle of transparency intends to guarantee the person concerned the right to informational self-determination. The GDPR defines the duty to inform, the right to information of the person concerned and technically, requirements regarding privacy by design and privacy by default. This is specified in Art. 12 ff and Art. 25 GDPR.
Purpose Limitation
The GDPR requires a specific assignment of the collected personal data to a specific purpose. The purpose must also be clearly stated during the collection.
Data Minimisation
This principle intends to ensure that personal data is not collected and processed inappropriately.
The Correctness of Data Processing
Organisations must assure the accuracy of the personal data being processed and are obliged to make corrections or deletions as necessary.
Storage Limitation
The storage limitation limits the duration of the retention of personal data. If storage is no longer necessary for the processing purpose, the personal data must be deleted per the statutory retention periods.
Integrity and confidentiality
Anyone collecting personal data must also protect it accordingly. To this end, the GDPR obliges companies to use technical and organisational measures (TOMs) to ensure the protection of personal data. The GDPR specifies the TOMs in Art. 32. These include, for example, encryption and access regulations, role concepts, disposal and more.
The GDPR also regulates the consequences of violations. Anyone who violates the GDPR faces fines of up to € 20 million or up to 4% of worldwide annual sales for companies. Also, companies have to reckon with measures taken by the supervisory authorities.
Where can a Midoffice System help to comply with GDPR?
Lawfulness of processing
GDPR principles
Datatransmission from collecting systems / CRM
Midoffice elements
Processing in good intent
GDPR principles
Certificates, references
Midoffice elements
Transparency
GDPR principles
General system architecture / CRM
Midoffice elements
Purpose limitation
GDPR principles
Datatransmission from collecting systems / CRM
Midoffice elements
Data minimisation
GDPR principles
General system architecture, database structure
Midoffice elements
The correctness of data processing
GDPR principles
Manual influence, document management
Midoffice elements
Storage limitation
GDPR principles
CRM, document management
Midoffice elements
Integrity and confidentiality
GDPR principles
TOMs – role definition, access regulation ...
Midoffice elements
What is the meaning of the GDPR logo that we communicate on the website and in other communication tools?
The logo should express two things, that ...
- ... MIDOCO Group complies with data protection legislation, codes and tests its software, and manages customer relationships accordingly. There is currently no certification for compliance with the GDPR.
- ... the products of MIDOCO Group support companies to implement the GDPR in their companies. For example, the document management system or the fact that the principle of data minimization is simplified by central data storage serves this purpose. The responsibility for compliance with the GDPR lies solely with the companies themselves.
The logo does NOT state that ...
- ... the processes and products of MIDOCO Group are GDPR certified by an independent third party.
- ... the use of the products Midoco Midoffice, Umbrella.net or Umbrella Faces for customer companies ensures compliance with data protection legislation.
Contributors:
Magnus Kunhardt
Group Marketing Director
Steffen Faradi
CEO & Cofounder
Helmut Pilz
SVP Business Development