Request demo
Case Studies

General Data Protection Regulation (GDPR)


The principles of the GDPR- Art. 5 GDPR

The GDPR is based on principles. The new European Data Protection Act came into force on 25 May 2018. It aims, among other things, to harmonise European data protection legislation to reflect the increasing digitisation and thus cross-border use of personal data.


The principles of the GDPR are:

Lawfulness of processing

The Art. 6 GDPR defines lawfulness of the processing in detail. This is particularly the case if the subject to personal data has given consent.

Processing in good Intent

This principle relates, above all, to whether the actions of companies processing personal data are upright. This cannot be defined as clearly as consent and must, consequently, be assessed on a case-by-case basis. Certifications of various kinds are a way of expressing one's honesty.


The principle of transparency intends to guarantee the person concerned the right to informational self-determination. The GDPR defines the duty to inform, the right to information of the person concerned and technically, requirements regarding privacy by design and privacy by default. This is specified in Art. 12 ff and Art. 25 GDPR.

Purpose Limitation

The GDPR requires a specific assignment of the collected personal data to a specific purpose. The purpose must also be clearly stated during the collection.

Data Minimisation

This principle intends to ensure that personal data is not collected and processed inappropriately.

The Correctness of Data Processing

Organisations must assure the accuracy of the personal data being processed and are obliged to make corrections or deletions as necessary.

Storage Limitation

The storage limitation limits the duration of the retention of personal data. If storage is no longer necessary for the processing purpose, the personal data must be deleted per the statutory retention periods.

Integrity and confidentiality

Anyone collecting personal data must also protect it accordingly. To this end, the GDPR obliges companies to use technical and organisational measures (TOMs) to ensure the protection of personal data. The GDPR specifies the TOMs in Art. 32. These include, for example, encryption and access regulations, role concepts, disposal and more.

The GDPR also regulates the consequences of violations. Anyone who violates the GDPR faces fines of up to € 20 million or up to 4% of worldwide annual sales for companies. Also, companies have to reckon with measures taken by the supervisory authorities.


Where can a Midoffice  System help to comply with GDPR?


GDPR principles
Midoffice elements
Lawfulness of processing
Datatransmission from collecting systems / CRM
Processing in good intent
Certificates, references
General system architecture / CRM
Purpose limitation
Datatransmission from collecting systems / CRM
Data minimisation
General system architecture, database structure
The correctness of data processing
Manual influence, document management
Storage limitation
CRM, document management
Integrity and confidentiality
TOMs – role definition, access regulation ...

What is the meaning of the GDPR logo that we communicate on the website and in other communication tools?

The logo should express two things, that ...
  • ... MIDOCO Group complies with data protection legislation, codes and tests its software, and manages customer relationships accordingly. There is currently no certification for compliance with the GDPR.
  • ... the products of MIDOCO Group support companies to implement the GDPR in their companies. For example, the document management system or the fact that the principle of data minimization is simplified by central data storage serves this purpose. The responsibility for compliance with the GDPR lies solely with the companies themselves.
The logo does NOT state that ...
  • ... the processes and products of MIDOCO Group are GDPR certified by an independent third party.
  • ... the use of the products Midoco Midoffice, or Umbrella Faces for customer companies ensures compliance with data protection legislation.