General Data Protection Regulation (GDPR)

The GDPR is based on principles. The new European Data Protection Act came into force on 25 May 2018. It aims, among other things, to harmonise European data protection legislation to reflect the increasing digitisation and thus cross-border use of personal data.

Lawfulness of processing

The Art. 6 GDPR defines lawfulness of the processing in detail. This is particularly the case if the subject to personal data has given consent.

Processing in good Intent

This principle relates, above all, to whether the actions of companies processing personal data are upright. This cannot be defined as clearly as consent and must, consequently, be assessed on a case-by-case basis. Certifications of various kinds are a way of expressing one's honesty.

Transparency

The principle of transparency intends to guarantee the person concerned the right to informational self-determination. The GDPR defines the duty to inform, the right to information of the person concerned and technically, requirements regarding privacy by design and privacy by default. This is specified in Art. 12 ff and Art. 25 GDPR.

Purpose Limitation

The GDPR requires a specific assignment of the collected personal data to a specific purpose. The purpose must also be clearly stated during the collection.

Data Minimisation

This principle intends to ensure that personal data is not collected and processed inappropriately.

The Correctness of Data Processing

Organisations must assure the accuracy of the personal data being processed and are obliged to make corrections or deletions as necessary.

Storage Limitation

The storage limitation limits the duration of the retention of personal data. If storage is no longer necessary for the processing purpose, the personal data must be deleted per the statutory retention periods.

Integrity and confidentiality

Anyone collecting personal data must also protect it accordingly. To this end, the GDPR obliges companies to use technical and organisational measures (TOMs) to ensure the protection of personal data. The GDPR specifies the TOMs in Art. 32. These include, for example, encryption and access regulations, role concepts, disposal and more.

The GDPR also regulates the consequences of violations. Anyone who violates the GDPR faces fines of up to € 20 million or up to 4% of worldwide annual sales for companies. Also, companies have to reckon with measures taken by the supervisory authorities.

The logo should express two things, that ...

• ... MIDOCO Group complies with data protection legislation, codes and tests its software, and manages customer relationships accordingly. There is currently no certification for compliance with the GDPR.
• ... the products of MIDOCO Group support companies to implement the GDPR in their companies. For example, the document management system or the fact that the principle of data minimization is simplified by central data storage serves this purpose. The responsibility for compliance with the GDPR lies solely with the companies themselves.

The logo does NOT state that ...

• ... the processes and products of MIDOCO Group are GDPR certified by an independent third party.
• ... the use of the products Midoco Midoffice, Umbrella.net or Umbrella Faces for customer companies ensures compliance with data protection legislation.