The basics of data processing
As a company, you come into various types of customer data. The revision of the Data Protection Act (nFADP, which enters into force on September 1, 2023, will entail a number of new obligations for entrepreneurs. Companies must be particularly careful with personal data, especially with regard to especially sensitive personal data. In some cases, the revised Data Protection Act provides for severe sanctions in the event of a breach of valid provisions. We have put together ten rules in this guide on data processing, which you should following when dealing with personal data to avoid potential sanctions:
- Inform the persons affected at the beginning about why you are saving their data, what you want to use the data for, and whom they can contact with their questions on data protection.
- Create data processing guidelines for your company or amend them accordingly. Follow your own rules and only process or use personal data in the prescribed scope.
- Minimize the unnecessary. Only save and process data that you really need (need-to-know principle).
- If you no longer need the data, delete or anonymize it in a timely manner in compliance with the statutory retention periods.
- Accept a “no.” If the person does not want you to collect or process their data, then you must do as they wish. This is unless you have an overriding entitlement due to a business interest to process the data, for example to process a contract with the person concerned.
- Put yourself in the other person’s shoes and only do what you would deem acceptable for yourself.
- Mistakes happen. For this reason, check your customer data regularly for problematic errors or gaps and update it accordingly.
- Caution is needed in the case of data deemed worthy of special protection (especially sensitive data) treat it with the utmost care and never transmit it to other people or companies.
- Comply with the legal provisions of the revised Data Protection Act and take the right technical and organizational measures to ensure the security of the data.
- Consider carefully how and from where you get your data. Ensure that this happens in a legal manner.