Who is RESPONSIBLE for your personal data?
A municipality can collect personal data to enroll new children in kindergartens or an employer can collect personal data on their employees. In both cases, they are doing something useful with their data and at the same time are responsible for ensuring that it is treated soberly and securely! Along the way, there are often other companies involved that have access to personal data. This could be the IT supplier who does not directly benefit from the company's personal data, but still has access to the systems. They process other people's personal data.
Legally, there is a difference between being a data controller and a data processor. Whether you, as a controller, have collected data for your own purposes or whether you process data at someone else's behest.
This is particularly important to get in place before 2018 due to the high fines that are set based on the company's group turnover. Should a company be able to convince a subcontractor of responsibility for a leak, it could sweep the supplier completely off the market.
The data controller is therefore responsible for compliance with the GDPR and generally ensuring that the data is in line with the requirements of the data subject. The word utility also comes into play here. We citizens are the ones who have the right to our data, and companies may only borrow personal data if it is useful and meaningful!
Therefore, there is no longer any point in adding an extra little "nice-to-have" field in the row of personal data when you create a newsletter sign-up form. All unnecessary personal data should be avoided or deleted.
Are you on top of...
Who is RESPONSIBLE for your personal data?
What data processing agreements do you have with your data providers?
Can you DOCUMENT how you are compliant?
Do all your EMPLOYEES follow compliant processes?
Do we need to hire a DATA PROTECTION OFFICER?
How do you ensure compliant RECRUITMENT?
Are pre-printed checkmarks a CONSENT?