Data protection for your company
If you do business with end customers or companies in the EU, you should definitely work in a GDPR-compliant manner.
Here you will find information about the organizational obligations under data protection legislation and the General Data Protection Regulation, including transparency towards service users and the response to a person who exercises their data protection rights.
The GDPR imposes direct obligations on companies and organizations to process data on an EU-wide level. According to the GDPR, an organization can only process personal data under certain conditions. For example, the processing should be fair and transparent, serve a specific and legitimate purpose and be limited to the data necessary to fulfill that purpose. In addition, the processing must be based on at least one of the following principles.
- The consent of the data subject.
- A contractual obligation between your company and the person concerned.
- The fulfillment of a legal obligation.
- To protect the vital interests of the individual.
- To fulfill a task that is in the public interest.
- For the legitimate interests of your company, but only after verifying that the fundamental rights and freedoms of the person whose data you are processing are not seriously impaired. If the rights of the person outweigh your interests, you cannot process the data.
The main steps you need to take to ensure compliance with data protection laws are as follows:
- Identify what personal information is in your possession.
- Conduct a risk assessment of the personal information in your possession and your data processing activities.
- Take appropriate technical and organizational measures to ensure that the data (on digital and paper files) is stored securely. The security measures your company should take depend on the type of personal information and the risk to your customers and employees.
- Do you know the legal basis you are relying on?
- Make sure that you only collect the minimum amount of personal data necessary to conduct your business, that the data is accurate and is not retained for longer than is necessary for the purpose for which it was collected.
- Be transparent to your customers.
- Determine whether the personal data you are processing falls into the category of special categories (sensitive) personal data, and if so, what additional precautionary measures you need to take.
- Decide whether you want to use the services of a data protection officer.
Privacy is essential to a company's reputation.
We therefore offer services and information designed to help you conduct your business in a transparent and compliant manner.Here you will find our GDPR services