March 19, 2021
Can you still remember the telephone number databases on CD? With which we could identify callers on our ISDN system in the early 2000s?
Back then it was still the case that when you applied for a landline number, the entry in the phone book was made automatically. Somewhere on the application form there was an option to tick so that this did not happen. However, very few people did this.
In the 90s, when IT was still so much in its infancy compared to today, one could hardly imagine that problems could arise in the future. The first experience of how incredibly digital data processing can change our lives came with the telephone number CDs, which were a great thing in and of themselves. At last you could tell who was trying to call you by the number. How many times were families and marriages saved just because you could recognise your mother-in-law’s number before you picked up the phone?
…and the logical changes
In 2004, the Telecommunications Act stipulated that subscribers’ data could also be used in this way. The prerequisite was that the subscribers did not object to this. At that time, deadlines were also set and one could prevent the permission to pass on data by calling a chargeable number.
Millions of data of German citizens on a CD for 10 euros.
Today you also get data from millions of German citizens. What has changed is the medium – it is transferred to your PC via the airwaves and you can buy the data on the darknet rather than in a regular shop. By the way, you get the data from the hack of a customer database of a foreign airline that mainly offers flights to the Balearic Islands including “Malle”. This would have served us a big piece of the cake on the platinum platter.
Why so sarcastic?
Even when we go to the travel agency and still book a trip “analogue”, all the data ends up in the computer. The computer stores the data in a database, and the database, along with many other travel providers, belongs to a large travel portal provider for – yes, that’s right – travel agencies. And so the data is stored. Centrally. Maybe not even in your own country, maybe the server is not even on your continent. By the way, you have already given permission for this because you answered the question “We have to save the data, of course, in order to be able to book your trip. Do you agree with that?”…
Smart companies have quickly realised that with such data there is a real cash cow on the market. Selling customer data, addresses and buying habits as a product has in some cases taken on monstrous proportions and unfortunately not always to the customer’s benefit.
The GDPR and data security
Actually, it was long overdue that there had to be legal protection against the shenanigans. However, it is also clear to the legislator that there must still be possibilities for the digital processing of personal data. But the requirements for data security and data protection have become very strict and high fines deter the black sheep from making a quick buck.
On the entrepreneurial side, of course, the situation is somewhat different. Since the introduction of the GDPR, both data security and data backups are carried out with significantly more effort and should also be meticulously documented at all times.
On the one hand, it must of course be ensured that in one’s own company only those people are really allowed to work with the personal data that are necessary. Internally, this would be the personal data of employees, for example. The HR department and accounting department need this data very much. The field staff do not. Even if it would be useful from time to time to know the private mobile phone number and address of colleagues from the support team. No, they don’t want that and they shouldn’t. Excel-managed employee tables are taboo.
On the other hand, data, whether from internal persons or customers, must be stored securely. And in such a way that data cannot be accessed even in the event of a “hacker attack”. Since we move around on the internet these days and also make our resources available on the internet, such attacks can happen at any time, as Microsoft impressively proved to us with the latest Exchange exploit at the beginning of 2021.
Here, too, we should point out that there is now enough reading on how we need to handle this.
Rather less explained is the fact that data security or data protection compliance or realisation is not a one-time thing. Your data protection officer will not only sing you a song, but an entire opera when it comes to legally compliant data handling.
Docusnap as a comprehensive aid and facilitator
Processing of personal data (Art. 5 – GDPR)
You must be able to demonstrate compliance with the law. All systems that process personal data must be technically documented. Docusnap automatically and recurrently provides you with comprehensive reports on each system – without additional configuration. Create interactive maps and data sheets.
Directory of processing activities (Art. 30 – GDPR)
Yes, there is a duty to document and yes, there is a duty to update – this means your procedure directories must always be up-to-date and accessible at any time. Use Docusnap instead of Word and keep your directories continuously dynamic and up-to-date with our concept feature for processing activities.
Data Protection Impact Assessment (Art. 35 – GDPR)
To assess how you need to protect which data, you should know what structures, systems and services you have that need protection. This is where the Docusnap software solution helps you by providing a recurring, comprehensive and in-depth agent-free inventory.
Docusnap is therefore not only the basis for comprehensive data protection in your company, but ideally also the central inventory and documentation software, which is already fully tailored to your needs with countless reports and can be used immediately. Simply find out about the possibilities with Docusnap and try it out with the free trial version.