Basic information on the subject of GDPR and the appointment of an external data protection officer by matelso GmbH.
According to GDPR, “contract data processing” (ADV) is now called “data processing”.
Contract data processing is of course nothing new and was previously regulated under Section 11 of BDSG (Federal Data Protection Act). But with GDPR, there are now standardized European requirements for data processors.
IMPORTANT TO KNOW: WHAT EXACTLY IS CONTRACT DATA PROCESSING?
Contract data processing is the “collection, processing or use of personal data by a contractor (natural or legal person, authority, institution or other body), which processes the data on behalf of the data controller).”
- Use of an external customer center (e.g. call center)
- External newsletter provider
- Cloud Computing
- Use of external companies for marketing
- External data center
Important: With contract data processing, the Customer is the primary point of contact for data subjects and is responsible for compliance with the data protection regulations.
But: According to GDPR, the Contractor (i.e. the data processor) now also shares responsibility.
Data processors must, e.g.:
- create a directory for all categories of processing work performed by contract
- cooperate with the supervisory authority
- take technical and organizational measures to ensure data security
In addition, the data processing contract now no longer necessarily has to be completed in writing. In accordance with GDPR, data processors and Customers can now also complete the contract electronically.
THE DATA PROTECTION OFFICER AND GDPR
There are also many questions regarding data protection officers in connection with GDPR:
- When is a data protection officer a requirement?
- What is the process for appointing a data protection officer?
- What are the tasks of a data protection officer?
WHEN IS A DATA PROTECTION OFFICER A REQUIREMENT?
The General Data Protection Regulation regulates the duty to appoint a data protection officer throughout Europe in GDPR Article 35 et seq. The duty to appoint a data protection officer essentially results from 3 areas:
- You process particular categories of data in accordance with GDPR Article 9, or
- Your “core activity” concerns the “extensive, regular and systematic monitoring of data subjects”
- More than 9 people are involved (as employees or freelance staff) in the automatic processing of personal data.
If any of these points applies to you, you will require a data protection officer.
matelso GmbH’s data protection officer is:
Dr. Ing. Reinhold Scheffel
53332 Bornheim, Germany
WHAT ARE THE TASKS AND RESPONSIBILITIES OF A DATA PROTECTION OFFICER?
The data protection officer monitors compliance with data protection principles in the company and manages the processing directory. He or she is also the interface between IT Marketing and Business Management and is the point of contact for customers and the data protection authorities in the event of questions regarding the handling of personal data. As the data controller, the data protection officer is also fully responsible for data protection questions.
WHAT IS THE PROCESS FOR APPOINTING A DATA PROTECTION OFFICER?
Before GDPR, the data protection officer always had to be appointed in writing. According to GDPR, the appointment of a data protection officer now no longer requires the written form. A “signed contract” is therefore no longer necessary; GDPR only speaks in general about a “designation”.