What is the EU-DSGVO?
The Basic Data Protection Regulation (DSGVO) is a regulation of the European Union.
It was published on 04 May 2016, entered into force on 24 May 2016 and is applicable from 25 May 2018.
The Basic Data Protection Regulation regulates the processing of personal data by private companies and public authorities throughout the EU. The aim is the protection of personal data and the free movement of data within the European internal market. Naturally, this also applies to publishers of daily newspapers, advertising journals and weekly newspapers.
The DSGVO replaces the previous “Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data”.
According to EU documents, the regulation has the following designation:
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND THE COUNCIL
of 27 April 2016
on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (the basic Regulation on data protection)
The full text of the Regulation can be found on the EU website at the following link in different languages: EU-DSGVO (external page).
Short papers of the Data Protection Conference* (DSK)
Under the following link you will find the previously published short papers on the GSGVO on the website of the Federal Commissioner for Data Protection and Freedom of Information.
Quote from Barbara Thiel, current DSK Chairwoman and State Commissioner for Data Protection Lower Saxony: “These short papers serve as a first orientation as to how, in the opinion of the Data Protection Conference, the Basic Data Protection Regulation should be applied in practice”.
Short papers of theDSK (external page)
*The Conference of the Independent Data Protection Authorities of the Federal Government and the Länder is a voluntary association of independent official data protection officers.
What you should know
The conversion of your company to the DSGVO is an important task that should not be underestimated in terms of time. You should send at least one person to your company for appropriate further training and set up an internal project which will deal intensively with the DSGVO and set up your company in an audit-proof manner. Particularly for daily newspaper publishers and companies that carry out payroll accounting, subscriptions, payroll accounting or, in the case of advertising newspaper publishers, also data from advertising customers, result in a great deal of personal data, which can be affected by these changes in data protection.
How does HUP AG help?
On the software side, HUP AG, the software used by our customers for daily newspaper, ad and weekly newspaper publishers, as well as our software comet for payroll accounting via patch, will be extended by functions that will help you in everyday practice – after the introduction of the DSGVO – to respond to the requests of your own customers accordingly.
The DSGVO extends the right of natural persons to impose stricter requirements on companies and authorities that use, process or store personal data and – if desired – to oblige companies and authorities to transfer or delete data and to provide information on the type and content of the stored personal data.
Implement or ignore?
Compliance with the DSGVO is urgently recommended, as violations can result in severe fines of up to EUR 10 or 20 million.
A rough overview of tasks – what, where and why?
The “supervisory authorities for data protection in the non-public sector” have summarised the upcoming tasks in a 10-point paper:
1. raise awareness
2. take stock
3. examine the legal basis
4. pay particular attention to the personal data of children
5. implement data protection through technology design and data protection-friendly default settings (“Privacy-by-Design” and “Privacy-by-Default”)
6. check contracts
7. implement data protection impact assessment
8. organise reporting and consultation obligations
9. implement rights of data subjects and information obligations
10. organize documentation
You can find the document as PDF here: 10-point paper (external PDF)
Under the DSGVO, companies must compile a complete list of their processing activities, since, for example, the existence of consents (Art. 7 para. 1), the correctness of the entire processing (Art. 24 para. 1) and the results of data protection impact assessments (Art. 35 para. 7) must also be documented.
All information provided here has been determined and researched to the best of our knowledge and belief. Nevertheless, all texts, documents and references are for your information only, are not legally binding and without guarantee. All links were checked at the time of publication. A permanent review of the validity of the links