What obligations do I have as a company when processing data?
December 4, 2022 | 50,00 EUR | answered by Tobias Helbig
Dear Data Protection Lawyer,
My name is Quentin Hohenadel and I am the managing director of a small company specializing in the sale of IT services. Lately, I have heard more about the new data protection regulations and now I am wondering what obligations my company has when processing data.
So far, we have only used customer data for internal purposes, such as issuing invoices and providing customer support. We store the data on our own servers and ensure that they are securely protected from unauthorized access. However, I have heard that there are other regulations that we as a company must comply with.
My concerns mainly lie in the possibility that we might overlook something and thus violate applicable law. Therefore, I want to ensure that my company meets all legal requirements and faces no legal consequences.
Can you please explain to me what specific obligations my company has when processing data? Are there any specific measures we need to take to adequately protect our customers' data and comply with data protection regulations? I thank you in advance for your help and look forward to your expertise in this area.
Sincerely,
Quentin Hohenadel
Dear Mr. Hohenadel,
Thank you for your inquiry regarding the data protection obligations of your company in relation to data processing. As the managing director of a company specializing in the sale of IT services, it is indeed important to familiarize yourself with the new data protection regulations and ensure that your company complies with all legal requirements.
First of all, it is positive to hear that your company has already taken measures to protect customer data from unauthorized access. This is an important step towards data protection and data security. However, there are indeed further regulations that your company must comply with in order to meet data protection requirements.
First and foremost, you must ensure that the processing of customer data is lawful, fair, and transparent. This means that you may only use the data for the purposes for which it was collected, and that you must inform customers about how their data is being used. This is usually done through a privacy policy, which should be available on your website.
Furthermore, you must ensure that the data you process is accurate and up to date, and that it is adequately protected. This includes taking appropriate technical and organizational measures to protect the data from loss, theft, or unauthorized access. This may include regular security checks, encryption of sensitive data, and training your employees in handling personal data.
You should also make sure that you do not store the data longer than necessary and that you properly delete the data of customers who are no longer in contact with your company. This not only serves data protection purposes, but also complies with the data minimization and storage limitation principles.
In summary, as the controller responsible for processing customer data, your company has a duty to protect the data in accordance with data protection regulations and respect the rights of the individuals concerned. By taking the measures mentioned and ensuring that your company complies with applicable laws, you can avoid legal consequences and maintain the trust of your customers.
I hope this information helps you fulfill your data protection obligations and I am happy to assist if you have any further questions. Thank you for trusting my expertise in this area.
Sincerely,
Tobias Helbig
Data Protection Lawyer
