Dear shared folder users and email lovers, here is the GDPR

The key challenge in ensuring the compliance of personal data protection lies in creating an appropriate process for the handling of personal data and establishing responsibility for it.

Dragi uporabniki skupnih map in ljubitelji e-pošte, tu je GDPR

Today, personal data appears in all key business processes, and as a rule also in documents that are created in the implementation of these processes. Some documents are properly protected and stored, while others are often shared by employees via email, online file-sharing services, and other cloud storage, or placed directly in shared folders on a network drive.

Varstvo osebnih podatkov zahteva celovit pristop

If we do not establish a comprehensive overview of all personal data, that we process, we as data controllers do not act in accordance with our responsibilities and obligations.

What are the responsibilities and obligations of the personal data controller?

  • Protecting the rights of individuals who have entrusted us with personal data
  • Implementing appropriate measures and policies for the protection of personal data
  • Ensuring the legality and security of personal data processing
  • Selecting an appropriate personal data processor

Even in more regulated environments, it is difficult to ensure compliance with personal data protection if employees are not aware of the importance of personal data, do not understand or accept the need for confidentiality and do not respect the rights of data subjects, most of whom are our customers and partners. Therefore, the protection of personal data cannot be the sole responsibility of a lawyer or the task of the IT department, but requires a comprehensive approach and the involvement of participants from different fields.

Challenges of ensuring the compliance of the information system

The issue of compliance of information systems with the GDPR regulation is probably the easiest and fastest to solve. Nevertheless, we must not underestimate the challenges of ensuring compliance in this area.

We can also help ourselves with the following questions:

  • Whether and how personal data is secured so that it cannot be disposed of, in solutions, databases and in file storage?
  • Do we share personal information via email or cloud storage?
  • Are the roles and rights of information system users set in such a way that only authorized persons can access personal data?
  • How do we exercise the data subject's right to be forgotten?
  • How comprehensive is the audit trail regarding the behavior of users, administrators, and other systems?

Data subjects have the following rights:

  • right to erasure,
  • right to restriction of processing,
  • right to object,
  • right to transfer data,
  • right to withdraw consent.

These and other related issues are especially important when deciding to use new software solutions. Then it is worth making sure we choose properly certified tools and services. Otherwise, we must pay attention to these issues in the event of changes in our information system, new jobs and the departure of employees.

Want to know more? Contact us!

Grega Vozel

Grega Vozel acts as the Personal Data Protection Officer (DPO) for Mikrocop and its business partners. In his work, he strives to ensure the highest ethical and legal standards. He does not accept compromises when it comes to the protection of personal data of customers and employees.