The declaration of consent of the customer is present, the data is collected, but what happens to the data now? The DSGVO prescribes the security of the processing, which means you are responsible for the fact that the data of your customers are stored safely and documented in accordance with the law, so that no third party has access to it. The more sensitive the data, the greater the care must be. Therefore, you are required to take technical and organizational measures (TOM) to ensure this data protection.
A good TOM template, with which you can check your security steps, has been created by the Professional Association of Data Protection Officers of Germany (BvD) eV, which you can see here.
This is important
To TOM include the pseudonymization of the data, for example, replace the e-mail address with a customer number; Encryption of the data by e.g. Passwords to prevent unauthorized access; Ensuring confidentiality – how do you ensure that only authorized persons have access to the data ?; Ensuring integrity means ensuring the data is accurate; Ensuring availability, means what happens to the data in case of power failure?; Ensuring the resilience of the systems means regularly checking their own system for possible unprotected sites; A process for restoring the availability of personal data after a physical or technical incident – so how do you restore the data ?; Procedures of regular review, evaluation and evaluation of the effectiveness of technical and organizational measures – how do you check your data security measures?; Written documentation of other measures: Are employees informed about the data protection instructions and is there an IT security certification?
Order data processing – what should be noted
Order Data Verifiers are people you work with and who have access to your customers‘ data, such as the accountant, but also Google Analytics. They must show you that they also perform TOM. In any case, have this confirmed and handed to you. In the event of a claim, you are responsible if your data processors do not properly handle your customer data.
Any questions about this topic? Then write us and we will be happy to research for you.