Home | Infocenter | Newsletter | Archive | Newsletter 2018 | Edition 07/2018 | Our “Six Point Plan“ for the new EU GDPR

Our “Six Point Plan“ for the new EU GDPR

Point 1: Documentation Obligation

Since end of May all companies are obliged to comply with the legal regulations of the EU GDPR. Already in the last newsletter we pointed the measures which companies should take to comply with the requirements of the GDPR out and introduced our “Six Point Plan“ the most important aspects of the EU GDPR shortly.

We would like to introduce this plan in detail and to show how to implement the contents of the regulation with windream in a new series of our newsletter.

Point 1. Documentation Obligation ►Comply with windream

The regulation demands a comprehensive and transparent documentation of all processes related with personal data. It is not specified HOW the logging needs to be executed, but using a specialized software for information management like windream has many advantages.

The ECM system is able to profit from its strengths in this scenario. Especially the aspects “limited access rights via a restrictive rights concept“, “complete transparency of document-related processes“ or adequate blocking or deleting of personal information are directly linked with the requirements of the EU GDPR.

What Exactly Needs to be Logged?

Die EU GDPR demands numerous loggings which directly arise from the single articles of the regulation. For example an overview over processes needs to be created. This overview needs to show where in the company personal data are processed, who processes these data and where they are saved. Furthermore, all technical, organizational measures the company takes to minimize the risk of data protection violations as well. As technical conditions tend to change quite fast, it is of great importance as well, to document these changes in the descriptions of the “TOMs“ as well.

As the processing of personal data needs to be legitimized by a written consent of the affected persons, the written declarations of consent need to be logged, managed and archived as well. That is of course very conveniently possible with windream especially provided that logged dec-larations of consent (but also rejections!) may only be visible for authorized persons (for exam-ple for the data protection officer). The same refers to deletion processes if for example an af-fected person demands to be unsubscribed from the newsletter. This process needs to be doc-umented as well. After that, the deletion needs to be confirmed to the affected person. All pro-cesses and communications connected with that need to be documented.


Further Information

windreamNews 07/2018
[452 KB]