However, the wave of lawsuits feared initially has so far failed to materialise, as a very large number of companies have adapted to the GDPR and taken the necessary precautions. But this may also be due to the fact that the wheels of justice turn slowly: and so the first penalties will also only be imposed slowly. For instance, in Germany a police officer was fined EUR 1,400 recently for using his position to obtain a woman’s contact details. He used a car registration to search for her personal data in the internal database and phoned her, which is clearly in violation of the GDPR.
Incidentally, it seems this regulation has become a good way of earning money, too. Besides law firms specialising in data protection, civil rights organisations and associations have also now committed themselves to data protection. IGD Interessensgemeinschaft Datenschutz e.V. , which operates as a representative of citizens in matters relating to business operators and companies, was founded recently and has already hit the headlines due to the fact it’s been issuing warnings. The warning received is accompanied by an invoice. Whether non-governmental organisations are allowed to issue such warnings hasn’t been clarified as yet, but in any case this association isn’t legitimised to do so. If you receive an invoice from this organisation or any similar body, don’t pay it. Contact a data protection officer or a public authority for information first.
What else is there? Data retention – no thanks!
The EU Council recently tasked the EU Commission with discussing the repealed 2014/2016 data retention regulations. In this context, reference is made to the storage of certain data such as call logs, location data and classification of the IP address used at a specific time, as well as passing on this information to authorities. This law was repealed back then as it’s illegal to store data without justification on individuals who aren’t suspected of any crime.
But how is data retention compatible with the General Data Protection Regulation, and are there strong arguments (counter-terrorism measures were cited at the time of its introduction) to justify such retention? This is precisely what the Commission is to investigate – what data is required by the authorities, and how could ‘legal’ implementation of data retention be structured? Furthermore, the EU also has an ePrivacy regulation on its agenda that’s designed to protect citizens, particularly online. Data retention restricts the right to keep communications confidential and thus has entirely the opposite effect to the ePrivacy regulation. How all this fits together and maintains compatibility with the fundamental rights of the EU and the individual member states now has to be clarified. So, things are looking exciting – stay tuned!
The fact that individual EU member states have interpreted the law differently is still resulting in uncertainty. Among other things, the German parliament is discussing easing up on the GDPR for small companies and associations, for instance. For example, a data protection officer should only have to be appointed if a company has 20 or more employees (previously, companies were obliged to appoint an officer if they had 10 or more employees working with personal data). In Austria, data protection should even have to yield if it restricts freedom of expression
Many questions remain unanswered, but we can guarantee you one thing: with the IACBOX, you know you’re erring on the side of caution given the current legal situation. It offers data-saving and privacy-friendly basic settings, as well as deletion and anonymisation functions and data protection information for end users. And with the add-on Privacy Toolkit module, you also have options to create an individual data processing directory that takes into account specific login methods and database connections, as well as convenient options for privacy by design/default pre-settings, confidentiality and order processing agreements, checks, help texts and access logging. The technical design of the module is such that the IACBOX development team can react promptly to changes. So your guest WiFi solution is always up to date and you’re always on the safe side.