Published 6. August 2018

GDPR: A checklist for freelancers – part 1


Since May 25th 2018, the General Data Protection Regulation (GDPR) has been in force throughout the EU – we have already published a detailed article regarding this topic. Nevertheless, there are still many questions left: What exactly do our customers, ie. freelancers and individual entrepreneurs, have to pay particular attention to? Especially with them, the new regulations lead to some questions and uncertainty. Therefore, we have put together a small checklist to make your life with the GDPR a little easier.*

What is the GDPR about?

The GDPR is not really a novelty, because it has been valid for two years. However, the last two years have been considered a transitional period in which freelancers and companies have been able to adapt to the changed legal requirements. Since the end of May these regulations are valid law now and must therefore be complied with. But: The regulations on data protection, that were valid in Germany so far, were already very extensive. That means that freelancers and companies in Germany are already familiar with the subject of data protection. And thus have advantages in implementing the now required extensions of the law.
These concern primarily the so-called “victim rights“ (Betroffenenrechte). In short, this means that all personal data of persons who are in contact with a freelancer or company, will be better protected by the new regulations of the GDPR. Freelancers and companies are therefore obliged to prove that they comply with these legal requirements. This is usually done through documentation and evidence in the workflow. Both are explained in this article.

The GDPR and the personal data

Personal data that should be specially protected by the new regulation of the GDPR include, for example, name, address, telephone number and e-mail address. These data must be protected against access by unauthorized persons. And that has to be guaranteed by freelancers and individual entrepreneurs. Because entrepreneurs or freelancers who do not comply with the legal requirements, can be prosecuted. The national supervisory authorities impose fines if the regulations are violated. Ultimately, a fine of four percent of total sales (worldwide) or up to 20 million euros may be due for particularly serious breaches of the regulations.
But the GDPR is no reason to panic: Anyone who gets a little information and implements the basic rules is already well prepared. Of course, it depends on the specific starting positions of each freelancer, which regulations have to be used in particular.

The GDPR checklist

1. website
Customize the privacy policy and the legal notice regarding the rights on your website, as we have already described here. According to the GDPR, both subpages must be accessible quickly and easily from the start page; the recommendation here is a maximum of two clicks. By the way, your Xing and LinkedIn profiles should also include an imprint and a privacy policy. Both can be easily created in your profile details.

2.  information requirements
Adhere to your information requirements. When collecting data, you must also inform your customers that they can object to the data processing at any time. In addition, your customers have the right to view the data that you collect whenever they want to. Furthermore, it must be clear which person is responsible for further information.

3. Do you collect Data?
After this first step, you should check if you collect any personal data. This may be the case when working with Google Analytics. But also contracts which you receive by email, can count. If you come to the conclusion that you collect and store personal data related to your users, you should have a look at the following:

  • What kind of data is collected? As a first step, write down what kind of data you collect from customers and prospects and how you process them. Do you use a time recording system, CRM or do you count your website visitors? All this should be recorded. It also includes the following questions: Do you use digital services such as a cloud, store the data on your hard disk, or use analog systems such as folders and index cards to store your customers’ data?
  • How long is the data stored? Rule of thumb: Save the data no longer than necessary and have an explanatory sentence ready in your privacy policy on your website. To delete the data, you should create a deletion plan. All data that is no longer needed must be deleted. That is regulated in the so called „Right to be forgotten“. However, you must observe the statutory retention requirements before deleting. As a rule, it is good to save the data (depending on the type) between six and ten years, as also defined in the German Commercial Code (HGB) and tax law.

* This text has been carefully researched and made to the best of our knowledge. Nevertheless, it can not replace legal advice and does not claim it.

Your comment on this article
Thank you!
An error occurred
To our jobsearch