General Data Protection Regulations one year on: a status report

Published on 12.07.2019

The vast flood of cease-and-desist letters many had forecast and anticipated may have not hit us as yet: but according to Germany’s Federal Data Protection Officer Ulrich Kelber the number of data protection complaints and requests grew from around 400 per month in 2017 to around 1,370 (merely between June and December 2018). Consequently, the figure has more than tripled.

The awareness of data protection has significantly increased, solely as a result of the general data protection regulation (GDPR), generally applicable since May 2018. GDPR affects a host of online as well as offline activities. As a result, IT is also affected. For IT staff anything that is recorded digitally, databases, Intranets and/or anything that has been linked to the Internet is of central importance from a professional perspective.

Measures that all Internet users have noticed include an increased number of data protection and cookie notifications, enhanced data protection declarations, an omission or revision of forms as well as the now almost complete conversion of German sites from simple HTTP protocols to HTTPS encryption.

A sign of successful implementation is that the notifications of in-house data protection breakdowns have increased twelve-fold

The general data protection regulations seem to be having a positive effect on transparency. Many companies take their obligations resulting from GDPR seriously. According to the spokesperson of Berlin’s data protection authority, compared to 2017, twelve times the amount of data protection breakdowns and violations were reported by affected companies in the German capital alone.

International platforms and conglomerates are amongst the winners. They can now benefit from EU-wide, universal legal stipulations on the basis of the general data protection regulation. However, several small and medium-sized companies still have a mountain to climb. All in all, GDPR does not distinguish between freelancers, small service providers and groups of companies with tens of thousands of employees.

However, numerous small companies and institutions have only had to do very little. Protecting personal and/or sensitive data is actually in the interest of any company. And it goes without saying that this had been legally stipulated long before May 2018, without GDPR.

Still, some IT departments and freelance IT consultants put in quite some effort to support companies that had acquired other companies over the past few years. The consequences of mergers were often differing organizational IT structures. Many outdated IT systems and software also had to be revised or completely replaced, most of all in areas where it was not just possible to delete or separate data as part of automated processes.

Freelance programmers and IT consultant must particularly take this into account as part of data protection

We still very frequently come across data protection violations that are very easy to eliminate. For instance the contact details of app providers often do not list a postal address, phone number, or data protection declarations. Or relevant declarations are not available in the corresponding language. One big issue is the illegal, unnecessary collection, saving, or processing of device IDs. Within the context of apps for smartphones and tablets, as with general customer and user data management, the specifications state that data must be collected and processed sparingly and privacy by design is the maxim.

Elementary for IT freelancers: Data protection also when sending emails

Personal data also includes email addresses, especially if they feature complete names of third parties. Anyone publishing such addresses or publishing them without consent is violating the general data protection regulations. If in doubt, double-check or email each person individually. Consequently, check distribution lists that are visible to other recipients. This is something IT freelancers, SAP consultants, and freelance programmers must particularly take into account. Even if you are not subjected to a legal dispute: it has long since become standard procedure and underlines your professional character.
Committed IT freelancers keep their clients in mind when it’s about data protection. We recommend you already consider GDPR when you design apps, websites, and other services.

Looking for jobs or projects?

Find exciting jobs or projects