GDPR two years on: A view on data protection in times of crisis
May 28, 2020 – Munich: On May 24, the General Data Protection Regulation (GDPR) celebrated its two-year existence. Especially in the first few months, the regulation was perceived by all parties as a bureaucratic obstacle rather than an instrument for personal data protection.
But today, in times of social media and the habit of sharing even the most personal experiences and data with the world, this instrument is needed more than ever. Data is the digital gold of modern times and all companies are eager to promote and monetize this treasure. Consequently, a reliable and institutionalized protection of our right to informational self-determination is crucial.
Fundamental rights in times of crisis
Fundamental rights are curtailed in times of crisis. However, these restrictions must be closely linked to the expiration date of the state of emergency. Examples such as the US Patriot Act clearly show that the withdrawal of exemptions is by no means automatic. Those responsible do not want to revise the skills and insights installed in times of crisis. They have become accustomed to the advantages of far-reaching powers, just as the population has learned over time to tolerate or even ignore the cuts in their rights.
There is no question that a tracing app for tracking infection chains is an effective tool to fight the pandemic. But it can only be used on a voluntary basis. However, this voluntariness is based on the acceptance and trust of the population, which can only be guaranteed if the end of the measures is promised and the trustful handling and anonymization of the collected data is guaranteed.
GDPR & data protection while working from home
Another lesson from the crisis has to do with the digital work from home. Many companies and public institutions, such as schools and universities, have outsourced operations to online portals due to the quarantine. Video communication is the new everyday life, while company data and teaching material are circulating online on a large scale.
When choosing a provider, many companies based their decision on promptness reasons rather than care and attention. The need for a quick shift often did not give the decision-makers time to gain detailed insights into the data protection standards of the selected provider. However, concerns regarding adequate data protection are particularly appropriate for non-EU providers, since companies based outside the EU are not automatically bound by the GDPR. For example, a US company is obliged to grant the US authorities access to their customer data if necessary. The customer has no way of avoiding this—they usually do not even know their data is being disclosed.
We at uniscon hold ourselves to the highest standards and guarantee our customers that only they have access to their data, excluding even ourselves as service provider. All data stored in idgard and on the sealed platform is encrypted and only the customer has the key.
For further information contact us at email@example.com
uniscon — a company of the TÜV SÜD Group
uniscon GmbH is a company of the TÜV SÜD Group. As part of TÜV SÜD’s digitalization strategy, uniscon offers high-security cloud applications and solutions for secure, legally compliant data traffic. TÜV SÜD is one of the world’s leading technical service providers with over 150 years of industry-specific experience and more than 24,000 employees at around 1,000 locations in 54 countries. Within this strong network, uniscon is able to reliably implement large-scale international projects in the IoT and Industry 4.0 sectors with the Sealed Cloud and its products.
Further information on the company and its solutions at www.uniscon.com
uniscon GmbH, Claudia Seidl
80339 Munich (Germany)
Phone: +49 (0)89 / 41 615 988 104
Kafka Kommunikation GmbH & Co KG, Markus Reck
Auf der Eierwiese 1
82031 Grünwald (Germany)
Tel. +49 (0) 89 74747058-0
Fax + 49 (0) 89 74747058-20