Data Protection Academy » Data Protection Wiki » Data protection in the craft sector
Data protection in the craft sector
Craft enterprises must also implement the GDPR
We are only a small company with less than 10 employees. We are not concerned about data protection.
Data protection is an important and necessary cornerstone for every business. Craft enterprises are also affected by the General Data Protection Regulation (GDPR) affected and must implement them, regardless of how many employees are employed in the business. Craft enterprises are often characterised by a classic corporate structure whose data protection requirements should be implemented efficiently and effectively without influencing the operational processes too much.
In the operational processes, craftsmen's companies process the same as almost every other company, individual-related data. This processing is not only about protecting the data of your employees, but also that of your customers and business partners. Because even during the offer process, customers disclose personal data such as address data or telephone numbers.
The data protection supervisory authorities check in a spot check how this data is processed, stored or deleted in your company. If they discover serious violations, they are entitled to impose fines. Even ignorance does not protect you from punishment.
Special requirements for craft enterprises in the health sector
If craftsmen process particularly sensitive personal data, they may be obliged to appoint a data protection officer even if the company has less than ten employees. A risk assessment in the form of a data protection impact assessment must often be carried out.
External Data Protection Officer
You are welcome to contact us as external data protection officer (DPO) order. We also offer individual consulting services as well as audits and will be happy to provide you with a non-binding offer. You can find more information about our external data protection officers on our website.
Data protection in craft enterprises is not a one-off activity
We have already visited events and informed ourselves. That should be enough in case of a review.
Data protection starts with a stocktaking and requires regular action. The measures taken must be repeated and reviewed. Only then can you be sure that you are prepared in case of a data protection review by the supervisory authorities. This sounds elaborate and also seems complicated by legal requirements. Especially since the focus in the day-to-day business of craft businesses is on customer appointments and there is little time for topics such as data protection.
Essential data protection requirements for craftsmen:
-
- Appointment of a data protection officer
- Keeping a record of all processing activities,activities like:
- Payroll accounting
- Personnel administration
- Operation of the company website
- Customer administration
- Data protection obligation of all employees who handle personal data
- Publication of information and disclosure obligations to employees, customers or in the data protection declaration on the company website
- Execution of regular data deletions after expiration of legal retention obligations
- Conclusion of an order processing contract with e.g. the hosting provider of the company website
- Reporting of data protection violations to the responsible supervisory authority
The implementation of the data protection documentation minimizes the risk of being warned by supervisory authorities
The most important part of the data protection implementation is the documentation. Companies must document their data protection measures so that they can prove that data protection precautions have been taken in the event of an audit. We can reassure you. The basic data protection can be implemented within 2 hours with the right solution.
But even with this knowledge many
craft enterprises the question: Where do I start?
You are not alone with this question. Because often it does not seem easy to meet the legal requirements and there is not enough time to deal with the topic of data protection.
In response to these questions, we have developed a software solution that makes data protection implementation easy. With Robin Data Software you can create 80 % of your data protection documentation in just two hours. This is because Robin Data Software automatically configures much of the documentation just by specifying your industry. Sounds simple? It is!
- COVID-19 and data protection - March 25, 2020
- Data protection in the USA - part 3 of the delegation visit - December 6, 2019
- Data protection in the USA - part 2 of the delegation visit - December 3, 2019