(Part 3/4) In times of digitisation, countless opportunities are emerging for businesses, as well as completely new risks. “Data is the oil of the 21st century”, many people say. To further control the commercialisation of personal data and to limit incidents such as Cambridge Analytical and Facebook in the future, the European General Data Protection Regulation (GDPR) came into force on 25 May 2018. This regulation affects every member state of the European Union and is therefore binding for everyone. The impact of the GDPR on the handling of data is immense. Since the entry into force, however, there has been great uncertainty concerning the interpretation of the regulation. We will shed some light into this darkness and clear up with 8 common misunderstandings.
Is the use of messenger services on the business mobile compliant with the GDPR/harmless regarding data protection?
No. Messenger Services such as WhatsApp have access to the phone’s address book. Thus a transfer of personal data occurs by the user without the consent of the affected person. Some bigger companies, such as the automotive supplier Continental, are already taking steps in the right direction and are banishing WhatsApp from their employees’ business mobiles as a precautionary measure. A less drastic solution would be the use of WhatsApp without allowing access to the phone’s address book, but this would also mean significant restrictions for the user.
Can companies no longer ask for the applicant’s hobbies in application forms?
Yes. The principle of data minimisation applies. This means that as little data as possible should be collected and processed. Also, only that kind of data may be collected that is necessary for the particular purpose. Information regarding the applicant’s hobbies is objectively not relevant for the application. These questions can be discussed in a personal interview.