Changes with the General Data Protection Regulation
The General Data Protection Regulation (GDPR) has been in effect since May 2018 and thus applies as a uniform data protection law for the entire European Union. On the one hand, this provides for significantly stricter deletion obligations (including in Art. 17 DSGVO "right to be forgotten") and on the other hand, companies face fines of up to 4 percent of global turnover up to 20 million euros, whichever is higher. Companies must then prove in disputes that they have implemented the requirements of the GDPR.
Legal deletion regulations
Deletion regulations primarily result from § 35 BDSG, but can also follow from other laws (e.g. § 15 para. 7 TMG). Sometimes a legal analysis of the process steps is also necessary, because in addition to legal deletion obligations, there may also be contractual obligations ("When was the respective service provided?; Are possible claims time-barred?").
However, the creation of a deletion concept is not an end in itself, but ensures that a company complies with its legal obligations, that there is no inadmissible retention of data, so to speak. The principle of data economy, which is a requirement for the entire data processing process, underlines the deletion requirements in the BDSG. It is often forgotten that the BDSG is a prohibition law with a reservation of permission.
Entwicklung eines Löschkonzepts
Ungeachtet dessen kommen Unternehmen nicht darum herum, Löschkonzepte und Löschroutinen zu erarbeiten und zu implementieren. Dazu ist es unter anderem erforderlich, vorhandene Datenarten zu identifizieren.
In order to be compliant for the above-mentioned change to the General Data Protection Regulation in May 2018, we have developed the "Privacy" feature.
Here you can implement the mandatory deletion concept for your SocialHub:
When am I affected by this change as a company?
Everyone is affected by this, as we are dealing with users' private data in the social media area.
In order to be compliant with the regulations, we have sent you the new data processing contract. If you have not received it, please ask for it at email@example.com.
As an agency, do I have to pay special attention to anything?
As an agency, you not only need the data processing contract with us, but you should also have corresponding contracts with your clients or contractual partners.
Do I have to sign this contract from you?
You are legally required to sign and conclude this contract with your contractual partners in accordance with Art. 28 DSGVO.
After how many days should I have tickets deleted?
You can decide this yourself according to your company guidelines. We give you the possibility to choose all time periods.
Who should receive the annual extinguishing report?
Your data protection officer should receive this report.
What happens if an individual fan insists on the deletion of his or her data?
You can delete user data completely:
If you have any questions, please do not hesitate to contact us at firstname.lastname@example.org.