A standardized data protection law is coming into force across the EU. But what does this new general regulation mean for Deutsche Telekom and its subsidiaries? Group Privacy has now drawn up a set of standardized rules for the Group as a whole: the Binding Interpretations.
Cloud services, the Internet of Things, connected vehicles: there is a host of new business models where, among other things, personal data are processed. And there are more on the way: digitization is, after all, one of the megatrends shaping our society. Personal data processing is to be governed in future by EU legislation, the General Data Protection Regulation.
"Laws always require interpretation. It is vital that we standardize our interpretation of the new legal basis for data protection in the EU. Otherwise there would be no point in having common rules and regulations at a European level," says Claus-Dieter Ulmer, Global Data Privacy Officer for the Deutsche Telekom Group.
After much wrangling the EU agreed on what it calls the General Data Protection Regulation. It was passed in May 2016 and comes into force in 2018. "That may seem like a long time, but the business models we intend to drive forward at that point must be adapted to the regulations now," explains Dorothee Schrief, who is in charge of the Binding Interpretations project.
The Interpretations give our colleagues in Data Privacy specific recommendations and examples of best practice. For example, what a customer consent must entail, or how customer data has to be deleted, if this is requested by the customer. Dorothee Schrief goes on to say: "We will continue to refine the Interpretations, and this will include all the practical experience we gain in the years ahead. Colleagues working on new data processing business models should always contact us, so that together we can ensure compliance with EU law.
The Interpretations as well as advice and support are available in German and English. They were put together in collaboration with data privacy experts in the national companies. The rollout will be managed by the data privacy officers in each country and by the 'bridgeheads' in the operating segments. Data privacy training will also be adapted to include the new content.