Legal exceptions
However, outside of consent, there will continue to be legal permissions that justify data processing without consent . These include, for example, processing to execute a contract, to fulfill a legal obligation and processing to protect the legitimate interests of a company - provided that the interests and fundamental rights of the users concerned do not outweigh them.
In case of doubt, however, the user's personal rights will continue to take precedence, which is why many new (and existing) business models cannot be justified on this basis. For example, the processing of names and addresses is still permitted if this information is required for the shipping of goods. In the future, however, user tracking will hardly be justified without the user's consent. In this case, the user's personal rights generally prevail. Digital business models must therefore think carefully about which personal data they are even allowed to use without their express consent.
The EU General Data Protection Regulation contains singapore number dataset two major innovations in technical data protection:
complete security for company and software - AGNITASFirstly, those responsible will be required to use data protection-friendly technologies in the future ( “Privacy by Design” ), and secondly, products or services must be offered with data protection-friendly pre-settings ( “Privacy by Default” ).
Companies must then design their data processing in such a way that, by default, only personal data that is necessary for the specific processing purpose is processed. As an example, the GDPR mentions pseudonymization as a possible measure for data minimization.
principle of data minimization
In addition, software providers are required to observe the principle of data minimization using technical default settings. This extends to the amount of data collected, the extent of processing, the storage period and accessibility (by third parties). Failure to comply can result in heavy fines. The new regulations are clearly aimed at the processing practices of social networks. In the future, these networks will be obliged to select the smallest possible group of recipients within the framework of their default settings. However, all other types of companies are of course also affected by the stricter regulations.
For the practice of email marketing, this means that when collecting registration data, for example, more attention must be paid to whether this information is required for the service. In addition, technical data protection could also have an impact on automated click tracking.