It entered into force on 25 May 2016: The General Data Protection Regulation -GDPR. Now, two years later, it will come to force and replace the existing Data Protection Directive 95/46/EC. It will not completely change the data protection law within the European Union, but it will further tighten and standardize it. In practice, this means a considerable effort for all those who work with personal data.
For companies, new transparency and information obligations are derived from this, which must already be taken into account when introducing or exercising new technologies or working methods (privacy by design/by default). You must therefore document exactly which data is stored in a process by a person, who can call it up and delete it if necessary and prove that these steps have been taken. Violation of the new requirements could result in severe penalties of up to EUR 20 million or 4 percent of total global annual sales. Compliance is monitored by the EU data protection supervisory authority and the courts.
Digital tools and technologies based on digital processes and comprehensive workflows can help reduce manual effort and costs. At the same time, automation creates traceability and security for everyone involved. We have selected six examples of GDPR-compliant digital processes with JobRouter® to illustrate this added value:
A JobRouter® process automatically compiles this data - even from different sources (systems, databases) - and transmits it directly. For example, the process could be initiated automatically using a form on the website, which would greatly reduce the processing time. The customer would have security with respect to his/her data and the company would be able to confirm that it has fulfilled its information obligation .
With a JobRouter® process, this is easy to achieve. It controls these steps automatically and sends a confirmation e-mail to the applicant at the end. JobRouter® checks which data is stored in connection with the person, where the data are located, and how or by whom they were used - as well as during the requested data inspection. These data/documents can then either be deleted automatically or logged and output by an administrator.
JobRouter® can be used to handle processes such as application management completely in one platform and send files to employees, save them and delete them as soon as the legal retention period is reached. It is possible to black out critical content for certain employees or to incorporate further release levels. Thus, all data is always administered in JobRouter®, does not leave the system and can be managed automatically. The company does not have to take care of administration, but receives full security and control.
With JobRouter® as a central platform, automated workflows can be set up that retrieve and delete information from various systems and databases at predefined times. It is possible to differentiate between the data content and the deletion obligation and to thin out the data master step by step until no more personal data is available. For example, it can be very useful to delete the buyer's credit card information or bank details after a successful payment, but to store purchase information for warranty purposes until the expiration date. With JobRouter®, this challenge can be met very easily and cost-effectively with simple time controls and consistent data maintenance in the corresponding systems.
This and similar processes can be implemented very easily with JobRouter®. After a predefined period of time, an automated e-mail or message is sent to the customer with information on what data is available about them. This can be combined with a query asking if the customer would like to continue using the services and, if yes, requesting further data. The company can create trust through this open communication and data transparency. Without any added effort, customer satisfaction is increased and data protection regulations are not only adhered to, but can become an advantage.
Regular audits and good documentation of all processes, process owners, participants, and stored and used data are needed to meet with this requirement. JobRouter® simplifies all these tasks. All JobRouter® processes are automatically documented at all times and contain all information about the planned process flow as well as process access and all subsequent steps. This means that all processes can be certified without any added effort and thus simplify the audit obligation. Audits can be successfully carried out and completed within a few hours.
What would you like to do next?
Buy a Solution Template
You want to get started right away? This process already exists as a ready-to-use solution for implementation. We quickly and easily adapt the standard to your requirements and your company structure.
- Solution Template
GDPR-compliant processes with JobRouter®
The JobRouter® "GDPR" Solution Template makes it possible to process requests for data inspection and data deletion quickly, traceably and clearly through a semi-automated process.
- Solution Template
Automated contract management solutions
An optimally defined contract management process supports the whole client lifecycle, covering all steps including, editing or requiring contract data.