Since the beginning of 2022, companies have had to request and submit numerous documents digitally. This poses new challenges for operational data protection, since the GDPR must also be observed.
Since this year, companies have had to request numerous documents from their employees as digital documents, for which paper form was previously sufficient. The Hamburg-based data service provider TeamDrive points out that this is all personal information that must be stored in accordance with the General Data Protection Regulation (GDPR). On the one hand, this includes employee documents such as membership certificates, notifications or other notifications from the health insurance company or enrollment certificates for working students. On the other hand, this also affects documents created by the employer, such as records under the Minimum Wage Act and the Posting of Workers Act.
Storage only digital
The basis of the new digitization requirements is the Seventh Law amending Book Four of the Social Code and other laws from 2020, which stipulates that employers may only keep certain accompanying and explanatory documents on remuneration in electronic form. According to article 18 paragraph 7 of the law, this has applied since January 1, 2022.
TeamDrive Managing Director Detlef Schmuck explains: “Many employers still keep these documents, at least in part, in paper form. A transition period until 2026 is planned for this. Nevertheless, it is high time that company IT was fundamentally geared towards storing and managing as much information as possible and ideally all of it in such a way that it meets data protection requirements. The previously common differentiation between personal and other data is becoming increasingly confusing, so it is advisable to treat all data in compliance with the GDPR.”
IT conversion to GDPR is faster than extending the deadline
Companies that want to take their time until 2026 for the changeover must submit an application to the responsible inspection service of the German pension insurance. "It's quicker to put our GDPR-compliant data service TeamDrive into operation than to fill out the application form and wait for confirmation," says Detlef Schmuck with a smile. The data service is available for download on the Internet at https://teamdrive.com/download. You can test it for 30 days free of charge. Long-term use costs just under five euros per workstation per month.
GDPR, GoBD and Cybersecurity covered
TeamDrive is a so-called sync & share service that allows any number of computers, tablets and smartphones to access a common database in the cloud, with all data being protected in accordance with the legal data protection requirements. The service works with common application programs from Microsoft, IBM, Oracle or SAP. In addition to the General Data Protection Regulation, the data service also complies with the "Principles for the proper management and storage of books, records and documents in electronic form" (GoBD). This means, among other things, that all access to the data or changes to the files can be logged in a traceable manner. "The traceability is practical in any case in an increasingly digital day-to-day business," says Detlef Schmuck. This applies in particular when joint data rooms are set up with customers, suppliers or other business partners, which TeamDrive enables with just a few clicks.
In addition, TeamDrive provides effective protection against data loss and cyber attacks. If information is lost on company computers, it is still available in the cloud. Since all information is encrypted throughout, even data thieves cannot do anything with the loot because the stolen data is unreadable for them. TeamDrive works according to the so-called "zero knowledge principle"; This means that the provider itself does not have any keys to customer data. Even a cyber attack on TeamDrive would not result in customer data falling into the wrong hands in readable form.
More at Teamdrive.com