Every day the GDPR gives its greetings

Guest contribution by | 25.05.2018

You have certainly experienced this in this or a similar form in the last few days: The manufacturer of the washing machine asks if you are still interested in his news, the hotel portal of your choice wants a confirmation that their information will continue to be desired by you, your professional contacts ask for the statement that you want to continue receiving your “subscription”. There is always an apologetic reference to the new General Data Protection Regulation (GDPR). At some point it started to get on one’ s nerves and no matter who wrote to you, you simply did not confirm any more.

Farewell to economic efficiency

I actually stumbled across the topic 4 weeks ago and rather by chance because of such a newsletter inquiry of an university and – thank God – my tax consultant had some well prepared information for me. So I took care of it, made friends and colleagues aware and certainly invested more time than a small business can afford. At first, many of my independent colleagues and friends refused to deal with the topic at all, but in the end most of them became nervous and invested and implemented much more time than is actually appropriate for the work and turnover of such a company. I have that in common with all colleagues I know, the whole thing was not economically affordable, and we could only recognise the assistance of official bodies to a very limited extent. I cannot imagine what all this has triggered or should have triggered in the sectors of small physiotherapy practices or local craft businesses.

The daily madness

At the same time I get a hint on Facebook that a friend of mine “liked” the advertisements of a colourful fashion chain, which she still denies angrily after another check, Mr. Zuckerberg embarrasses the MEPs, and today I hear in the news that various online pharmacies have set up such insecure order shops that you can read out customer data down to bank details via a simple hack of the Sesssion ID, not to mention health data.

Based on my group experience, I am sure that the large companies have long since put many years of employees into the implementation of the GDPR in order to be secure. And in any case: warnings against such financially strong and legally perfectly positioned companies hardly have a chance and state penalties are reduced to a manageable level by consensus because of the threatened jobs. Will not be any different with the GDPR.

Something has gone wrong, even if the Federal Data Protection Commissioner Andrea Voßhoff more than just praised the regulation on the morning of 24 May 2018 on RBB-Inforadio and even described it as an “opportunity for companies”.

In any case, based on my experience in the pharmaceutical industry, in which official regulations have always been an issue, I did a risk analysis and then decided not to take part in everything and then documented this decision in full compliance with the regulation.

Of course, also my data protection paragraph is now as long and incomprehensible as that of all web presences that I see – well, somehow this doesn’t seem compatible with the aims of the GDPR, but everyone advises it – and of course I encrypted my web presence in order to escape any warnings, even if there is only a contact form in the email. But after a risk analysis, I also decided not to get the consent of the people on my mailing lists, but only to inform them; after all, it’s not a newsletter. And I am rather relaxed with regard to “agreements on order processing” if they are missing, because the service providers I trust are just that: namely trustworthy and have not sold my data despite years of cooperation – in contrast to (of course only employees from) large corporations from the telephone sector or social media. In this respect, I have already concluded such an agreement with large providers and left one of my email platforms for business mail, because I could not find such an agreement with reasonable effort. I also searched for a long time with others, because the partially sent emails simply disappeared in the quantity of their other advertising mail.

Missing the goal

The economic damage caused by the efforts and the destroyed newsletter distributors of small companies seems to me to be high and far too little addressed. Yes, and the goal of protecting personal data, which is worth supporting, does not seem to have been achieved – I am curious if I will receive these interesting advertising emails for garden umbrellas, personal loans and building materials in the next few days – they certainly do not have my address from the PC administrator of my trust…..

And heij, I am already eagerly waiting for an environmental protection agreement from the EU – diesel scandal sends its greetings – which will tell us how we will document in the future and thus make it controllable, how we will dispose of our paper and coffee capsules in an ecologically flawless way and how we will ensure that the transparent sleeves ordered from the online office trade are “fairtrade” and made of environmentally friendly plastic …



Astrid Kuhlmey has published more articles in the t2informatik Blog, including

t2informatik Blog: Planning subject to reservation

Planning subject to reservation

t2informatik Blog: Digital Transformation - A Plea for Quality

Digital Transformation – A Plea for Quality

t2informatik Blog: The expectation management

The expectation management

Astrid Kuhlmey
Astrid Kuhlmey

Computer scientist Astrid Kuhlmey has more than 30 years of experience in project and line management in pharmaceutical IT. She has been working as a systemic consultant for 7 years and advises companies and individuals in necessary change processes. Sustainability as well as social and economic change and development are close to her heart. Together with a colleague, she has developed an approach that promotes competencies to act and decide in situations of uncertainty and complexity.