Hanne's consistent application of the GDPR
Hannes' company is in the midst of upheaval. Digitisation is stretching everyone to the limit, the shortage of skilled workers is gnawing away at resources and the market situation is not conducive to sitting down and enjoying oneself. In other words: all fronts are busy at the same time. Above all this circles the vulture of cost pressure, which does not wrap up the aforementioned topics nicely, but squares their explosiveness. All human, financial and operational resources are stretched to the limit, if not beyond.
You don't have time for that...
And the GDPR bursts into this phase. Of course, "bursting" may be an exaggeration, since the regulation has already been in force for two years. But the transition period was not over yet. Soooo surprising it came al-so not. But for those who started to deal with it on 25.05.2018, the ominous 28.05.2018 came rather suddenly.
Hannes had hoped until the very end that this chalice would pass him by. But when he reads the directive from the compliance department, which was set up just for this occasion, he senses that as a production manager he is definitely relevant to the GDPR.
He reads and thinks about the consequences of consistent application. He starts to write down the clarification points. Starts the Word, saves under "DSGVP production management - implementation in everyday life".
DSGVO also affects Hannes - his plan
Hannes searches through his database and finds the birthdays of his employees, which should actually only be accessible to the HR department. Should he now delete them from his Excel list? But then he would no longer be able to put birthday wishes on employees' workstations. He would probably have to submit a request to HR that he receive the birthday dates for the following month in order to be able to get a small gift in time. But he might still find a loophole in the law. If justified and clarified, he is allowed to have the birthday data, but must be able to give it to the person concerned at any time. For the time being Hannes is happy to find such a passage. But wait! What could be the reason that an employee wants to know his date of birth in the first place? Because he has forgotten it himself? That makes no sense. So: delete it. But as part of the cost-cutting measures, cut out the gifts too. After all, the extra effort required to clarify this regulation must also be paid for. Compliance correctness by doing without birthday presents.
Hannes continues to think. He knows the hobbies of many employees and even of all the department and team leaders. Crap! He knows from Carsten that he likes sailing, that Jutta has a six-year-old poodle, from Bruno that he gambles on the Internet. You can't do that. That's personal data you're not allowed to have.
The question circles in Hannes' head: "Surely I only have this information stored in my head?" He reads up on the directive and sees that the hardware for data storage is not restricted. That means it applies to cloud systems, CRM software, hard drives and even paper index cards.
The biggest challenge: the brain
If paper index cards are considered data carriers, then the human brain will probably also fall under this category. For Hannes, the verdict is clear: he is not allowed to know what he knows about the employees. Although this knowledge may seem empathetic, it is illegal.
But how to forget? That's not so easy. There are plenty of seminars on memory training, but how to forget? He fights his way through literature and suddenly a sentence pops into his head: You can only forget if you overwrite the data carrier (i.e. the brain) with enough new data that are supposedly more important.
Hannes is relieved. He starts immediately. He memorizes all the Ame-rican presidents with their names and years in office, internalizes all the goal scorers at the 2018 World Cup who were down less than Neymar (so all of them. ..), and crams the Mandarin ABC. Is that more important than employee hobbies? If you're in China on vacation, absolutely. And after all, that's where you are often enough ...
