Transform Risk into Response in Security Incident Management. With STORM.  Learn more.
  • OTRS Software Solutions
    Customizable Software
    OTRS
    OTRS is a highly customizable help desk system. Find your perfect solution.
    Upgrade to OTRS 8
    OTRS On-Premise & Managed Comparison
    ((OTRS)) Community Edition
    OTRS App
    Feature List
    Feature Add-ons
    Solutions for
    IT Service Management
    Support for your IT department with automated, ITIL4-compliant processes
    Office Management
    Automate office management processes with our software solution
    HR Management
    Support your HR team with numerous processes, such as application or leave management
    Information Security Management – CONTROL
    Complete ready-to-implement compliance ISMS solution according to ISO/IEC 27001
    Cyber Defense & SOAR – STORM
    The solution for fast security orchestration, automation, and incident response
    Product and Service Life Cycle
    Release Notes
    Security Advisories
  • Use Cases
    Service Management
    Security Management
    Task Management
    Asset Management
    Technology Management
    Knowledge Management
  • Services
    OTRS Services
    Services
    Consulting, training, customer service: Find official OTRS services
    FAQ
    OTRS Trainings
    Webinars about OTRS
    Get useful information about the latest OTRS version. Watch how OTRS works.
    Academy
    Stay up-to-date with your knowledge about OTRS. Book a training.
    Customer Portal
    Contact Sales
    Contact Consulting
    Contact Customer Service
  • Success Stories
  • OTRSmag
  • Contact
fill 7
fill 7

3 Data Privacy Mistakes to Avoid

The topic of the General Data Protection Regulations (GDPR), and data privacy in general, can be overwhelming and confusing. As a company that’s based in Germany, we’ve been beholden to the regulation since it was put into practice in May 2018. We’ve learned a few lessons along the way and aim to share our experience with you.

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

OTRS COO Christopher Kuhn has overseen all General Data Protection Regulation (GDPR) related projects within OTRS. Based on this experience, Christopher shared three data privacy mistakes that companies can make when they are trying to comply with GDPR or any other data privacy law, like the newly established California Consumer Privacy Act (CCPA).

Tips to Avoid GDPR Mistakes

If you're uncertain about how to comply with GDPR, work with a consultant or your legal team to review data handling processes and put appropriate safeguards in place. In addition, consider these three tips that will help you avoid GDPR mistakes.

Tip One:
Educate Other Lines of Business

GDPR doesn’t simply apply to the IT department. Any group that’s working with personally identifiable information is tasked with GDPR compliance. Talk with marketing, HR, operations, etc. to make sure their data handling practices are in line with applicable data privacy laws.

Tip Two:
Investigate Vendors & Service Providers

Chances are good that you’ve outsourced portions of your data processing efforts – hosting, payment processing, etc. Under GDPR, you are responsible for breaches incurred via service providers, so make sure yours are taking necessary precautions.

Tip Three:
See the Bigger Picture

Avoiding fines shouldn’t be the real goal here. Instead, understand that GDPR and other data privacy laws are calling upon businesses to be more stringent in their data handling practices. Plan accordingly.

Man writing on notepad next to laptop to illustrate that documentation helps to prevent GDPR Mistakes

Documentation Helps Avoid GDPR Mistakes Too

Complying with GDPR means documenting data handling processes, proving that these have been put into practice and addressing vulnerabilities swiftly. There are several phases of documentation that may help you avoid data privacy mistakes – with respect to GDPR or any other regulation. Certainly, you’ll start with written policies that are distributed company-wide. Also, map out how data is used within your company and document this too. Use these questions about avoiding GDPR fines to help guide you.

Then, start thinking about how you will demonstrate that these policies and processes have been followed. For instance, if your marketing team sends out a newsletter and a recipient requests data deletion (a right established under GDPR), how is that request captured? How can you show that all necessary deletion efforts have taken place? How can you confirm when they took place? Ticketing and workflow automation streamline this phase of documentation as they gather up requests, move them through pre-defined processes and incorporate a revision history.

OTRS serves as your partner in automating and documenting the administrative overhead that comes from implementing data handling processes.

If you're interested in having Christopher Kuhn or another OTRS data privacy expert offer input for an article or speak at an event, contact pr@otrs.com.