After documentation comes the evaluation. The GDPR only allows the processing of personal data if this is permitted by law. Contrary to the frequently stated statement, data can also be used without the consent of those affected. In addition to consent, there are legal bases that allow processing for the purpose of executing a contract or even on the basis of a balance of interests.
So always take a close look at the purpose for which you have stored personal data in your company. If you cannot find a legal basis for data processing, the information must be deleted. For example, applicant netherlands phone number data data may not be stored for longer than six months without separate consent. Former customer data must also be deleted if the contractual relationship has ended and there are no legal retention periods.
If you can already prove consent (e.g. in email marketing), this is still valid under the GDPR. So think carefully about whether you want to ask your customers for consent again. If the personal data you have collected is still required for the execution of the contract, storage is permitted without separate consent. Even use for advertising purposes is not necessarily dependent on the consent of those affected. For example, you can continue to base postal advertising on the legitimate interests of your company, provided the recipient has not expressed an objection to advertising.
order processing
Do you have data processed by service providers? Do you use cloud services for data storage or for email marketing? Then you must know and observe the requirements of order processing within the meaning of Art. 28 GDPR. The use of these service providers is only permitted if (possible) access to your personal data is contractually regulated. The list of processing activities can also help here. By specifying which categories of recipients have access to your data processing, you can identify whether other companies have access to your data. Examples of possible data processing on behalf of others are external data centers, letter shops, IT support, newsletter providers, and almost all cloud providers known to you. Helpful information and contract templates for order processing can be found at Bitkom [1] or at the Society for Data Protection and Data Security GDD [2] .