Javascript is deactivated and some parts of the website will not work. Please activate Javascript.

GDPR (EU General Data Protection Regulation)

Information on the creation of records of processing activities pursuant to Art. 30(1) GDPR

A list of the processing activities pursuant to Art. 30(1) GDPR must cover all of the information listed in Art. 30(1) Sentence 2 lit (a-g) GDPR as final information for the whole company. This information must give a meaningful description of the processing activities of the person responsible.

 

Download the document with technical and organizational measures (TOM) from estos GmbH

The preparation of records of processing activities does not in any way fulfill all the documentation requirements stipulated by the GDPR. 

The list is only one building block in order to comply with the standardized accountability in Art. 5(2) GDPR. For example, the Conditions for consent (Art. 7(1) GDPR), the Responsibility of the controller (Art. 24(1) GDPR) and the result of Data protection impact assessments (Art. 35(7) GDPR) must be carried out so that the appropriate documentation can be verified. 

Possible occasions for a GDPR lawsuit
Right of access (Art. 15(1) GDPR)

Requested information that asks a person about the processing of personal data is about:

  • the purpose and legal basis of the collection, processing or use of personal data
  • the categories (e.g. debtors, health data, credit data) of personal data being processed
  • the deadlines for the deletion of personal data or for the examination of the deletion as well as
  • the origin of the personal data (e.g. telephone directory, business card), insofar as these were not collected from the data subject (e.g. registration form, profile page)

Rectification (Art. 16 GDPR)

The rectification of personal data is about a change that a person can request, for example: when changing address, telephone number or family name. Central management of all personal data can reduce the maintenance effort. The EDP should be able to take over the changes and not carry out duplicate data storage.

Erasure/Pseudonymization (Art. 17 GDPR/Recital 26)

A person may arrange for the deletion of their personal data. This has the consequence that all references to the person, for example, in all EDP computerized systems must be removed, unless they are required by other regulations, e.g. for accounting purposes. A pseudonymization makes it possible to avoid any kind of inference to a person, now or in the future, which is comparable to a deletion.

Restriction of processing (Art. 18(3) GDPR/Recital 67)

A person may restrict the use of their personal information, for example, to prevent the sending of advertising e-mails. All EDP systems should therefore be able to use the same database to effectively implement restrictions across all EDP systems.

Get assistance in creating your process directories
On-site software installations

For systems that you operate on-site, you also incur the obligation to document how personal data is processed. Here we can support you with additional information about our software products (as a download), so that you can complete this information for your processing activity directory. Optionally, you can also access our Professional Service Consulting offer for the GDPR.

Use of UCConnect

If you use our hybrid cloud building blocks, such as ProCall Web Communication Services or ProCall Mobility Services, you have already received the contract documents containing information about your personal data processing activity. Of course, you will also find these on our product page.

To the product page

Professional Consulting Service – Consulting on the GDPR

As part of our Professional Consulting Service, we offer you support in the implementation of your GDPR requirements for the following estos software products:

  • ProCall 6 Enterprise
  • ProCall Analytics
  • ECSTA 5
  • ixi-UMS 6 Business
  • ixi-UMS 6.60 Enterprise
  • MetaDirectory 4 Enterprise
  • Contact Kit with PhoneTools

Excluded from this offer are all other products such. e.g.  The following:

  • ProCall 5 Enterprise (and older)
  • ProCall One R2 (and older)
  • ECSTA 4 (and older)
  • MetaDirectory 3.5 variants (and older)

Learn more about Professional Services

Supplementary information about the processing of personal data

General

  • Presentation of GDPR and estos products and services for download
  • Article about unified communications and EU-GDPR for download (in preparation)

Unified communications

ProCall 6 Enterprise

In ProCall 6 Enterprise, personal information is processed, e.g. as favorites/contacts, journal entries (telephone), duties/tasks, or in chat.

To the product page

Download the supplement for the ProCall 6 Enterprise directory

ProCall Analytics

In ProCall Analytics, personal data such as As favorites/contacts, journal entries (telephone) are processed.

To the product page

CTI – Integrate the telephone system

ECSTA 5 Series

For example, our ECSTA 5 middelware product processes IP addresses or telephone numbers.

To the product page

Unified messaging

ixi-UMS 6 Business

ixi-UMS 6 Business processes, for example, telephone numbers, users/operators and SMS messages.

To the product page

ixi-UMS 6.60 Enterprise

ixi-UMS 6.60 Enterprise processes, for example, telephone numbers, users/operators and SMS messages.

To the product page

Integrate contact data & synchronize

MetaDirectory 4 Enterprise

MetaDirectory 4 Enterprise processes, for example, contact information, phone numbers, and e-mail addresses.

To the product page

Your contact partners
Jennifer Klose

Jennifer Klose

Assistentin der Geschäftsleitung & Administration

Multimediale Visitenkarte

Raphael Bossek

Raphael Bossek

Bereichsleiter Produkte, Mitglied der Geschäftsleitung

Multimediale Visitenkarte