However, the financial and regulatory consequences of non-compliance have increased significantly and the GDPR sets the responsibility for any abuse/loss of data at the university (as the data controller). The university also needs a clear record of all data exchange agreements if a person chooses to use some of their new rights under the GDPR, such as. B the „right to be forgotten“. For more information on data exchange, see our Code of Conduct for Data Exchange A key element of the GDPR is the „right to information“, which implies the obligation for the organisation to provide „fair processing information“, usually through a data protection declaration. It also highlights transparency on how personal data is used and you should inform people if their information is shared with other organisations. Pages 70 to 72 make explicit reference to the communication to M&A. There is little new here. We propose that these types of problems are probably already known to lawyers who advise on business and buyers/sellers accustomed to managing M&A. There are useful memories for the seller (or the other organization that shares data with another store manager) to think about when and how it will inform individuals of what is happening, in order to be satisfied with the technical consultation before sharing different systems and documenting the disclosure of data for the audit trail.
The draft code presents the law and provides examples of good practice. Subsequently, companies can manage risk, shed light on misunderstandings, and exchange data with confidence.