MediaMarktSaturn’s Data Protection Team recently won the coveted JUVE Award in the category ‘In-House Team of the Year’. According to the jury: “Their far-sighted planning and implementation didn’t go unnoticed by their competitors, either. And given the recent restructuring of the Legal Department, the issue of data protection has become even more important.” The JUVE Award is presented annually by JUVE, a publisher specializing in legal affairs.

Everyone’s been talking about the General Data Protection Regulation since the start of the year. Long before the GDPR affected every single person working at MediaMarktSaturn, the Data Protection Team spent 18 months analysing it.

During this period, Dietmar Böhlke’s nine-strong team logged more than 2,500 cases in which personal data is processed, introduced 25 governance processes, and taught more than 700 procedure-owners how to apply the new data privacy management system. In addition to their main activities, the team also developed a communication campaign, designed an e-learning programme, and maintained internal communication channels. By the time the GDPR came into force in May, the Data Protection Team had already done a mountain of work.

After their project ‘GDPR Readiness 2018’ was officially concluded in September, the team received several commendations. They included the JUVE Award for ‘In-house Team of the Year’ from the JUVE publishing house. The team won out over the other four nominees: pharma company Böhringer Ingelheim, engineering corporation Bosch, the KfW reconstruction bank, and broadcaster ProSiebenSat.1. The award was presented by journalist and ZDF TV presenter Theo Koll at Alte Oper, the original opera house in Frankfurt, before about 1,000 invited guests.

THE JUVE Awards are presented every year in 18 categories: 15 to law firms and 3 to in-house teams. There are 5 nominations per category, and this year MediaMarktSaturn took part for the first time. The nominees are shortlisted based on extensive research conducted by JUVE’s editorial team for the JUVE Handbook. When choosing the winners, the panel didn’t confine itself to technical expertise but also took other aspects into account such as strategic orientation, service orientation and future potential.

Data protection manager Dietmar Böhlke has a few tips for corporate privacy policies:

In a nutshell, those who can answer the following questions for themselves or their company have data protection under control:

Take control of your data – get back in the driver’s seat:

1.   Can you define what personal data is? 

According to Article 4 (1) of the GDPR, 'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.   Who, what, where and why? In other words: Who processes what data in a defined form where – and why?

3.   Is data always stored securely and transparently, only processed in the manner for which it was collected, and deleted once this purpose has been fulfilled?