Data Protection in Practice at IXOLIT Group

Our team attends GDPR training regularly and is mindful of the lawful basis for data processing
November 28, 2019 | Expertise

The General Data Protection Regulation (GDPR) is applicable since May 2018. If the seriousness of the matter wasn't evident then, it surely is now as authorities start to impose hefty fines on companies in violation of the GDPR. At IXOLIT Group, we take data protection very seriously. In addition to clear guidelines for the use and storage of personal data, we regularly organize data protection training for our team ― the last of which took place at the end of October. 

The continued training promotes a shared understanding of data protection cornerstones and guarantees that team members are up-to-date with the latest case law and legislative changes. Having many years of experience as a lecturer and as an IT-law practitioner, our legal counsel Jakob Geyer leads IXOLIT Group's data protection initiatives.

Embedding data protection in workflows

"You can't file data protection away. You must build it in the workflows. Only when we join forces ― from the technical support team to the executive board ― can we ensure that data is processed in accordance with the law. At IXOLIT Group, we do that, and the training plays an essential role in getting everyone on the same page," says Jakob.

This is also reflected in our mindset: the IXOLIT Group sees data protection as the starting point of the future-oriented services it offers. We minimize the amount of data we collect and never jeopardize security, standing in sharp contrast to companies that resist the principles in the GDPR and hoard data.

"Anyone who processes more information than necessary or who grants excessive access permissions risks a  fine by the data protection authorities. Worse still, attackers target business that hoard data more often," says Jakob. 

"You can't file data protection away. You must build it in the workflows. At IXOLIT, we do that."
Jakob Geyer
Legal Counsel at IXOLIT Group

The difference responsibilities of data controllers and data processors

According to the terms used in the data protection law, the IXOLIT Group acts as a processor vis-à-vis its clients. The businesses that run transactions through our payment orchestration platform IXOPAY or maintain their websites with the help of our content management framework IXOCREATE act as controllers. Controllers determine the purposes of data processing and are responsible for obtaining a lawful basis to use personal data.

In case a client wants help or advice, our well-trained team members are ready to jump in ― 24/7, if needed. As our VP of Application Engineers Thomas Payer puts it: 

"The training was beneficial for my team and me, especially regarding the different scenarios of lawful processing called forth by the features our clients request. We will use the findings for our purposes as much as for that of our clients. The knowledge imparted during the workshop helps IXOLIT engineers to mitigate compliance risks at early project stages."

Go with IXOLIT and Your Data Will Be Safe

Have questions about how we process transaction data securely?

Contact us

You might also be interested in: