How Delta Chat complies to the GDPR
-
Implements the Privacy by Design requirement of the GDPR, through
-
Confidentiality: End-to-end encryption when possible, by implementing Autocrypt Level 1.
-
Data minimization: No alignment or uploading of the address-book content.
-
Data avoidance: No Delta Chat server, no processing of personal data.
-
-
Does not require any consent (article 7 GDPR) from the users or their contacts (data subjects), because no address-book-data is transmitted.
-
Can be used without requiring a contract or instructions from any controller (organisation), because no additional third party will process the E-Mail related personal data.
How data controllers (organizations) benefit from using Delta Chat in complying to the GDPR
-
Creates no additional information requirements for the controller towards direct or indirect data subjects regarding any collection of address-book-data, article 13, 14 GDPR.
-
Needs no data protection impact assessment to be carry out for Delta Chat (Article 35 GDPR), because it processes no particular additional data beyond E-Mail messenging.
-
Adding Delta Chat’s privacy measures to the record of processing activities can have a positive impact on eventual evidence documentation, (article 30 GDPR) as well as on the data protection certification process, Article 25 (3), 42 GDPR.
-
The record of processing activities linked to the messenger-communication is reduced to identifying the email-providers and recording their activities, Article 30 (2) GDPR.
-
Remaining risks to the rights and freedoms of natural persons are generally also limited to the communication data processed by the controller and the email providers.
This statement reflects the General Data Protection Regulation (GDPR) as of 16.05.2018.