GDPR: The new european data protection regulation.
Digitalisation has long been part of our business lives and it continues to progress at breath-taking speed. Thanks to cloud computing, Bring your own Device (BYOD) and the wide availability of IT products, small companies and organisations enjoy opportunities that were previously only available to large enterprises. Today, borders and locations are no longer relevant, customers are at home all over the world, and many of them are from the EU, creating new challenges—especially in data protection: Rules and laws bound to natural or legal persons must be observed.
What is the general data protection regulation?
The general data protection regulation (GDPR) is a European Union provision, standardising the data protection laws of the 28 member states and replacing the previous EU policy. The regulation came into effect on 24 May 2016 and had to be implemented by 25 May 2018.
The GDPR contains a series of new rules leading to data protection processes and systems being reviewed and updated.
This has resulted in a new «Path to Compliance» to help stay on the right side of the law in the future, but this inevitably creates problems. The larger the collection of personal data or the more closely the purpose of the organisation is linked to the use of personal data, the more complex these challenges become.
Individuals have new and extensive rights concerning how their personal data is processed:
Complete right to information regarding the purpose for and the legal basis of processing
Requesting the deletion of data if the processing purpose has been fulfilled*.
Transferring processed data to another company
Right to correction of information
* Must happen within a month
IP addresses and cookies are now also expressly considered personal data!
What are the new GDPR requirements?
It is not yet clear what the complete spectrum of requirements looks like, because many have yet to be developed. However, the regulation has laid down a number of crucial requirements:
Data Protection by Design and Data Protection by Default
Pseudonymisation and encryption of personal data
Appointment of a data protection officer who monitors compliance with the regulations
Introduction and implementation of suitable guidelines and processes (to demonstrate GDPR compliance)
Informing the supervisory authorities of a violation of the protection of personal data within 24 hours
Prevention of unauthorised access to personal data
We can help.
Our specialists deal intensively with the topic of GDPR. In cooperation with our partners, we’ll check that your IT is GDPR-compliant. At the same time, our partners will endeavour, wherever possible, to automatically offer you the user GDPR-compliant services from now on.