Only 100 days left – is your business ready for GDPR?
From 25 May 2018, the general data protection regulation of the European Union comes into effect and violations against it will be prosecuted. For the first time, there will be an equal data protection law throughout of Europe. Each country will be able to add paragraphs wherever the GDPR allows it. For Germany, the Bundesdatenschutzgesetz (BDSG) has been updated to suit the regulations from the EU.
But what kind of data is protected by the regulation and what does data processing include exactly? In a nutshell, the regulation covers all personal data of any real person that lives in the European Union. Even if they visit websites from outside. So should your business have their base outside of the EU, but your website has EU citizens as customers or visitors, you will need to be ready for GDPR. Processing data means all kinds of working with data: capturing, saving, reading, writing, organizing, transmitting and finally deleting personal data. Anyone, who has access to and could process data is a data processor in the eyes of the GDPR.
How can you comply to the new rules and regulations until 25th of May 2018? It’s not too late and we will give you a quick list of things to work on immediately:
- Hire or name a Data Protection Officer (DPO)
- Update all relevant documents and agreements
- Research and create a data processing index
- Teach your employees and let them commit to data protection
- Implement automatic processes to secure rights of afflicted people
Be aware that the amount of work should not be underestimated. It would be wise to have a task force deal with it rather than just one person. We recommend to start with a budget and a roadmap to get all work done on time. This will already present you with a clear outlook on all things that need your attention. In any case, you should know about data protection by May. Be it as a company or as an afflicted person yourself.
The necessity of complying to the rules of data protection also stems from much higher fines that were introduced in the GDPR. Violations against these regulations will be prosecuted and punished by fines up to 20 million Euro or 4% of a company’s yearly revenue. Whichever of these is higher.
It is hard to understand that some companies haven’t even heard from this significant change yet. Nonetheless, there is no reason to panic. Most important for now is to resolve all uncertainties regarding the necessary changes for your company. Then, start focusing on working on it.
Author Nicolai Nobis