General Data Protection Regulation (GPDPR)

The new General Data Protection Regulation (GDPR) will take effect in all of Europe on May 25th, 2018 and will entail stronger consumer rights, new liability obligations as well as restrictions for international data flows. Companies failing to comply with the regulation will need to be prepared to accept fines of up to 20 million Euros or, alternatively, 4 per cent of the turnover in the previous year, depending upon what figure is higher.

The new General Data Protection Regulation (GDPR) will take effect in all of Europe on May 25th, 2018 and will entail stronger consumer rights, new liability obligations as well as restrictions for international data flows. Companies failing to comply with the regulation will need to be prepared to accept fines of up to 20 million Euros or, alternatively, 4 per cent of the turnover in the previous year, depending upon what figure is higher.

 

Initial Assessment

Up until now, government regulations were usually satisfied by means of transmitting a notification to the data processing register. Despite the fact that the necessity for this notification is bound to be omitted for the future, companies will be obliged to ensure detailed documentations regarding a variety of usages of data. By means of this “directory of processing activities“, companies must determine consistently what data they gather when, from whom, and for what purposes, where this data is processed and in what form, who can access this data, what data is disclosed to whom else, among other provisions.

 

Interface of Law & IT

Due to the new regulation described above, an abundance of reporting requirements are to be taken into consideration in the context of data collection and processing. Generally speaking, every affected party, upon request and regardless of whether one is dealing with a customer, an employee, or a supplier, must be granted complete information on personalized data saved about the affected party within a month. The affected party has the right to claim the correction, deletion, and restriction of the processing.

Complying with the General Data Protection Regulation(GDPR) requires the elaboration of practice-oriented and individual handling processes which we will define in joint cooperation with your employees. Beyond the criteria relevant in organizational terms as well as with regards to the data protection law, we will also establish the necessary measures to meet the technical requirements.

Especially in the field of IT, there is a lot to be taken into consideration as the new General Data Protection Regularion(GDPR) takes effect. A simple folder system, which used to be completely adequate, is now no longer sufficient. We offer consulting services regarding the planning of internal measures necessary for developing ample IT security in order to ensure the compliance with the General Data Protection Regulation (GDPR). We will be pleased to assist you in your intragroup implementation processes.

Contact us.

– to keep your focus on the essentials.

– to keep your focus on the essentials.