The New EU Data Protection Is Coming

The transition period is coming to an end soon. In May 2018, the new European General Data Protection Regulation will come into force. Is your IT ready?

As with so many regulations, there are a lot of disputes going on about the new GDPR, which has been approved in Mai 2016 and now will come in to force two years later. Whereas one side praises the reform, the other side questions its actual effect. And companies are left unsettled. What has to be changed?

In a simplified way, the essence of the General Data Protection Regulation could be described as follows: Companies need more knowledge about their data processing. And this applies with regard to the customers as well as with regard to internal processes. Only those who know exactly how their data processing works, how accesses are regulated and where the data is stored, can meet the new requirements of the GDPR.

Particular emphasis is put on the flow of information in case of an attack. Companies are not anymore expected to avoid data infringements these days. The demand is rather to inform authorities as well as customers in case of an attack immediately without any delay. Plus, companies have to explain the circumstances in a comprehensive and understandable manner to those whose personal data may be concerned. A short message stating that there have been technical problems is not enough at all.

Further subjects that are affected by the reform are for example the data protection of employees, the consent of children under the age of 16, and the appointment of a data protection officer in companies with more than nine employees.

Special mention is also made of the right to be forgotten. If there are no legitimate reasons to store the data, customers can demand the deletion of their data. In this case, companies may be challenged to find the right technical solution for a suitable deletion process.

Which regulation actually will be new with regard to the existing jurisdiction in your country is explained in numerous articles and official documents online. Experts suggest that all companies no matter if small, medium or large, start to deal with the subject now in order to be all set in May next year. In case of non-compliance, high fines may be imposed. And as many for sure know from experience: an IT reform can take time – 10 months pass quickly.