May 25, 2018 heralds a new era in data protection: On this day, the EU GDPR (General Data Protection Regulation) comes into force. The new EU law, internationally referred to as GDPR (General Data Protection Regulation), also adapts the German BDSG (Federal Data Protection Act).
The new rules of the EU GDPR change the framework conditions for data processing in companies: The collection and use of personal data is subject to new obligations with far-reaching consequences - but also offers new opportunities. In order to enable you to make optimum use of these opportunities for your company from May 25, 2018, we would like to demonstrate just exactly what the EU GDPR is all about, what you need to observe and how you can move into the future in compliance with data protection regulations - and do so successfully!
The EU GDPR: Modern data protection in a digital world
The original EU Data Protection Directive was adopted in 1995. A lot has changed since then: Our world of life and work is more globalized - and digitized. The new EU General Data Protection Regulation, which will apply to all 28 Member States of the European Union from May 25, 2018, takes this change into account and ensures the protection of personal data under up-to-date conditions. The new law regulates the processing of personal data by private companies, public institutions and authorities with clear objectives:
- The EU GDPR protects the privacy and personal data of all EU citizens
- At the same time, it ensures the free movement of data within the EU
- It ensures transparency and a uniform approach to data protection throughout the European Union
Who is affected by the EU GDPR?
The EU General Data Protection Regulation is binding for all companies that collect and/or process personal data from EU citizens within the European Union. It is irrelevant whether these companies are based in the EU.
What is "personal data" exactly?
According to Article 4, paragraph 1 GDPR,"personal data refers to any information that can be attributed to a natural person and provide insight into his physical, physiological, genetic, psychological, economic, cultural or social identity". This means that the mere possibility of identifying a natural person is sufficient to protect personal data.
There are different types of personal data or data that can be related to a person. These include, for example, the following:
- General information such as name, date of birth, address, telephone number, email address, etc.
- ID numbers such as ID card number, social security number, tax identification number, etc.
- Bank details such as account numbers
- Online data such as IP address and cookies
- Ownership characteristics such as license plates, land registrations, real estate property, etc.
- Physical characteristics such as information regarding sex, skin or hair and eye color, body size, etc.
What does the EU GDPR change for businesses?
The EU General Data Protection Regulation makes companies that collect and/or process personal data more responsible for their actions than ever before. The regulations oblige these companies to document all data processing processes and to protect them according to the state of the art.
From May 25, 2018, companies must, inter alia:
- Know when, how and where personal data is collected and processed
- Prove that they comply with the new data protection regulations and are technically and organizationally in a position to provide proof hereof at any time
- Report data breaches to the data protection supervisory authority within three days
- Answering requests for information from persons within a certain period of time
- Immediately and securely delete personal data that is no longer needed, outdated or illegally stored
Why is it important to implement the EU GDPR?
Admittedly, the EU General Data Protection Regulation compels companies to comply with numerous requirements. It’s worth doing so - not least of all because any infringements of the EU GDPR can not only be reprimanded, but can also become very expensive: Anyone who fails to comply with reporting obligations or deadlines may be fined up to 20 million euros or up to 4% of the previous year's turnover.
GDPR-compliant and successful in the future: With R2C_SECURITY from Schleupen
May 25, 2018 is approaching inexorably - and with it, inevitably, the introduction of the EU General Data Protection Regulation. Now is the time to act and rely on an experienced partner who will get you ready for the future with a proven technological solution:
We, the experts at Schleupen AG, have many years of experience in the areas of governance, risk and compliance - including data security. Now we are offering a software solution that meets the complex requirements of the EU GDPR: R2C_SECURITY guarantees the necessary documentation for the implementation of the requirements from KRITIS and EU GDPR so you can concentrate freely on the core tasks of your company. We also support your company both comprehensively and individually on the way to the introduction and implementation of software-based GDPR and ISMS. Get in touch with us today - take the next step into the future with R2C_SECURITY – GDPR ready, compliant and successful!
Talk to us right now - start your R2C_SECURITY DSGVO compliant and successful in the future!