The European General Data Protection Regulation has been in force since 25 May 2018 in Germany. This entails stricter data protection requirements in companies and significantly higher fines (up to 20 million euros or up to 4% of annual gross) in the event that the rules are not adhered to. The GDPR also focuses on cyber security. In Article 32, the GDPR requires a company to use “state of the art” protection for its private data. To this end, in its technical and organizational measures (TOM), the Commission has already set out some basic principles and examples for the protection of personal data such as pseusdonymization, encryption and data recovery.
What is the GDPR in detail?
Cyber security is also the focus of the GDPR. In Article 32, the GDPR requires companies to use “state of the art” protection for their private data and it calls for appropriate technical and organizational measures (TOM) to protect private data in order to ensure an adequate level of security. Some basic principles and examples for the protection of private data have already been mentioned, such as: Pseudonymization, encryption and data recovery. Due to data protection violations in Germany, according to Handelsblatt, fines were issued in 41 cases by the end of 2018. These fines totaled 15,000 euros in North Rhine-Westphalia (33 cases). In Baden-Württemberg, inter alia, a single fine of 80,000 euros was imposed.
Where do I encounter the GDPR in everyday work?
The provisions of the GDPR concern every company that processes private data. It is certain that there have already been mandatory changes in your German company, since May 2018, to comply with the GDPR. In some cases, these are changes that may affect the processes of your daily work, such as now encrypting customer data, for example.
What can I do to improve my safety?
The GDPR is has already been in effect for some time. Your company probably already meets all or most of their regulations. To be sure, you or your privacy officer can go through one of the many checklists offered (see next paragraph). If you recognize a need for action, start there. And if you do not need to take action, you can be proud of yourself and your privacy officer in implementing the regulations and making sure that you have taken an important step towards increasing your company’s cyber security.
Interesting background information
Checklist for the GDPR of the State Commissioner for Data Protection Lower Saxony www.lfd.niedersachsen.de/startseite/datenschutzreform/dsgvo/fragenkatalog_zur_vorbereitung_auf_dsgvo/nur-noch-6-monate-bis-zur-anwendung-der-datenschutz-grundverordnung-159273.html The official Regulation (EU) 2016/679 PDF (General Data Protection Regulation: dsgvo-gesetz.de)