In just a few months’ time, businesses will be required to ensure their organisation protects data in compliance with the new General Data Protection Regulation (GDPR). As Bechtle’s own experience goes to show, a structured approach is now key to making the best use of the time they have left.
A recent study by market researcher IDC suggests that no less than 44 per cent of companies in Germany are insufficiently prepared for the General Data Protection Regulation. This is especially true for small and medium-sized enterprises. Many businesses are lacking a sound overview of the personal data in their possession, and most of them have yet to appoint a data protection officer. The study also finds significant gaps in GDPR-related processes, including the notification of all relevant people and agencies in the case of a breach.
Authorities are aware of the challenges companies face when gearing up for the GDPR. As a consequence, the Bavarian Data Protection Authority now offer a questionnaire and online test to help organisations assess their GDPR readiness. In addition the German Data Protection Conference (DSK) has published an action plan to help companies plug any holes in their GDPR-related processes.
On 25 May, Germany will make the switch from the current Federal Data Protection Act (BDSG) to the new European General Data Protection Regulation. This is how Bechtle AG has prepared for a smooth transition across 70 IT systems integrators in Germany, Austria and Switzerland, plus its IT e-commerce companies in 14 European countries. The cornerstone of all implemented measures was a structured process and full documentation of Bechtle’s data protection organisation.
In a nutshell, a structured approach—beginning with a gap analysis on the process and document layers—leads straight to the weak points that need to be taken care of in order to comply with the GDPR. Documenting policies and cataloguing processes is key to unified and harmonised data protection across organisations. This goes hand in hand with increasing awareness among business executives and employees in charge of data protection or handling sensitive data. That way, organisations are enabled to tackle any gaps in implementing GDPR policies.
Bechtle offers a 10-point plan for GDPR compliance in your organisation. For more information and your Bechtle contact for data protection and data security, read The EU General Data Protection Regulation (GDPR) – A new era in data protection.
Head of Security, Governance, Risk, Compliance
Bechtle AG Neckarsulm
Published on Feb 2, 2018.