Bechtle's structured approach to GDPR compliance.

In just a few months’ time, businesses will be required to ensure their organisation protects data in compliance with the new General Data Protection Regulation (GDPR). As Bechtle’s own experience goes to show, a structured approach is now key to making the best use of the time they have left.

Share article

A recent study by market researcher IDC suggests that no less than 44 per cent of companies in Germany are insufficiently prepared for the General Data Protection Regulation. This is especially true for small and medium-sized enterprises. Many businesses are lacking a sound overview of the personal data in their possession, and most of them have yet to appoint a data protection officer. The study also finds significant gaps in GDPR-related processes, including the notification of all relevant people and agencies in the case of a breach.



Government agencies provide action plan.

Authorities are aware of the challenges companies face when gearing up for the GDPR. As a consequence, the Bavarian Data Protection Authority now offer a questionnaire and online test to help organisations assess their GDPR readiness. In addition the German Data Protection Conference (DSK) has published an action plan to help companies plug any holes in their GDPR-related processes.



Tracing the transition at Bechtle.

On 25 May, Germany will make the switch from the current Federal Data Protection Act (BDSG) to the new European General Data Protection Regulation. This is how Bechtle AG has prepared for a smooth transition across 70 IT systems integrators in Germany, Austria and Switzerland, plus its IT e-commerce companies in 14 European countries. The cornerstone of all implemented measures was a structured process and full documentation of Bechtle’s data protection organisation.


  • Determine what you need to change—The first thing on the agenda of Bechtle’s central data protection department was a gap analysis to determine exactly what has to change. Bechtle’s current data protection policies are based on Germany’s Federal Data Protection Act, and certain policies must be adapted to meet GDPR requirements. For instance, these include stricter provisions regarding the obligation to notify authorities of breaches.


  • Provide central data protection policies—Bechtle provides all its systems integrators with a ready-made set of policies, which they can then adapt to the individual needs of their own branches. One example would be a centrally developed concept for data erasure. Systems integrators are given process templates for various scenarios, for which they can then implement the technical prerequisites at their site.


  • Increase awareness—Coinciding with the initial gap analysis, all Bechtle executives were briefed on the changes that will come with the new GDPR. Bechtle is also increasing awareness among employees in general, leveraging its own e-learning platform, iLearn.


  • Document processes—As well as a number of data protection policies, Bechtle’s data protection infrastructure relies on a central catalogue documenting all the processes that use personal data.


  • Provide process templates—By analysing the existing process catalogue, Bechtle was able to determine which processes must be adapted to align with the new GDPR. As with the data protection policies, systems integrators are given a set of centrally developed process templates, which can then be adapted to individual requirements as needed. The same will also be the case for contracts regarding order processing, which are subject to Article 28 of the GDPR.


In a nutshell, a structured approach—beginning with a gap analysis on the process and document layers—leads straight to the weak points that need to be taken care of in order to comply with the GDPR. Documenting policies and cataloguing processes is key to unified and harmonised data protection across organisations. This goes hand in hand with increasing awareness among business executives and employees in charge of data protection or handling sensitive data. That way, organisations are enabled to tackle any gaps in implementing GDPR policies.

Bechtle offers a 10-point plan for GDPR compliance in your organisation. For more information and your Bechtle contact for data protection and data security, read The EU General Data Protection Regulation (GDPR) – A new era in data protection.

Published on Feb 2, 2018.