The clock is ticking—the deadline for companies to ensure they are compliant with the new European regulation is the end of May 2018. And if you miss the cut off point, you could face serious penalties. But according to data protection specialist, Heiner Golombek, it doesn’t have to come to that—even if there are only a few months left to tie up all your loose ends.
It was approved in May 2016 and will enter into force on 25 May 2018. But who will the EU General Data Protection Regulation (GDPR) affect? “All companies that save and process customer details—even just names and e-mail addresses—will have to comply with the regulation”, says Heiner Golombek, Head of the Data Protection and Security Competence Centre at Bechtle’s headquarters in Neckarsulm. Businesses and organisations will have to prove that all personal data—be it from customers, patients, insurees or citizens—is handled in line with the new data protection regulation.
In the past, important data used to be stored in safes, while today we regularly exchange huge amounts of data at the click of a mouse. If hackers succeed in intercepting data, companies could face hefty fines to the tune of 4 percent of their global turnover—up to 20 million euros. These increased penalties, together with many new obligations, are substantially stricter than previous regulations. But some companies are still dragging their feet. Heiner Golombek puts this down to the sheer amount of work required, in addition to a lack of resources and legal uncertainty. His advice? “Seeking guidance from data protection experts ensures that every single process is inspected and, where necessary, brought in line with the regulation.” An external specialist can also impress upon the workforce the importance and urgency of implementing the new measures.
Information and data theft can pose a serious threat to businesses and organisations—especially if it goes undetected. With the introduction of the GDPR, the EU are enforcing increased penalties for the loss of personal data from the end of 2018—including fines as high as 20 million euros.
Bechtle provides special services to help companies become GDPR compliant. These range from analysing vulnerabilities, evaluating security incidents, and verifying data protection policies to awarding a data protection seal that confirms organisational and technical security. “Companies that can certify that they are evaluating how personal data are being processed and implement end-to-end IT security concepts are a step ahead of the competition. Audits and privacy seals are what turn good data protection into a tangible asset. And be able to produce the right data protection documentation will play a vital role in settling disputes in the future”, Heiner Golombek tell us. Once the analyses have been carried out, the Bechtle specialists evaluate the results and present an action plan designed to eliminate weaknesses.
Are you on track for the GDPR? Take this test from the Bavarian Data Protection Authority (BayLDA) and find out how well prepared your company is for all the essential data protection requirements.
If the requirements are met in a particular area, you will get a green light. Amber denotes issues you need to resolve in the middle to long term. And red signals that there is a serious problem that needs to be addressed immediately in order not to violate the new GDPR. “If companies successfully meet all requirements and fulfil all data protection regulations, we will certify and confirm compliance—with a data protection seal, if desired. The seal of approval gives businesses a non-bureaucratic tool for winning new customers,” Heiner Golombek explains.
Seeking guidance from data protection experts ensures that every single process is inspected and, where necessary, brought in line with the regulation.
1. Decide on a certified security standard (ISO 27001/ISMS native or BSI IT-Grundschutz with GDPR).
2. Implement a data privacy and security management system (ISMS).
3. Ensure your company has sufficient personnel and technical resources.
4. Educate and raise awareness among employees who work with personal data.
5. Take stock of data handling and business processes.
6. Investigate your level of data protection and conduct a risk analysis.
7. Determine and implement appropriate security measures.
8. Prepare evidence of your company’s compliance with the GDPR, including documentation on your IT system and how you process data in a way that keeps data and information secure.
9. Verify and inspect your adherence to regulations—or, if desired:
10. Obtain certification as formal proof of your compliance with the GDPR.
Head of the Bechtle Competence Center for Data Protection and Security
Bechtle IT Systems Integrator Neckarsulm
Phone: +49 7132 981-2281
Published on Dec 5, 2017.