DE | English
Bechtle's structured approach to GDPR compliance.
In just a few months’ time, businesses will be required to ensure their organisation protects data in compliance with the new General Data Protection Regulation (GDPR). As Bechtle’s own experience goes to show, a structured approach is now key to making the best use of the time they have left.

A recent study by market researcher IDC suggests that no less than 44 per cent of companies in Germany are insufficiently prepared for the General Data Protection Regulation. This is especially true for small and medium-sized enterprises. Many businesses are lacking a sound overview of the personal data in their possession, and most of them have yet to appoint a data protection officer. The study also finds significant gaps in GDPR-related processes, including the notification of all relevant people and agencies in the case of a breach.



Government agencies provide action plan.

Authorities are aware of the challenges companies face when gearing up for the GDPR. As a consequence, the Bavarian Data Protection Authority now offer a questionnaire and online test to help organisations assess their GDPR readiness. In addition the German Data Protection Conference (DSK) has published an action plan to help companies plug any holes in their GDPR-related processes.



Tracing the transition at Bechtle.

On 25 May, Germany will make the switch from the current Federal Data Protection Act (BDSG) to the new European General Data Protection Regulation. This is how Bechtle AG has prepared for a smooth transition across 70 IT systems integrators in Germany, Austria and Switzerland, plus its IT e-commerce companies in 14 European countries. The cornerstone of all implemented measures was a structured process and full documentation of Bechtle’s data protection organisation.


  • Determine what you need to change—The first thing on the agenda of Bechtle’s central data protection department was a gap analysis to determine exactly what has to change. Bechtle’s current data protection policies are based on Germany’s Federal Data Protection Act, and certain policies must be adapted to meet GDPR requirements. For instance, these include stricter provisions regarding the obligation to notify authorities of breaches.


  • Provide central data protection policies—Bechtle provides all its systems integrators with a ready-made set of policies, which they can then adapt to the individual needs of their own branches. One example would be a centrally developed concept for data erasure. Systems integrators are given process templates for various scenarios, for which they can then implement the technical prerequisites at their site.


  • Increase awareness—Coinciding with the initial gap analysis, all Bechtle executives were briefed on the changes that will come with the new GDPR. Bechtle is also increasing awareness among employees in general, leveraging its own e-learning platform, iLearn.


  • Document processes—As well as a number of data protection policies, Bechtle’s data protection infrastructure relies on a central catalogue documenting all the processes that use personal data.


  • Provide process templates—By analysing the existing process catalogue, Bechtle was able to determine which processes must be adapted to align with the new GDPR. As with the data protection policies, systems integrators are given a set of centrally developed process templates, which can then be adapted to individual requirements as needed. The same will also be the case for contracts regarding order processing, which are subject to Article 28 of the GDPR.


In a nutshell, a structured approach—beginning with a gap analysis on the process and document layers—leads straight to the weak points that need to be taken care of in order to comply with the GDPR. Documenting policies and cataloguing processes is key to unified and harmonised data protection across organisations. This goes hand in hand with increasing awareness among business executives and employees in charge of data protection or handling sensitive data. That way, organisations are enabled to tackle any gaps in implementing GDPR policies.

Bechtle offers a 10-point plan for GDPR compliance in your organisation. For more information and your Bechtle contact for data protection and data security, read The EU General Data Protection Regulation (GDPR) – A new era in data protection.

Keep on reading

Bechtle Competence (C) Days 2019.

First observation: The IT fair concept works. Specialist talks on topics from the complete spectrum of IT solutions complemented by a tailor-made exhibition. This combination hit the nail on the head once more at the Bechtle 2019 C Days for a multitude of customers, partners, and employees. More than 3,500 participants made the two-day in-house fair at Bechtle Platz 1 another flagship event based around the most important current business IT questions.

Digitalising the construction industry.

While there is broad consensus in the construction industry that digitalisation is the way of the future, surprisingly little action is being taken. Large construction firms and planning offices are well on their way, but small and medium-sized firms—which make up 95 per cent of the industry—are finding it difficult to get started. Most of them are stuck deciding how best to optimise their investment while minimising risk, taking into account their specific circumstances. But taking a business digital doesn’t have to entail an enormously complex project. So how does one go about it effectively?

A vision to behold.

What is it that drives a company to success and motivates employees to give their all? A clear vision. Visions are gleaming aspirations calling out to us, sparking enthusiasm, encouraging and inspiring us. What starts out as a beacon of light in the distance eventually becomes an attainable goal within our reach. Our path is shaped by the confluence of vision and strategy—both focused on a desire to transform.

Published on Feb 2, 2018.