Are you fit for European data protection (EU-GDPR)?
Where do my data actually go? And what options do I have to delete them? The economic importance of data is constantly increasing – the results of which can be felt in many everyday situations. Even if I supply my data sparingly, this cannot be completely avoided. It’s time for another step: a uniform European data protection directive.
What is the EU-GDPR?
Bear in mind that companies must implement the European General Data Protection Regulation (EU-GDPR) no later than May 25, 2018. It regulates the handling of personal data, i.e. everything that makes a person identifiable: name, address, place of work, but also their IP address. Companies who work with such data and store them automatically in IT systems are affected by the new regulation. There is an exception to every rule. My colleague and EASY legal expert Rainer Berndt already reported on this on easy-software.com.
Even if general principles of data protection have remained unchanged, they are now actually implemented in (much) more stringent provisions.
What are the objectives of the EU-GDPR?
It is intended primarily to protect people. These are your customers, users, employees or suppliers. If they want information about their data, your company must now be able to comply in a very short time. Information which is required to be disclosed includes purpose of processing, category, recipients of the data, planned retention period, and the origin of the data. In addition, your customers have a right to deletion and correction of data, as well as a right of objection which they may exercise at any time.
Checklist for implementing the EU-GDPR
How compliant with the EU-GDPR is your company actually? Here are a few tips:
Document and customize your processes
Document all your processes in a processing directory specifying where and in which form you collect, save or delete personal data. Customize these processes. Here’s an example: Do you know the Double Opt-in procedure for your newsletter? This controls a data protection compliant opt-in processes.
Implement and protect:
In your IT systems, implement a data protection management feature that also includes a procedure for deleting the data in case their use is obsolete or those affected make use of their right to object.
Check and report
Check the EU-DSGVO requirements continually and carefully. Because those responsible may also be personally liable. Make sure that you can inform those affected of how your organization saves data and which data it saves. Here, too, you have to keep deadlines.
Can you check off those points? Then you are already well on the way to successfully implementing the EU-GDPR in your company. By the way, the digital association Bitkom offers an extensive description. If you haven’t heard about these things before now, I urgently advise you to study them in detail. If your company is not compliant with EU-GDPR by the end of May 2018, you may face fines which can be considered existential. You also risk losing customers, who may then switch to one of your competitors.
Opportunities for your company
The EU-GDPR also offers you advantages. Specifically, it unifies the European patchwork of data protection and minimizes data volumes. With these provisions, EU-DSGVO will make a not so small contribution to reduce barriers to cloud-based activities. This may help you open up new business segments for your organization.
Thomas Cziesla is manager of Corporate Strategic Consulting and will be happy to advise your company on your way to digitization.