DSGVO - FAQs

What should companies look for now?

The widely discussed topic: Varies by the EU data protection directive much or little? I recommend the issue as a trigger to bring your data and IT management on the current state of the art company.

It is important to understand that security and corporate stability are inextricably linked. What company could continue to work today still productive at failure of computers and Smartphones? Any company is vulnerable. At least the most common gaps must be closed in times of encryption Trojans and Rasom software. The DSGVO should be seen not only as a necessary evil, but above all as a trigger to implement IT in the current state of the art.

Privacy incidents can also become a frequent trigger for penalties. There are also possible claims for compensation. In combination with downtime and loss of reputation, it is obvious that a strong focus to put here.

Why is the new EU regulation on data protection 2018 mainly SMEs particularly hard? What rights and duties do this?

The DSGVO aims to take large corporations accountable. However, for many small businesses, the implementation can become a large burden.

In the end, the same requirements apply to small and large companies. Who so far has done everything right, the new regulation also not too much hitting the. However, this has hardly anyone - just small businesses have given often no special importance of information security.

How should SMEs go ahead now step by step, to get everything right?

The core element is the creation of a procedures directory (step 1). All applications to log, where personal data be processed therein are an accounting of data applications. Properly implemented can be is infer whether data are processed lawfully (step 2) and sufficiently secure (step 3). A further consequence is to determine which steps are required to implement the rights of the persons concerned (step 4) and proceed as for a data privacy incident is (step 5).

What penalties lead to non-compliance with the regulation?

The maximum penalty rate is at 20 million or 4% of the worldwide turnover of the group - depending what weighs more. In General, however, apply: preparation and documentation are all! The penalties are based where because, whether enough can be placed, that appropriate measures for the implementation of the regulation and to the safe handling of data were already made in advance.

Occasion cases can be, for example, the incorrect implementation of the rights of the persons concerned or a privacy incident. The latter is to avoid as much as possible.

The regulation may 2018 is immediately binding, or is there still transitional periods?

It is important to understand that the regulation is in force for 2016. The transition period is now - the grace period ends in may 2018!