The EU General Data Protection Regulation will apply from May 25, 2018
After a transitional period of two years, the EU General Data Protection Regulation (EU GDPR) will finally come into force on May 25, 2018.
The EU GDPR regulates the processing of personal data by private companies and public bodies throughout the EU. Through the Entry into force The General Data Protection Regulation largely replaces the existing national regulations and standardizes data protection law within the European Union. This will ensure the protection of personal data on the one hand and the free movement of data within the EU on the other.
Essential elements of the BDGS are still included in the EU General Data Protection Regulation. Innovations that need to be observed relate to the processing of personal data, the rights of data subjects and the obligations of data controllers. Consumer rights in particular have been strengthened by the EU GDPR. Some of the new rights and obligations are listed here:
- Right to information and disclosure - Companies must provide information about the legal basis for data processing and the duration of data storage
- Right to be forgotten - Consumers are granted a comprehensive right to erasure of their data
- Accountability - Compliance with the new EU regulations must be ensured and compliance must be demonstrable
- Impact assessment - When processing data that may result in high risks to the rights and freedoms of natural persons, data controllers must be required tocarry out a data protection impact assessment in advance in future
To ensure that your company becomes and remains legally compliant, it makes sense to start preparing now:
- Get an overview, which personal data is processed in your company. Which systems are affected? Where is data stored?
- Checkhow personal data is used. Check with regard to data minimization
- Document All processes
- Create a concept for compliance with information security (e.g. by applying the requirements of ISO 27001)
- Protect data from misuse or theft
- Create guidelines for the introduction of future data processing processes
- Check ongoing compliance with the specifications
Further information on this topic can be found here:
- „What do I need to know about the EU General Data Protection Regulation?", bitkom (www.bitkom.org)
- "The new EU General Data Protection Regulation - start preparing now", Microsoft
