The European General Data Protection Regulation has been in force in Germany since 25 May 2018. This is associated with stricter data protection requirements in companies and significantly increased fines (up to 20 million euros or up to 4% of annual turnover) in the event that the rules are not complied with. The GDPR also focuses on cybersecurity . In Article 32, the GDPR requires companies to protect their personal data according to the “state of the art”. To this end, it already names some basic principles and examples for the protection of personal data such as pseudonymization, encryption, data recovery in the technical and organizational measures (TOM for short).
What is the GDPR in detail?
Cybersecurity is also the focus of the GDPR. In Article 32, the GDPR requires companies to protect their personal data according to the “state of the art”. And it calls for appropriate technical and organizational measures (TOM) to be taken to protect personal data in order to ensure an appropriate level of security. Some basic principles and examples of personal data protection have already been mentioned, such as pseusdonymization, encryption, and data recovery.
According to Handelsblatt , due to data protection violations, fine notices were issued in 41 cases in Germany by the end of 2018. These fines amounted to a total of 15,000 euros in North Rhine-Westphalia (33 cases). In Baden-Württemberg, an individual fine of 80,000 euros was imposed, among other things.
The regulations of the GDPR affect every company that processes personal data. There have certainly already been changes in your company to comply with the GDPR, which has also been binding in Germany since May 2018. In some cases, these are changes that can affect the processes of your daily work, perhaps you are now anonymizing customer data, for example.
In the meantime, the GDPR has been in force for some time. It is likely that your company already complies with all or many of their regulations. To be on the safe side, you or your data protection officer can go through one of the many checklists offered (see next paragraph). If you see a need for action, start there. And if you don’t need to take any action, you can be proud of yourself and your data protection officer. For the implementation of the regulation and that you have already taken an important step towards increasing the cybersecurity of your company.
Checklist for the GDPR of the Wiesbaden Chamber of Industry and Commerce
