GDPR: Why companies may be afraid of article 32
March 13th 2018, Author / Editor: ISG / Lenz Nölkel
On May 25th this year, the new General Data Protection Regulation (GDPR) of the European Union comes into force – a fundamental innovation that poses major challenges for companies in all sectors. Wolfgang Heinhaus, Partner Advisor at Information Services Group, drew up the most important aspects for MyBusinessFuture that companies should now focus on.
The main Challenges that Companies face now
What must companies pay attention to in the last few weeks before the GDPR? Wolfgang Heinhaus sees the 32nd article of the ordinance as a particularly elementary regulation: It obliges companies to protect their personal data in accordance with the technical state of the art – and the technical state of the art has meanwhile reached a level of complexity that many internal privacy directives do not live up to.Mainly, most companies will need to focus on keeping data safer and up to the new standards.
Therefore, Heinhaus recommends companies that have not yet started the implementation of the new standards to hire external consultants to “locate and adequately address the weaknesses in the business”, thereby avoiding shortcomings.
The GDPR in a nutshell
The 99 articles of the regulation, which will apply in all EU Member States, set out basic data protection rights. The rules concern the collection, storage, processing and general use of personal data of EU citizens and must be respected by all companies operating in the EU, regardless of their size or the type of storage of the data.
A Data Protection Officer should be designated to monitor compliance with the GDPR; any data breaches that occur are to be reported to the customers and the supervisory authority within three days. In the case of violations of the templates, fines of up to four percent of the international sales of the previous year, but in any case up to 20 million euros, are due.
This is maybe the best reason to not underestimate the explosiveness of the regulation and to initiate corresponding steps on the part of the company – if not already done – as soon as possible.
This piece is partly based on an article by ISG.
Source cover image: iStock / BirgitKorber