If the discussion in the media is followed, no one will deny that the General Data Protection Regulation (GDPR) and its implementation is a huge topic. Different studies testify that the new requirements of the decision-making side are given a massive relevance and that all affected parties will soon be able to do quite a lot to act on the law in a timely manner. This is the conclusion of the study by Veritas Technologies, implemented by Vanson Bourne. We have reported. Here, two percent of the 900 executives surveyed indicated that they should be fully prepared for implementation by May 25th 2018. A further 31 percent said that the most important regulations are currently being met.
5 Myths that lead you in a wrong direction
A current survey by Carmao on behalf of OpenText is now deeper and the conclusion is that 10 months before the deadline, about a third of the affected organizations concerned meet the requirements of the current Federal Data Protection Act. A further 50 percent have serious doubts about the timely implementation of the requirements of the DSGVO. One reason for this could be misinformation which misleads the involved decision-makers. Thus, among the 5 most widely used myths concerning GDPR are the following:
- Many affected are of the opinion that the GDPR will only come into force in Germany at a later date. The fact is that the scheme has been in force for more than a year and will have to be implemented in all EU countries, including the UK-Brexit country, from May 2018 onwards. In the event of non-compliance, fines amount to up to 20 million euros or up to four percent of the world’s sales in the previous year.
- The GDPR applies not only to companies from the EU, but to all companies which process personal data from EU citizens. This includes, for example, customers or employees who are based in the European Union.
- Companies may not use any technology to comply with the regulations. This must be at the current state of the art, whereby the level here is generally high. This applies, among other things, to the areas of encryption, data leakage prevention, anonymization of data and the establishment of access rights.
- The GDPR applies not only to corporations but also to organizations of different sizes and branches of industry. They must report violations within a period of 72 hours, so that compliance with the rules will not only result in financial penalties, but also, if necessary, massive image damage.
- Compliance in the area of the GDPR cannot be exclusively the subject of IT managers – it is a management task. Rather, it is a matter of adapting the corporate culture with regard to the handling of data, rather than bits and bytes.
According to the study, companies have the greatest challenges to keep track of data loss and almost half have no access to all incidents where personal data is lost. In addition, no less than 60 percent of respondents believe that they can discover and report data leaks within 72 hours.
Forget me not
A new element that the GDPR brings with it, is the “right to forget”. This is about the right of EU citizens to be deleted from the databases of organizations. With regard to this question, almost every fifth company expects to not be able to search, find and delete this data in a timely manner. In addition, 13 percent will not be able to examine data on references to individuals and determine where these data are stored. At a further 13 percent, this also applies to the sources from which the data are derived and to the intended use. All of this is not permissible from the point of view of the GDPR.
As a full IT service provider, DARZ is certified according to ISO 27001 as well as since March 2017 according to GDPR. For more information about our offer please click here.