Not only has the IT security law with its KRITIS components kept the digital and digitized guild with its deadlines holding their breath. The General Data Protection Regulation (GDPR) also does. Striking difference: the punishment. If KRITIS is concerned, KRITIS already has a fee of EUR 50,000.00 from a superficial point of view. If the appropriate technical and organizational measures are not taken, a fine of up to EUR 100,000.00 is foreseen. Up to this date, there has been a maximum liability limit of 300,000.00 euros according to the Federal Data Protection Act (BDSG). Article 83 (5) of the GDPR grants the supervisory authority the right to impose fines of up to EUR 20 million. In the case of corporations, this can also be up to four percent of global sales in the previous year as a guideline. Additional “motivating” elements are imprisonment. In the event of an infringement of the data protection regulations or their supervisory duties, clearly higher penalties apply to the responsible parties than before. In the case of misuse of personal data, criminal penalties with a deprivation of liberty of up to three years are punishable by financial penalties.
Businesses feel badly prepared
One more reason to ask the state about affairs and the sensibilities one year and 22 days before the end of the transposition period. Veritas has done this in its GDPR Report 2017. First realization: At the moment, companies are only moderately prepared for the GDPR and are expecting tantalizingly high spending in order to meet the requirements. According to the global study, companies in the US, the UK and France are fairly well prepared for compliance and GDPR. They claim that more than 60 percent of employees are able to meet all requirements in time. At the time of the survey, about one in three surveyed companies were globally seen. In Germany, this figure is 36 percent. Globally, the companies concerned would spend around 1.3 million euros by May 2018 in order to be legally constituted. In Germany, the budget is an average of EUR 820,000.00 less.
Every second company breaks the deadline
Looking at the implementation of the GDPR on the time axis, according to the study almost half of the companies have serious doubts about the deadline. Of the German respondents, 48 percent, according to their own assessment, are not well equipped to meet the deadline. The sanctions already mentioned are among the most serious concerns of respondents. In this context, the consequences of punitive payments are at the forefront. In addition, companies fear negative reports in the media or social networks that can harm the brand or cost customers. It should be noted that the companies are aware of the complexity and the effort to implement the requirements of the GDPR. They also know that the penalties are immensely high if the laws are not implemented. Nevertheless, the old students are currently still traded: “I have a motivation problem until I have a time problem.”
Certifications are the key
The integration of partners with the corresponding certifications, DARZ, for example, is fully certified according to ISO 27001 and already certified according to GDPR since May, can take some load off the shoulders of the organizations. With this issue too, corporations are once again ahead of small and medium-sized enterprises when it comes to helping themselves. However, this ability, which in the normal case is associated with some organizational effort, is no longer decisive for the war. Because it is much more likely to recognize in time, where support is necessary and then the right conclusions to draw.