- The new General Data Protection Regulation (GDPR) goes into effect on May 25, 2018.
- It affects just about any economic entity, that request personal data from customers, employees, suppliers or clients. Regardless of its scale and location, respectively.
- Violations of the GDRP framework may result in severe penalties. Time is of the essence.
High penalties threaten
Violations of the GDRP framework may result in severe penalties; non-compliant companies may face steep fines up to € 20 million or 4% of aggregate global group sales!
It stands to reason that you had better familiarize yourself with this EU regulation, and rather fast, that is; as well, make sure, as soon as possible; that data of customers and employees are processed in conformity with the new and stringent rules of the game.
CONSULTATIO and its affiliated IT-companies would be happy to support you to this effect; we ensure the compliant implementation of the new applicable regulations; in so doing, you prevent potential data glitches and avoid liability risks as well as economic harm.
Contact the specialist
Christoph Schillinger, B.A. makes your company data protection:
Tel: +43 1 27775-0
The Countdown is running.
QUICK-CHECK: Fit or not? Invest three minutes and answer the questions below. Already one "No" is enough and you have urgent need for action!
- Does your company have a responsible person for date protection?
- Have you already collected in detail, which personal data is processed in your company?
- Has the company implemented a formal process ensuring that persons affected can exercise their right of access?
- Is there a special protection provided for "sensitive" personal data?
- Is there a procedure / process in place, to ensure that the different retention periods for certain documents and data are met?
- Is it ensured that the collection and processing of data takes place only after consent of the the data subject's or a legal requirement?
- Is it ensured that all processes / procedures, processing personal data, have been included in a list of processing activities?
- Is the company implementing a formal process that ensures that personal data (including individual records) can be deleted (eg after elimination of earmarking or after withdrawal of consent)?
- Does the company have a process that defines how to handle, review and respond to potential privacy complaints?
When is a Data Protection Officer required?
Companies large and small with their core activities in processing personal data even have to install and appoint a so-called "Data Protection Officer" in the future; he/she is expected to be independent and have reasonable wherewithal at his/her disposal. In addition, the regulation requires that the Data Protection Officers have expert knowledge and related experience. These officers are to report directly to the Management Board.
The individuals in charge of processing data and also their service providers are obliged to maintain records relating to their processing activities – broken down by principal, called “procedure registry”.