As of 25 May 2018, the EU General Data Protection Regulation (EU GDPR) applied. It is a hybrid between a directive and a regulation; the individual states of the EU can also regulate certain aspects of data protection themselves. In Germany, the „New Federal Data Protection Act“ (BDSG-neu) came into force on the same day, with which the legislator has transposed the EU GDPR into national law. The GDPR replaced the Privacy Directive 95/46/EC with the aim of harmonizing European data protection law.
Who is affected?
The regulations affect all European companies and authorities, even micro-entrepreneurs, even the hairdresser around the corner, when personal data of any kind are processed. A customer list or an appointment book with names of customers is enough to be affected. But also organizations without a branch office in Europe have to adhere to the guidelines if they do business in the EU. The rules are very complex and non-compliance can lead to severe penalties.
What is it all about?
It involves the collection, processing and use of personal data of natural persons (outside family, governmental preventive and repressive purposes) residing in the EU or „staying“ in the EU (e. g. holidays). This basically applies to all companies/authorities with a seat, branch or a processor in the EU. But also in all cases where data of EU citizens are processed by non-European processors (companies) in connection with the sale of goods and services.
The most important
Experts believe that the new regulations even hit every micro enterprise. It is enough that you save customer appointments or customer data electronically or accept payments by bank card. The following features could be important to you.
- The former BDSG will be replaced by the new regulation (BDSG-Neu)
- There are no further transitional periods
- The industry, company size, official classification does not matter
- Deterrent fines for breaches: up to € 20 million or 4% of annual turnover
- Fines remain with the issuing supervisory authority
- As a company you are „accountable“
- You have extensive information and reporting obligations
- Factual reversal of evidence in case of incidents/requests
- The public interest in data protection is increasing
How well are you and your company prepared for the EU-GDPR?
Do not worry, I’ll make you fit for the DSGVO. I’ll provide you with the right tools and helpful tips and tricks on how to approach the new challenges and challenges safely. To prepare for a consultation, it would be helpful to answer a few questions that I have put together in a questionnaire.