15. December 2017

(Deutsch) DS-GVO in Unternehmen zur Chefsache machen

BvD [Association of Data Protection Officers of Germany] supports industry in the home straight towards implementation of EU data protection regulations

Although the pan-European General Data Protection Regulation (GDPR) will enter into force on 25 May, 2018, many companies are still in the preparation stage, whilst others have not started. The BvD [German Association of Data Protection Officers] advises that companies who have given little attention to the new requirements to date should set up a project team of IT security and data protection staff to deal with the implementation. “Pressure of time and the urgent need to make decisions means that the project should become a direct management concern”, urges BvD Board Chairman Thomas Spaeing in a guest article for the “Data protection” supplement, distributed by the “Frankfurter Allgemeine Zeitung” (FAZ) on Friday.

The project team should use a GAP analysis to first obtain a general overview of the most pressing GDPR issues and to then establish the commensurate processes. “What is important here is for existing documentation to be examined and adapted to the new requirement of a directory of processing tasks with a risk analysis per group of persons concerned. A data protection impact assessment must be carried out if the risk is high”, writes Spaeing.

Other key aspects: “Contracts with service providers should be examined and adapted” and processes securing the rights of affected parties should be implemented. Spaeing also advises that companies should develop a procedure to address mandatory on-schedule reporting to state authorities.

“Many companies will not have completed the process by 25 May, 2018”, stated Spaeing. Companies should by then, however, have “a good idea of what needs to be done” and should have initiated the most important measures.

The Association offers comments, interpretations and checklists for preparation for 5 May, 2018, on www.bvdnet.de. Interested parties may contact the office for a list of BvD data protection experts in the regions.