It's actually good news: The new EU decree regulating data protection will standardize data protection laws throughout the EU. The DS-GVO will go into effect on May 25, 2018. But along with the new regulations come major challenges for businesses, executives, IT managers, and data protection agencies.
For example, in the future, companies need to inform individuals much earlier and more thoroughly that they are processing their personal data. Otherwise they will be subject to serious fines: An employee who has access to data, even though he does not need it for his or her job, can become an expensive liability under the DS-GVO. Fines can equal up to four percent of the global profits earned in a year. In addition, personal data must be sent to the affected party if they so desire. This can mean major expenses for the company. Furthermore, data protection agents, IT administrators, and managers are personally liable for following all regulations. Anyone who makes a mistake could lose his or her job.
Companies not only need to follow the new regulations, they also need to provide watertight proof that they do so. The effort needed to document this will be considerable. "An effective data protection management system including risk analyses, training, new structures, processes, and controls is needed," explains data protection expert and lawyer Dirk Refflinghaus.
Stephan Brack, CEO and Matthias Schulte-Huxel, CSO of Access Rights Management Software 8MAN recommend that the responsible parties in companies draw up a detailed roadmap. Three steps form the basis of a reasonable resource and budget plan: First an analysis of the risks threatening the company's own business model is needed. This is followed by a compliance review and a loophole analysis to determine which measures are needed to fulfill the new requirements. "Data protection costs money!" warns Schulte-Huxel. "In light of the high liability risks for decision-makers and the company itself, money needs to be spent."
The new EU data protection laws mean a great deal of work, especially for large companies and corporations, which calls for professional, flexible project planning according to Schulte-Huxel. Not only because a whole series of company positions are involved in the transformation effort. External aid would be helpful in many cases. Says Schulte-Huxel, "It's important to find good service providers who can help the company in restructuring business processes and IT systems."
At CeBIT 2017 Hall 6 will be the meeting point for data protection. Several certified data protection consultants, IT security advisors, and IT security system firms will be present. The corresponding software can also be found here. In Hall 6 the issue of data protection will especially be addressed by Datenschutz Schmidt (at the Bayern innovativ stand) and KSB INTAX Datenschutz (at the Lower Saxony stand). In addition, BWS IT-Security Consulting from Wolfsburg is showcasing its services. The software provider 8MAN is providing advice to businesses at its stand.