The General Data Protection Regulation is at Companys highly controversial, but ultimately serves to build customer trust and consumer safety. An overview.

General Data Protection Regulation - GDPR: 5 tips for regulations & bureaucracy [+ checklist]
Contents Hide

General Data Protection Regulation – an overview

The General Data Protection Regulation, or GDPR, is a comprehensive data protection law introduced by the European Union in 2018. The GDPR is intended to provide a high level of protection for the personal data of EU citizens and applies to all companies that process or store the personal data of EU citizens, regardless of their location. The GDPR requires companies to obtain explicit consent from individuals before collecting their personal data and also imposes specific requirements on data processing, storage and security.

In this article we give you an overview of the GDPR and its most important provisions. We will examine the scope of the GDPR, including the types of data covered and the companies subject to the regulation. We will also provide an overview of the key principles of the GDPR, including the rights of individuals, the obligations of data controllers and processors, as well as data security and data breach notification requirements.

GDPR – introduction as a doomsday scenario

To get started, let's take a look back: A lot was written and discussed about the GDPR when it was introduced. Lots of information, but also contradictions. Some calming voices like this video I made from the Facebook-Stream from Anni Roolf, but also a lot of scaremongering - for example statements like "Even accepting a business card could become a problem", which in this form are of course exaggeratedly subtle.

And quite a few consulting services and GDPR last-minute, all-round, worry-free anti-panic packages were created around the GDPR - everyone can judge for themselves how serious such short-term business ideas actually were in reality. I found this one particularly beautiful and apt, for example Contributed by Dominik Ley to Gruenderwelt, who aptly wrote in 2018:

“You might think the Welt goes under on May 25.05.2018th, XNUMX, if you look at all the reports on the subject of GDPR... Also in connection with the GDPR, everything is not eaten as hot as it is cooked. This is particularly evident from the discussions I had with the state data protection officer for Rhineland-Palatinate, Prof. Dr. Dieter Kugelmann as well as with numerous lawyers. ”

Use cloud software in compliance with data protection regulations

An important topic here are apps and software products. The GDPR is intended to provide a high level of protection for the personal data of EU citizens and applies to all companies that process or store the personal data of EU citizens, regardless of their location. The GDPR requires companies to obtain explicit consent from individuals before collecting their personal data and also imposes specific requirements on data processing, storage and security.

Cloud services have become an integral part of modern business processes worldwide. Companies must ensure that their cloud-based operations comply with strict regulations for handling personal data. The GDPR requires that companies keep their personal data customers, employees and all other persons whose information they collect or process, must protect and secure. Failure to comply can result in large fines and serious reputational damage. Therefore, companies must prioritize GDPR compliance in their cloud-based operations to avoid possible legal challenges Problems to avoid.

However, since the concern about the Privacy and security continues to increase, many companies are reconsidering it Trust in American cloud providers. The US government's access to the data stored by these providers under the Patriot Act and the CLOUD Act, as well as the invalidation of the EU-US Privacy Shield, have led to European companies seeking more secure Alternatives search.

Data protection and productivity – a contradiction?

It is important for businesses to remain productive and efficient while remaining compliant with GDPR regulations. Many companies have struggled with this balance, which has resulted in decreased productivity, negative customer experiences, and even financial penalties for non-compliance. Many productivity apps that have become an integral part of our daily mobile workflow are based in non-EU countries. At the forefront in this context are cloud applications, which are unfortunately all too often brought onto the market by American providers and also hosted there. It's hard to do without them because they make our daily work so much easier.

But even if many US providers are now data protection compliant under European law - why choose a US one?Solution fall back if there are also good German providers? They're just often not that well known. For example, they offer numerous virus programs, some of which are free, that provide comprehensive protection against data thieves. In addition to the integrated antivirus program, some of them also offer security packages for Internet access as well as packages for encryption and integrated password manager, backup and parental controls.

Is the fear of the data protection authorities justified?

The question also arises as to how the authorities deal with the law in practice. One of the biggest concerns of many entrepreneurs is the question of Control. In particular, many business owners are concerned about the growing power of government agencies and regulators and the impact this may have on their ability to run their businesses as they see fit. This particularly applies to the GDPR, which is a thorn in the side of many companies and lobby associations Eye is. This concern is not specific Industry or limited to a specific sector: Entrepreneurs from all walks of life are concerned with the question of how to act sensibly in the face of this.

Especially with regard to data protection, the concerns are of a more practical nature: Quite a few companies fear that government regulations and controls will inhibit their ability to innovate and make it more difficult for them to assert themselves, especially on the international market. It is therefore pleasing that Dominik Ley in his already quoted Article then thoroughly researched could give the all-clear what the risks of examinations and warnings. Because the authorities are nowhere near as sharp dogs as many still believe today, which is also shown by the overall relatively low number of data protection violations punished so far: Probably the most interesting sentence from the conversations that Ley had with data protection officers is the following:

“Anyone who does not take action in matters of GDPR has to dress very warmly in the event of an inspection by the authority, then it will be very expensive, but whoever does what is in their power and makes an effort does not need it Anxiety to have."

5 tips: How do the authorities actually proceed?

The authorities' approach to data protection violations varies from country to country, as data protection laws are regulated nationally. However, in general there are some common ones stepsthat authorities follow when investigating and prosecuting data breaches.

  1. First of all, it is important to note that data protection authorities are usually independent institutions responsible for enforcing data protection laws. When a data breach is reported or otherwise becomes known, the authority begins an investigation.
  2. The first step is usually to assess the incident and determine whether a data breach actually occurred. The relevant laws and regulations are used to determine the scope of the violation.
  3. Once a violation has been identified, the authority can take various measures. This typically involves requesting the affected company or organization to correct the breach and take appropriate action to prevent future breaches. This can include, for example, implementing security measures or training employees.
  4. In addition, data protection authorities may also impose fines, particularly if the breach is serious or recurring. The amount of fines varies by country and can be significant to ensure that companies and organizations take data protection laws seriously.
  5. In some cases, the agency may also conduct an investigation to gather more information and better understand the scope of the violation. This may include reviewing documents, interviewing people involved, and collaborating with other agencies.

It is important to note that the exact steps and procedures may vary depending on the country and specific case. However, data protection authorities have this in common Objective, to ensure privacy and protection of personal data and to punish violations appropriately.

DSGVO checklist: tips for implementation

The result: Companies should take time for data protection. But what can a sensible approach to data protection look like for companies? Essentially, they should pay attention to the following points:

Conclusion: This is what the correct handling of the GDPR looks like for companies

Entrepreneurs today undoubtedly have more options than ever before, successfully to be and make a difference in the world. However, with new opportunities also come new challenges. In summary, compliance with the GDPR is not only mandatory, but also beneficial for companies. The correct way to deal with the GDPR is to understand the regulation, appoint a data protection officer and the necessary technical and organizational measures Measures to protect personal data.

Companies also have to klare and provide precise data protection policies, obtain explicit consent for data processing and respond promptly to requests from data subjects. In this way, companies can build trust and credibility with their customers and avoid hefty fines and reputational damage. GDPR is essential for better data protection and companies should use it as an opportunity to strengthen their data protection practices.