The new EU law combines data privacy with data security - in future, companies need to prove organizational and technical protection measures for personal data.
Markus Robin, General Manager SEC Consult: "Data privacy needs data security. With the new EU regulation IT-security finally plays a big role in data protection. Due to Germany's IT security law it already has a quite high protection level in critical infrastructure companies - but now all of Europe’s economy is asked to follow. Other European countries like Austria whose starting point is from a lower cyber-security-/privacy-level will have to step up their game pretty fast. For affected companies this means: Start as soon as possible with your risk analysis and prepare an implementation plan - because the two year realization period is shorter than you expect.”
With yesterday the new EU general data protection regulation came into force. The objective is to set a high and unified data protection for the whole European Union. Affected are all companies, that process personal data from EU-citizens - therefore international data-giants as Google, Facebook & Co. are regulated by this law as well. Next to data protection issues like the "Right to be forgotten"-principle, the new regulation emphasizes the importance of data security. From May 25, 2018 all affected companies and their applications need to prove and document organizational and technical protection measures regarding personal data. In case of violation, the penalty will be measured by the preparations the respective company took, but can also lead up to 20 million Euro or four percent of the worldwide prior-year-sales.
Given the short realization period of just two years, SEC Consult recommends:
1. Start a Risk Analysis and Prepare an Implementation Plan – NOW!
2. Find an Implementation-Partner
Find out more about the EU general data protection regulation and contact us for an appointment: send an email to firstname.lastname@example.org or use our international contact details
Facts & Figures // EU General Data Protection Regulation
- Is part of the EU data privacy reform
- Came into force on May 24, 2016
- Validity with May 25, 2018 (two year realisation period)
- Objective: Standardization of a high data protection level for the whole European Union
- All companies are affected, that process personal data from EU-citizens - therefore international data-giants as Google, Facebook & Co. are also regulated by this law
- Companies must meet organizational and technical protection measures in the areas of privacy and data security - proven and documented
- Companies need to have a "risk-accurate protection level"
- Massive penalty-increase: depending on the violation up to 20 million Euro or four percent of the prior-year-sales; but penalty will be measured by the preparations the respective company took