We take stock – last year the General Data Protection Regulation came into force. Both companies, government agencies and organizations were required to make some internal changes regarding their privacy policies. Personal data collected by companies must since be made transparent. This ensures the individual insight and control over their personal data. Companies that do not act in a GDPR-compliant manner will face horrendous penalties. Violation of the requirements could result in fines in the millions.
The uncertainty was great – many SMEs as well as large companies did not know how to approach the supposedly large and complex restructuring in order to comply with the GDPR guidelines. After all, all companies that sell goods and services to people in the EU or collect data from EU citizens were affected. So almost every company had to deal with GDPR – after all, data is generated, for example, by sending newsletters, downloading documents or even registering for events.
Depending on the industry, some service providers have found it difficult to create appropriate measures and concepts to secure personal data. There was also a lack of expertise – as a result, some companies took steps even though there was uncertainty whether this was the appropriate course of action. Out of uncertainty, others even took no steps at all, which had serious consequences. No one knew the regulations, and most could not independently assess the risk and prioritize or even manage measures accordingly. What was initially perceived as extremely extensive requirements eventually turned out to be three key GDPR areas that had to be addressed in detail in the respective company and optimized accordingly.
In our discussions with customers, we also found that many responsible parties as well as the management level were not sufficiently informed about the process, resulting in significant delays in the GDPR process.
GDPR CATCH UP
A quick catch up on the GDPR: The regulation was launched last spring as a protection of personal data to ensure consistent data protection across the EU. It is mainly used by the individual to view and manage individual data entered online on any occasion. Above all, however, it must be transparent what happens to the data and to what extent companies are allowed to use it.
THE STATUS QUO – WHAT HAS HAPPENED
GDRP was definitely one of the most discussed topics in Europe in 2018 – today, almost 15 months later, data protection experts are taking stock. One thing in advance: There is still a lot of room for improvement. Even a year later, many companies have not yet met the GDPR requirements. Violations of the GDPR guidelines are still part of the daily routine today, which brought higher and stricter penalties. However, experts still criticize the consequences as being too low. Several tens of thousands of data breach notifications have reached data protection authorities across Europe since the GDPR regulation was launched. The reason for this may sometimes be ignorance or lack of expertise.
Quelle: https://de.statista.com/infografik/18136/daten-zu-bekanntheit-und-anwendung-der-dsgvo/
A study now shows, 15 months after the General Data Protection Regulation came into force, that just under 60,000 GDPR breaches have been reported across Europe – some of them have been heavily fined, and the trend is upwards.
GDPR IN SWITZERLAND
Since Switzerland is not an EU or European Economic Area member state, the GDPR is only semi-relevant – but beware: Swiss companies that conduct business activities in the EU and thus collect personal data from the EU must comply with the GDPR guidelines. In order not to fall too far behind in terms of the GDPR data protection level, Switzerland sees itself forced to adapt the data protection law as well. According to Data Protection Law for Swiss Companies (Benjamin Domenig, Christian Mitscherlich, Stämpfli Publisher), this should come into force in mid-2020 at the earliest. So far, the legislator has a preliminary draft of the Swiss Data Protection Act, which will, however, be subject to amendments in the coming period. The fact is that the preliminary draft is strongly oriented towards the GDPR guidelines of the EU. Swiss companies are therefore already advised to comply with the provisions of the General Data Protection Regulation.
And yet: The danger for Swiss companies is that Switzerland will be confronted with stricter rules than necessary. Both the Swiss Bankers Association (SBA) and Économiesuisse are campaigning against this in order to avoid a so-called “Swiss Finish”. It remains to be seen whether they will be successful with their approach. In any case, the revision of the data protection law will take place in two steps: the “Schengen part” and the “GDPR part”.
WHAT WE WANTED TO SAY…
There is still a great deal of uncertainty in companies, and the level of knowledge among some is low. Our tip: Get advice and check whether your company is affected by GDPR at all before making any other efforts. If this is the case, locate the personal data and check how it will be utilized. To protect sensitive data, security gaps must be closed so that data breaches can be prevented. Dinotronic is happy to support you in this process. From a site assessment to an organizational as well as technical action plan to comply with the GDPR guidelines, we are at your side. Make your personal consultation appointment with Dinotronic.
