The latest Data Protection Regulation requires effective data protection management

As from 25/05/2018, the EU General Data Protection Regulation (EU-GDPR) and the new German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) must be applied by all data-processing bodies. The GDPR pursues a risk and process-oriented approach to ensure the confidentiality, integrity and availability of data and the resilience of systems, and demands a process to periodically review the effectiveness of the security measures and their continuous improvement.

What does it mean for you?

Put your data protection management to the test with secunet to identify any need for action, jointly plan the necessary steps in a meaningful and resource-efficient way, implement an integrated management system with feasible processes, create a solution concept for the implementation of the measures and meet the obligations to provide documentation and evidence in the best possible manner.

  • Stricter requirements regarding the organisation and process of your data protection must be met, and
  • measures for data security must be implemented to ensure legal conformity over the entire life cycle of personal data.
  • The increased accountability requires very extensive documentation.
  • Even contract (data) processors are subject to stricter obligations.
  • Besides legal requirements, even the public is nowadays more aware of data protection and the risks associated with data processing.

You can only consider yourself prepared for this if you have implemented an effective data protection management system (DPMS), and preferably integrated with an information security management system (ISMS) to avoid duplication, unneeded work and conflicts of information while exploiting synergies, for instance in risk management, audits, awareness-raising activities and documentation.

Data protection is a key requirement for the legally permissible and successful use of existing and new information technologies. As digitalisation, cloud computing, big data, etc. become increasingly complex, expert support becomes ever so important.