Last Friday, 25 May 2018, the General Data Protection Regulation (GDPR) entered into force. The new regulation complements and replaces national data laws in the countries of the European Union. Inspired by the principles of data minimisation, transparency, IT security and accountability, the new rules introduce stricter requirements on documentation and more rights for natural persons to demand information about their stored personal data.
The implementation of the GDPR entails a great deal of effort and costs for companies, especially for small and medium-sized enterprises (SMEs). This entails the review of all operational data processes, which is very time-consuming and also requires extensive expert knowledge. Many questions about the adaptation of procedures and systems need to be clarified: for example, the person who is responsible for the implementation of the new requirements, which technical and organisational measures have to be implemented as well as the requirements for email advertising.
What about our customers?
Besides corporations also our customers, restaurateurs and startups are obliged to examine their data protection processes and if necessary, adapt them to the new GDPR. According to DEHOGA Bundesverband, mainly small and medium-sized enterprises (SMEs) are struggling with this challenge. In the meantime SMEs are digitalising their business models, in order to offer better services to their customers and keep up with their global competitors. The myriad of access rights, agreements and data deletion concepts which they have to set now are a paramount challenge, while budgets and personal fall short. Further information and useful links to cope successfully with GDPR can be found at: https://politics.metroag.eu/
In order to offer further support to our customers, we have listed below some links that can be useful in the implementation of the GDPR, especially when lacking internal resources. Please note that some of these links are only available in German:
- The dedicated website of the European Commission with factsheets on GDPR and accompanying documents can help when solving specific questions on the regulation
- The short papers of the Data Protection Conference serve as a first orientation on how the DSGVO should be applied in practice.
- The information brochure of the German Federal Data Protection Commissioner, which includes not only the text of the regulation, but also the final version of the new Federal Data Protection Act as well as introductory explanations on the content of the GDPR.
- The German Chamber of Commerce and Industry (DIHK) offers an overview of the most important questions regarding the GDPR and provides further links to topics such as data protection management.
- The digital association Bitkom has also updated its recommendations for terms and conditions in the digital industry. These are pre-formulated parts that regulate standard questions in IT contracts between companies.