What is the GDPR?
The new General Data Protection Regulation (GDPR) came into force on May 25, 2018. The GDPR is a regulation of the European Union that standardizes the rules for private and public processing of personal data throughout the EU. The transparency and documentation requirements are considerable.
What are the challenges of implementing the GDPR requirements?
The GDPR grants extensive rights to affected parties. An affected person can demand information on all data that is processed about him. The information must be provided within 30 days. Otherwise, he can submit a complaint to the competent supervisory authority. For the party processing the data, this involves a clearly defined structure and clearly defined processes.
In regard to supervisory authorities, there are extensive requirements to prove systematic organization and processing of personal data. The threatened fines for violations are substantial and could reach €20 million or 4% of total annual revenue.
Moreover, explicit concepts for deleting unneeded data must be drawn up and submitted to supervisory authorities, if requested.