On 25th of May 2018, the basic EU data protection regulation came into force and has since then imposed stricter requirements on the processing of personal data within the company. Failure to comply may result in high fines, which may be based on the company’s turnover.
Data protection impact assessment and other duties requiring action:
Against the background of the requirements of the EU Data Protection Ordinance (DSGVO), the revised Federal Data Protection Act (BDSG) and the effects of the so-called “safe harbor ruling” of the European Court of Justice (ECJ) from October 2015, the pressure on companies to tackle the area of data protection within the framework of compliance management is growing. This results in higher requirements for setting up a documented and effective data protection organisation, especially with regard to accountability and liability/sanction risks. Companies are therefore obliged to introduce a data protection management system that ensures the protection of personal data.
The basic EU data protection regulation also obliges organisations and companies to assess the consequences of “critical” data processing.
CertLex – Your advantage: