At the end of May 2018, the transitional periods granted by the legislator to companies for converting their processes to the new EU General Data Protection Regulation (GDPR) expired.
From this point onwards, companies will face fines of up to 4% of their global turnover if they violate the new regulations.
Many companies not yet ready for the GDPR
However, the problem does not yet seem to have reached all companies.
A survey by the industry association Bitkom revealed that so far only one in four companies has hired additional staff to implement the GDPR requirements.
Only 5% of the companies surveyed have hired new staff.
20% of companies prefer to use their own staff to implement the requirements.
Another study by IDC shows that by mid-2017, 44% of German companies had not yet made any concrete preparations for the period after May 25, 2018.
Companies – such as educational institutions – are often unaware that they may be affected by the GDPR.
As a result, the systems in these cases have not yet been converted.
State offices for data protection help
The question “Is your company fit for the GDPR?” has already been addressed by many state data protection supervisory authorities.
These often offer a questionnaire that deals with the implementation status of companies.
At the same time, this is intended to show companies where there are still weaknesses in implementation.
Helpful: expertise from an external consultant
The state offices also point out that hiring an external data protection officer or at least a qualified, external consultant can quickly help companies that are overwhelmed.
Thanks to his increasing experience in data protection law, he has regularly built up the necessary cross-industry expertise.
This enables him to draw attention to necessary changes and adjustments within the company efficiently and, above all, quickly.
Data protection violations: Loss of trust and fines!
In many cases, data protection breaches have to be made public.
The resulting loss of image and trust often outweighs the potential fine.
The GDPR now goes “one better” in terms of fines and imposes an obligation on the supervisory authorities to impose “deterrent” fines in future.
This means that the days when fines can be priced in or ignored may be over for good.
Depending on the severity of the infringement, the range of fines under the GDPR is up to EUR 20,000,000 or up to 4% of the total global annual turnover generated in the previous financial year.