The new EU General Data Protection Regulation (GDPR) comes into force in May 2018.
A questionnaire from the Bavarian State Office for Data Protection Supervision (BayLDA) is now intended to help companies, clubs and associations implement the new guidelines.
It also shows companies how far they have come with implementation so far.
Above all, however, the questionnaire also shows which points they need to rework.
Questionnaire deals with all central topics of the GDPR
The BayLDA questionnaire deals in detail with questions on the implementation status of the central topics of the GDPR.
To this end, the questionnaire draws companies’ attention to the structure and responsibilities within the company.
The BayLDA is particularly concerned about the existence of a data protection officer.
This does not necessarily have to come from within the company, but can also be engaged as an external data protection officer.
Helpful: expertise from an external data protection officer
Thanks to increasing experience in data protection law, the external data protection officer has built up the necessary cross-industry expertise.
This enables them to draw attention to necessary changes and adjustments within the company efficiently and, above all, quickly.
In addition, experience shows that an external data protection officer meets with greater acceptance among employees and the works council.
This is often due to the increased motivation compared to the internal data protection officer.
This is because they often distance themselves from the company through long and regular training courses.
Questionnaire for more transparency in the GDPR
Another concise point in the BayLDA’s questionnaire deals with the topics of transparency, information obligations and safeguarding the rights of data subjects.
In particular, this concerns the adaptation of all texts on data protection information for data subjects during data collection.
Another important point is the establishment of a procedure to quickly and fully comply with requests from data subjects for information about their own data.
This point in particular should be addressed at an early stage in the company, as experience has shown that implementation takes some time.
Helping companies with implementation
The questionnaire also focuses on dealing with risks and responsibility in difficult cases.
According to the BayLDA, the questions are intended to give companies a feel for how the new GDPR is to be implemented and how it intends to organize its auditing activities from May 2018.
With the questionnaire, the BayLDA wants to create transparency at an early stage and help to ensure that all companies already comply with the legal requirements.
Thomas Kranig, President of the BayLDA, commented on this as follows:
We live in an increasingly digitalized world in which an unimaginable amount of personal data is collected from citizens and networked and used in a way that is no longer transparent to the individual.
It is also our task as a data protection supervisory authority to ensure as much transparency as possible in this situation and also to ensure that the statutory provisions are complied with.
We are taking on this challenge of the GDPR with all the means at our disposal and will provide advice to the extent that we can so that breaches do not happen in the first place, but will also not shy away from imposing effective, proportionate and dissuasive sanctions if breaches are identified, as the General Data Protection Regulation requires us to do.