The new EU Data Protection Principles (DSGVO) are applied in almost one year. Anyone who has thought so far has still time and is not eaten as hot as it is cooked, was surprised by the announcement by the Bavarian State Office for Data Protection Supervision: Bavaria is already announcing first inspection visits. “Waiting and doing nothing is more than risky”.
Over the past few months, I’ve talked with partners and clients from different industries and business sizes about how their companies are preparing for the EU’s Basic Data Protection Principles. It has shown how different the organizations deal with the challenges of the DSGVO – but also how different the information level and the planning level are.
In order to better understand progress, challenges and opportunities on the road to compliance, we conduct a survey. The results will be provided to you as a participant. Certainly, the study provides important insights for your project planning and can serve as a benchmark for your DSVGO implementation.
Challenges and opportunities
I am very impressed by the fact that some companies – especially the DAX corporations – are preparing for the DSGVO deadline in May 2018. At the same time, I still see a considerable need for clarification in many companies and an astounding time lag in terms of implementation planning. In discussions with the supervisory bodies, I am confirmed: the challenges that the DSGVO brings with it are underestimated.
I do not want to be on the side of the Panikverbreiter, but rather emphasize that there are pragmatic possibilities for the preparation and these are easier than some organizations fear. You simply have to choose the right path and, above all, start pragmatically.
Start from both sides
Complex building projects – and basically the implementation of the DSGVO – are a complex, company-wide initiative – are now being approached from two ends. Just think of a bridge construction or the Gotthard Basistunnel. Exactly this strategy is useful here: in many companies, the EU-DSGVO is discussed at the top level of management, with legal departments and sometimes external consultations being made to define the strategy – especially in the first phases up to the gap analysis. Obviously this is a very important step. In addition to the top-down approach, a simultaneous bottom-up approach is also recommended in order to be able to comply with the timeframe for complying with the DSGVO guidelines: It is imperative that IT project managers start planning, How the IT should prepare itself for requests for up-to-date documentation or the deletion of personal data, two cornerstones of the regulation. Start from both sides: from the Compliance and IT side.
Less effort – more effect
Accelerate your gap analysis and planning phase. Most of the companies I’ve talked to in recent months do not have a real estimate of the effort. I strongly urge you to have a limited segment of the data stored by the project leaders analyzed – almost a partial inventory of personal data – and to use the results to make an estimate of the total expenses. From this partial inventory you can very well derive the structure of the project and will see that the overall task is no longer so demanding. We recently carried out a stock control for a customer in the B2C area. After the procedure was defined and a representative data area had been defined,
Where are they standing? – Take part in our survey
We would like to create clarity and share best practices with you. That is why I invite you to participate in our survey. Find out where you may be ahead of your colleagues from other companies or where you can learn from others.
As a thank you for your participation, you will receive free and first hand:
- The study results and findings on how companies are preparing specifically for the DSGVO.
- A practical DSGVO guide to avoid the greatest risks .