EU GDPR Check-Up

Already legally valid, the General Data Protection Regulation (GDPR) will take effect on May 25, 2018. The GDPR will affect all companies that process personal data, regardless of their sector or size. Severe penalties may be issued if the requisite measures are not implemented on time.

To help you avoid any potential penalties, we support you in initiating and implementing all necessary steps regarding the EU GDPR.

EU GDPR check-up procedure

• Analysis of your company’s current status and readiness
• Identification of potentially necessary measures
• Risk assessment
• Preparation of a priority catalog
• Creation of a schedule for implementing the corresponding measures (if required)
• Consultation during implementation

How a data protection check-up from TÜV Hessen benefits you:

• Overview of the current status of your data protection in comparison to the requirements of the EU GDPR
• On-site implementation
• Tailored to the individual requirements of your company
• Realistic cost assessment for the implementation of the suggested measures
• Reduction of the risk of sanctions

Furthermore, we will gladly answer any questions on technical and organizational measures, including questions on order management in connection with your customers, clients and suppliers

Uniform EU data protection law

The two-year transition period for implementing the new requirements of the European General Data Protection Regulation ends on May 25. The new data protection law will then apply in all EU member states and will have a global impact on companies that process, use and store the data of EU citizens.

An overview of the most important points of the EU General Data Protection Regulation

• Expanded accountability
  A data protection management system must be created to ensure compliance with the data protection requirements.
• More extensive information obligation thanks to expanded transparency regulations
  In the future, companies must provide the people affected with more detailed information on how their data is processed.
• Designation of a data protection officer
  Companies and institutions, including those in other EU member states, are obliged to provide a data protection officer from May 2018. The data protection officer is tasked with consulting the controller and monitoring the company’s data protection management system. In addition, the data protection officer works together with the supervisory body and takes on the role of contact person for affected persons.
• Reporting and notification obligation in cases of data protection violations
  The supervisory bodies must be informed of data protection violations within 72 hours.
• Precedence of EU GDRP over other legal regulations in the member states
  The EU General Data Protection Regulation replaces all previous national data protection laws of the member states and is viewed as the primary regulation above all subordinate European laws and those of the member states.
• Data protection through technical measures and data protection-friendly default settings in accordance with the principles of “privacy by design” and “privacy by default”
  When new methods for processing personal data are developed and introduced in future, the systems must be developed to comply with the data protection regulations and only commissioned with default settings for minimal use of data.
• Right to be forgotten and to deletion of personal data
  Personal data must be deleted within an appropriate time frame if one of the reasons listed in the GDPR applies.
• Increased fines
  Compared to the previous national laws, the scope of monetary penalties has drastically increased. Fines can amount to up to 4 percent of the global group turnover in cases of intent.