For many companies, the practice-oriented implementation of the GDPR is a big challenge. With its long-standing experience in handling related subject-matters, DPA Drewes Privacy Advice GmbH is your perfect partner for this task. The GDPR will bring about numerous changes in data protection. As a result, companies need to change the organisation of their data protection practices and adapt existing data processings.
IMPLEMENTATION OF THE GDPR – PLANNING AHEAD
If you want to be able to manage the great number of adjustments required under the GDPR, you need to start planning the implementation right away. DPA Drewes Privacy Advice GmbH will support you with its long-standing experience in data protection advice. Since 2009, we have been closely involved in the development of the GDPR and are therefore very familiar with the requirements of the new data protection regulations.
ADJUSTMENT REQUIREMENTS IN CONNECTION WITH THE CORPORATE IMPLEMENTATION OF THE GDPR
Among others, the following corporate adjustments will be required under the GDPR:
- Completely new obligations regarding transparency and information obligations require a comprehensive revision of data protection statements
- Due to a great number of new compliance regulations, in particular regarding documentation, enterprises are obliged to adjust their data protection management (e.g. accountability principle pursuant to Art. 5 GDPR)
- The further use of data for marketing purposes needs to be reviewed in detail
- New rights of data subjects: the right to data portability, the “right to be forgotten” and other new rights require new internal processes
- The notification obligations for data breaches are considerably extended
- Employee data protection: amendments need to be reviewed in detail
- Data protection impact assessments – the former data protection impact assessment will take on greater importance and respective processes will have to be redesigned.
HIGH PENALTIES POSSIBLE UNDER GDPR
The GDPR provides for draconian penalties in case of infringements. Not only penalties of up to 20 million Euros but even 4% of the worldwide annual turnover of a corporate group are possible. Moreover, data protection authorities are to be significantly better equipped. Under the GDPR, companies face a considerably higher risk of penalties. Adequate implementation of GDPR provisions is therefore of utmost importance.