10 important GDPR Facts

  1. The processing of personal data is strictly PROHIBITED. For the treatment it needs comprehensible legal bases (contract, law, agreement, justified interest etc.).
  2. The GDPR basically adopts all previously known principles of data protection (thus little new).
  3. The additional requirements are manageable, but not surprising.
  4. The GDPR is a first-class civil servant’s product. Simple and understandable is different. Nevertheless, it should not be underestimated. Unfortunately, however, the drafted Swiss law also goes exactly in this direction (practitioners were apparently not considered in the preparation).
  5. The fact that EU countries have committed themselves to a common data protection strategy is remarkable.
  6. Data protection authorities are always also party and not all-powerful regulators. Any decision can be challenged in court. Many provisions can be interpreted. Just the question of when something is considered as “processing” (treatment) is highly contentious in some cases.
  7. The American providers are much more advanced than the Europeans, at least when it comes to legal (contractual) implementation. Nevertheless, they cannot solve the problem of state access (Patriot Act). This also applies to data held in the EU.
  8. Contracts cover only about 25% of the necessary activities, just as important are the creation of transparency (documentation) as a basis for risk management.
  9. Risk Management: Key discipline for successful implementation. Important: This is about the risks for the person concerned, not (only) the risks of the person responsible. Nevertheless, an ISMS (Information Security Management System) is indispensable.
  10. However, the greatest challenge is certainly the consistent and comprehensive control of personal data: From origin to destruction = information governance).


Our implementation model for GDPR and further Information


Submit a Comment

Your email address will not be published. Required fields are marked *

Related articles

On 16.3. is Digital Cleanup Day

On 16.3. is Digital Cleanup Day

Tidying up is clearly not everyone's cup of tea, but we all know the good feeling that a tidy room, a tidy desk or ... a tidy drive! You can feel proud with a clear conscience, because deleting data also has an important effect on energy consumption. I have calculated...

read more
Dealing with data risks: Data breach notification

Dealing with data risks: Data breach notification

A data breach notification or "data breach notification" refers to the process by which an organization or company is required to notify the relevant data protection authorities and, if applicable, data subjects of a data breach that is likely to result in a high risk...

read more