New: Short video
My colleague from Mission 100, Michael Erner, and I* decided a while ago to declare war on the scaremongering surrounding the GDPR. What has been communicated and distributed by many consultants, lawyers and auditing firms for about a year and a half now knocks the bottom out of every barrel. The FUD (Fear, Uncertainty, Doubt) principle is used without restraint, without knowing the open questions surrounding the implementation of the GDPR, let alone addressing them.
What is written on paper does not necessarily have to be implemented that way! The very fact that we are dealing with a mesh of different legal systems that are neither coordinated nor free of contradictions should tell the practitioner that implementation will be quite hairy. It gets even more difficult when you look at implementation in terms of conformity assessments. While today each country, state, canton, … had its own supervisory authority and these also autonomously carry out audits at their own discretion, now from May 2018 EU far suddenly everything should be clear and uniform! Of course, this is not the case. The supervisory authorities are currently trying to coordinate with a view to harmonizing implementation, and this will be more or less successful. It will hardly lead to a uniform practical interpretation of the GDPR provisions.It is to be expected that, as with other regulations, there will be active “forum shopping” (forum shopping refers to the possibility of choosing from among several available jurisdictions.).
*Bruno Wildhaber and Michael Erner are accredited data protection experts at the Independent Centre for Data Protection, Schleswig-Holstein (ULD) and internationally active data protection experts (Europe, South Africa).
What does this mean for us users and providers of IT solutions? We have summarized this in the enclosed white paper (download).
More information on the GDPR:
GDPR Short Assessment
You can find comprehensive information about our data protection services here.
Action plan DSGVO according to DSK (Data Protection Conference, D)