FREQUENTLY ASKED QUESTION (FAQ)
The General Data Protection Directive
(GDPR) of the European Union will come into effect in May 2018, thereby replacing the Data Protection Directive 95/46/EC from 1995.
Its prime goal is to strengthen the rights and security of EU residents whose data is saved and processed.
Important facts about the EU GRPR:
- Burden of proof for the individual responsible for data processing,
- Higher penalties (2 – 4% of gross annual revenues),
- Right to data erasure,
- Obligation to provide information,
- Obligation to report breaches with personal data,
- Mandatory registry of data usage.
Data protection officer (DPO) in Austria: Companies with less than 250 employees are not required to designate a DPO unless data processing is their core business.
Data protection officer in Germany: Companies with more than 10 employees are mandated to designate a DPO.
Impact assessment: Companies with less than 250 employees are only required to conduct an impact assessment if data processing poses a high risk for the affected individuals.
The new EU directive brings along a whole new set of challenges – especially in the insurance industry and others. This also includes accounting and law firms as well as medical institutions, physicians.
Organizations that collect and store PII – Personally Identifiable Information, have a higher responsibility under the new GDPR.
Therefore, implementing the appropriate actions in a timely manner is extremely important.