The General Data Protection Directive

(GDPR) of the European Union will come into effect in May 2018, thereby replacing the Data Protection Directive 95/46/EC from 1995.

Its prime goal is to strengthen the rights and security of EU residents whose data is saved and processed.

Important facts about the EU GRPR:

  • Burden of proof for the individual responsible for data processing,
  • Higher penalties (2 – 4% of gross annual revenues),
  • Right to data erasure,
  • Obligation to provide information,
  • Obligation to report breaches with personal data,
  • Mandatory registry of data usage.

Data protection officer (DPO) in Austria: Companies with less than 250 employees are not required to designate a DPO unless data processing is their core business.

Data protection officer in Germany: Companies with more than 10 employees are mandated to designate a DPO.

Impact assessment: Companies with less than 250 employees are only required to conduct an impact assessment if data processing poses a high risk for the affected individuals.

The new EU directive brings along a whole new set of challenges – especially in the insurance industry and others. This also includes accounting and law firms as well as medical institutions, physicians.

Organizations that collect and store PII – Personally Identifiable Information, have a higher responsibility under the new GDPR.

Therefore, implementing the appropriate actions in a timely manner is extremely important.