What has changed with the new GDPR?
The new EU General Data Protection Regulation (GDPR) replaces a 1995 directive on the protection of individuals with regard to the processing of personal data for the free movement of such data. In order to be effective, the old regulation first had to be transposed into national law by all member states, which in many cases did not happen satisfactorily. With the GDPR this is not necessary anymore. It will apply directly in all EU member states from May 25, 2018, and leaves the individual national states only limited scope for interpretation.
Of course, some EU countries already had strict legal regulations regarding the handling of personal data—for example in Germany or Austria. In the eyes of data protection activists, however, the penalty range for data protection offenses has been too low, if any penalties have been imposed at all. In Germany, data protection offenses have so far been punishable by a maximum of 300,000 Euros. This is now changing drastically: the maximum penalty for data protection offenses will be increased to at least 20 million Euros with the GDPR. For companies with very high global annual turnover, the penalties may be even higher; if 4% of global annual turnover exceeds the 20 million Euro limit, this 4 % applies as the maximum penalty.
By now, everyone should know why the media is reporting so much about the new General Data Protection Regulation.
Data Protection Is Nothing New at Intact
We here at Intact have been working for a long time to adapt all our systems and processes to the GDPR and to design them in compliance with the new law. However, the handling of personal data was nothing new to us. We have always attached great importance to data protection and know how important this is for our clients, too.
Especially the handling of personal data has always been of great importance to us and has now also moved into the focus of the European Union. After the scandals concerning Facebook and other social media platforms, the general public is also becoming increasingly aware of the importance of careful handling of such sensitive information in our time.
While the provision of personal data can bring great benefits to science and research, the risks of data misuse must also be clear. The GDPR is taking a step in the right direction in order to make the handling of personal data within the EU and beyond safer.
This Is How Intact Prepared for the GDPR
At Intact we have seen and used the GDPR as a great opportunity right from the start to make our data protection and data security processes even faster, more efficient, and more secure. Being an international company with branches in several European and non-European countries, smooth and clear processes are a necessity for us.
The first logical step was to appoint a data protection officer who would be the first point of contact for data protection issues both internally and externally and who would coordinate the company-wide implementation of the GDPR. This responsible role was assumed by Peter Krainer, who has been responsible for data protection internally for many years. He proved to be knowledgeable in this area internally, but also in this extremely valuable article the Integrity Blog by Intact, in which he gives an easily comprehensible overview of the basic requirements of the GDPR.
In the next step, we adapted all our contracts with customers and suppliers with regard to the new regulation and conducted training courses with our employees in order to raise their awareness of the issue. The training courses were documented and our employees were, once again, contractually bound to secrecy and confidentiality with regard to personal data.
Privacy is important to us and we believe that you should always know what information we collect from you. For this reason, we would like to draw your attention to the data protection guidelines of our website, where we explain our websites use of data transparently and in detail.