Challenges of the EU’s General Data Protection Regulation (GDPR)

The GDPR affects businesses of all sizes

The EU’s General Data Protection Regulation (GDPR) has been in force since May 25, 2018, and it creates uniform data protection rules throughout Europe. While it bolsters data protection for EU citizens, it also threatens businesses with draconian penalties if they do not implement the guidelines or implement them inadequately. Systematic and stringent compliance to the GDPR is necessary for all types of businesses, because of the high fines – up to 20 million or 4% of total annual global revenue (whichever is greater) – that must be paid in the case of violations, or just non-conformance to the guidelines. Small business size offers no protection against fines, for instance. The rules apply to businesses of all size classes. The question of how personal data is managed and protected is therefore of essential importance to every business. How should businesses react to this new directive?

What does the GDPR require?

The new rules specify that companies must introduce the latest state-of-the-art control mechanisms to protect data. The technical and organizational security measures that need to be implemented require that customer data must always be protected reasonably according to the risk. Businesses must ensure that only authorized persons can obtain access to personal data, and that the data is protected against unintentional loss, unintentional modification, unauthorized access and transfer to other parties. When it comes to access management, this means that the user name and password method has run its course; it is simply too unreliable.