Since the EU’s General Data Protection Regulation came into force on 25 May 2018, individual EU citizens can be sure that their data are protected by uniform law, and that they will keep the sovereignty about how their data are further used. From a consumer’s perspective, the GDPR is a significant step forward in data protection.
After two years, however, most companies still haven’t taken the appropriate measures to meet the requirements. Companies have to ensure that they store and process data in accordance with the specifications of GDPR. Internal processes, data management, and archiving must be reconsidered and optimized. This way, GDPR-compliant archiving has developed into its own specialist discipline.
An example for a company acting too late is the housing association Deutsche Wohnen. The housing association was sentenced to a sum of 14 million Euro at the end of 2019. An important reason for this: The archive system had no delete function. As a result, personal information of customers and interested parties was stored for years, even if there was no longer a tenancy or the reason for the data processing had expired.
Between 2018 and the end of 2019, a total of more than 160,000 GDPR breaches have been registered. 247 per day! Sanctions are getting continuously tougher. There is still an urgent need for action, even months after GDPR came into force. But how is it possible that companies get into such a situation? Here we’ll tell you the 5 pitfalls which organizations have to avoid.