One in five IT companies have so far ignored the GDPR

In less than a year, companies in Germany and Europe will face fines in the million euros if they fail to implement the General Data Protection Regulation (GDPR). However, one in five IT and digital companies (19 per cent) have not yet dealt with the topic and only one in three (34 per cent) has started to organize or even implement the first measures. Four out of ten companies (42 per cent) are currently working on the subject, but have not started to implement measures, and 5 per cent did not or could not provide any information... Read more

Bitkom comments on Art.29 Group draft Guidelines on Data Protection Impact Assessment

The General Data Protection Regulation introduces a new duty to carry out and document a data protection impact assessment (DPIA) for high risk situations. A DPIA should be based on an adequate risk assessment management. Should a company come to the conclusion in its risk analysis that a specific data processing activity will result in “high risk” to the rights and freedoms of the data subject, a DPIA needs to be conducted, especially if extensive data is used for profiling, a large scale use of sensitive personal data is processed or systematic monitoring of public areas (Art. 35 GDPR)... Read more

A new wave of adequacy decisions? Spotlight on!

In 2016 the number of countries that had enacted data privacy laws stood at 109, a significant increase in mid-2011 according to the EU Commission. However, only 11 out of these 109 countries have received an adequacy decision by now... Read more