{"id":1813,"date":"2017-08-17T12:29:25","date_gmt":"2017-08-17T10:29:25","guid":{"rendered":"https:\/\/www.m-q.ch\/?p=1813"},"modified":"2017-08-21T10:24:18","modified_gmt":"2017-08-21T08:24:18","slug":"basic-data-protection-regulation-sets-new-requirements","status":"publish","type":"post","link":"https:\/\/www.m-q.ch\/en\/basic-data-protection-regulation-sets-new-requirements\/","title":{"rendered":"EU data protection law sets new requirements"},"content":{"rendered":"
\"\"
Some roles in the company are incompatible with data stewards, such as the CEO, CFO, head of marketing, HR or spec IT employee. (Image: depositphotos)<\/figcaption><\/figure>\n

A new era begins next May with the new EU data protection law, the General Data Protection Regulation (GDPR). The GDPR applies to all member states of the European Union (including the United Kingdom, before and presumably after Brexit). To date, there has been much discussion about fines and penalties for breaches, including up to \u20ac20 million or 4 percent of a company's annual global turnover.<\/p>\n

Nevertheless, the requirement for the role of the Data Protection Officer (DPO) still seems to play a subordinate role in companies. \"In the past, the role of the DPO was largely undefined, because the European data protection law that still exists stems from an EU directive from 1995, which does not yet take such roles and responsibilities into account to the same extent as in the GDPR,\" explains Michael Veit, IT security expert at Sophos.<\/p>\n

New IT instances \u00a0<\/strong><\/p>\n

In those days, data was seen almost exclusively in a \"computing context\" and the first people to be given the informal title of DPO usually had an IT background. They were the ones who could understand, identify and \"protect\" the flow of computer-driven data. Today, at a time when technology so dominates our lives, the role and task of a DPO has changed significantly.<\/p>\n

Today, the DPO is the authority for data protection within an organization. The DPO must help a company or organisation to comply with its legal obligations - also with regard to respect for the privacy of private individuals.<\/p>\n

It is generally about security and this includes not only the view of IT but also the expertise in legal, compliance or customer service and many more. To comply with the guidelines, the GDPR formulates the role of a DPO and also mandates their use in businesses and organizations. For example, all public bodies will mandatorily require a DPO to guarantee freedom of information or human rights.<\/p>\n

This also means that in some circumstances even very small organisations or businesses may have a legal duty to have a DPO - for example local authorities or state schools.<\/p>\n

But the role is also mandatory for those organisations whose core activities involve \"regular and systematic monitoring of data on a large scale\" or where core activities involve the processing of particularly sensitive data - for example, data relating to ethnic origin, religious beliefs, health, sex life or criminal convictions.<\/p>\n

Useful guidelines <\/strong><\/p>\n

Certain and sometimes helpful guidelines have been developed by the Article 29 Working Party, a group of representatives of data protection authorities across the EU.<\/p>\n

The GDPR describes structures (qualities and duties) of a DPO. The following qualifications are required:<\/strong><\/p>\n