In May 2018 the new Data Protection Regulation (GDPR), which is harmonized across the EU, will come fully into force. Is your company prepared?
Many companies imagine themselves to be safely compliant in terms of the GDPR, but falsely so according to a study commissioned by Veritas. The survey shows that many companies believe that they are already covering the requirements of the EU’S GDPR. Almost a third of those surveyed around the globe (31 percent) declared that their own organizations have long fulfilled the key provisions in the regulation. Yet when questioned more closely on specific requirements in the GDPR, these same companies identified areas needing improvement. In the final analysis, only 2 percent of the companies were in fact prepared for the GDPR.
Previously data protection in Europe was the business of each individual country – apart from the EU “Directive 95/46/EC”, which defined minimum requirements. With the General Data Protection Regulation (GDPR), the EU member states have now agreed on a uniform regulation for the protection of data.
The GDPR bolsters the basic right of all EU citizens to data protection and privacy. Accordingly, the requirements set for the handling of personal data by companies are formidable, and the penalties for violating them are substantial. Violations of the GDPR are penalized with fines of up to 20 million Euros or 4 percent of the company’s global annual turnover – depending on which amount is higher.
The new regulation applies to every company which administrates, gathers, stores, deletes, uses or processes personal data – no matter whether it’s a firm of craftsmen, an international corporation or an authority, and irrespective of whether they are based in Berlin, Istanbul or Shanghai. The applicability of GDPR is not determined based on the registered headquarters of the company, but rather the markets in which it operates.
The processing of data at Retarus is always carried out in accordance with the locally applicable data protection regulations and moreover fulfills sector-specific requirements such HIPAA or PCI-DSS. Retarus’ data centers are operated with the highest level of security and are subject to a strict system of internal controls. In addition, Retarus offers its customers the opportunity to contractually specify the region where their data is processed and the company is open to being audited at any time.