The EU General Data Protection Regulation, in short EU-GDPR, comes into force in May 2018 and will fundamentally change the Federal Data Protection Act. This poses a major challenge for companies, as non-compliance can result in millions in fines. It is not only important to observe the clear consent to receive e-mails, but also physical IT security must be brought to fruition. But what does physical IT security have to do with data protection according to EU GDPR?
The EU GDPR and its impact on physical IT security regulations in companies
The EU General Data Protection Regulation (EU GDPR), which will apply from 25 May 2018, will have a major impact on the provisions on physical IT security in companies, as this is also responsible for the reliable protection of data. This regulation hits not only large corporations like social media Internet giants, but also small and medium-sized businesses.
The EU GDPR harmonises European data protection law and strengthens data protection authorities. It now demands that all companies carefully check, reorganize and often more comprehensively address their privacy and physical IT security.
The requirements for security are described in Article 32 of the EU GDPR:
„Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.”
State of the art:
In the German middle class, so in the small and medium-sized companies, this has only partially arrived. Many companies that have already dealt with the issue find that they are not prepared for physical IT security.