The GDPR – starting soon!

03/14/2018 Unternehmensnachrichten

On the 25th May, the European General Data Protection Regulation (EU-GDPR) will become legally effective. Consumers can celebrate: They will be getting more control over their own personal data. Company’s, on the other hand, not abiding by the GDPR will be facing expensive consequences: Up to 20 million Euro’s or four percent of turnover will be due for violations. What does Rutronik have to do with this?

The GDPR concerns many sectors

Reaching from the development and conception of a product, to manufacturing and all the way even to marketing. Pitfalls with potentially serious financial consequences are lurking everywhere. Especially hit by Article 25 “Data privacy by design/Data privacy by default” and Article 32 “Security in data processing” are B2B firms and their customers. Though the fines under these two articles of the GDPR “only” reach up to 10 million Euro’s or two percent of company turnover, this is nevertheless quite a considerable sum and could be better invested elsewhere.

It is because of this that last year Rutronik established a competent, cross-functional team especially for the introduction of the European General Data Protection Regulation, in order to be able to give customers expert consultation (<link (https://www.rutronik.com/article/rutronik-founds-gdpr-excellence-team/>https://www.rutronik.com/article/rutronik-founds-gdpr-excellence-team/</link>). In addition to this, the team compiled a Security White Paper, for which the implementation of system and wiring concepts was assisted by developers, product managers and procurers (<link www.rutronik.com/security-aspects&gt;http://www.rutronik.com/security-aspects</link>).

These traps cannot only be found in production, but also in marketing: traditionally, firms would inform their customers about updates, events and current trends through their newsletters. With the installation of the European General Data Protection Regulation on the 25th May, however, this will no longer be possible. The GDPR states that subscribers’ consent must be deliberate, voluntary, informed and most importantly it must be documented when granted. The responsibility to provide evidence of this lies with the firms. Double-opt-in procedures (the active confirmation of a user wanting subscription to a newsletter), are the best solution in this case. After all, we’d much prefer to invest money in constructive projects, than in fines – right?