InfoGuard AG (Headquarter)
Lindenstrasse 10
6340 Baar
Switzerland
InfoGuard AG
Stauffacherstrasse 141
3014 Bern
Switzerland
InfoGuard Deutschland GmbH
Landsberger Straße 302
80687 Munich
Germany
In the first half of the year, the GDPR (General Data Protection Regulation) has had many minds working overtime. Not few enterprises have invested not only nerves, but also a lot of time and money into the implementation. And nevertheless much was still unclear up to the entry into force of the GDPR on 25 May 2018. And today? Have all the bad fears become true We take a look back over the last few months as well as pointing out what advantages the GDPR can bring you in the future.
Let's start with the good news. On May 25, 2018, the world neither came to an end nor was there a comprehensive wave of warnings issued against companies. However, the GDPR has been the number 1 topic of the year - and it is still today, even if it is not quite so completely omnipresent in the media any more. Since the announcement of the definitive version of the revision in January 2016, some companies have been systematically preparing for it. Others have done a real sprint to the finish, and at the last minute were trying to make their company GDPR compliant - which often turned out to be harder than they expected. According to the guidelines, companies that are subject to the GDPR are under threat of hefty fines (up to 20 million euros or 4 percent of annual sales!) if they violate them.
It is no secret that countless cyber attacks, many of them successful, take place every day; and it is more than likely that data protection breaches will occur. But what have been the consequences for companies since it came into force? Or were the stress and worry for nothing? It is a fact that many companies today still do not know exactly what to do and what not to do according to the GDPR regulations. Do I need to report this incident? How should I document it to be GDPR compliant? What do I need to consider in terms of marketing actions? Putting the theory into practice is not that easy.
As Switzerland is not in the EU, the thing we have available to us is the experience of neighbouring countries, in particular Germany. However, there are also many Swiss companies that are affected by the GDPR, which is why some of these experiences certainly apply to us as well. The GDPR means that the supervisory authorities of our neighbour to the north certainly have their hands full. But this is not because there are a large number of breaches, but because companies are overburdened with the guidelines and are still seeking advice.
Fortunately, the much-feared wave of warning has failed to materialise. However, this is also due to the fact that the supervisory authorities themselves are still at the warm-up stage. According to a German market research, 91 percent of the companies surveyed have not yet received any warnings. In Switzerland, given the reasons mentioned above, there will be even fewer companies. However, a good 44 percent (!) expect to receive a warning sooner or later. If that isn’t a good reason to get ready, what is?
Of course, especially at the start, there is still a lot that is unclear. (More or less) small infringements are the norm. These are the most common infringements - so an opportunity for you to learn:
It's mainly the smaller companies that have reduced their digital offering as a result of the GDPR. Why have they done so? On one hand, it’s because of the increased effort, on the other hand, because of the additional costs. This is because small companies have to meet the same requirements as large ones. However, they simply lack the means to equip themselves to be GDPR compliant. You can imagine for yourself what this can mean in economic terms for companies like these...
We maintain that the GDPR is taken seriously - but not always understood. So it is not surprising that the compliance requirements have not yet fully met by many companies. And if Gartner is to be believed, even at the end of 2018, still over 50 percent of companies will not be GDPR ready. So you need to make sure that you are not part of this 50 percent! However, just like companies, the authorities are still struggling with the new regulations, which is also a reason for the only slight surge in warnings.
Are you among the people who have done their homework and implemented all the requirements? Even if the sanctions have been limited so far and only a few companies have been fined, the effort has definitely paid off: It’s always worth the effort. Why? I'll show you why!
Even if we don't like saying it (because cyber security and data protection should NEVER be ignored), you still have time. But the clock is ticking much faster now, because cyber attacks can hit anyone at any time - be it in 2 days, 2 months or even in 2 years. One thing is for sure - that every company either is now or will become a target for cyber criminals. So if you're still not GDPR ready, you need to speed things up! And to all those who have their data protection under control - don't rest on your laurels, and stay on the ball. The issue of data protection remains omnipresent and presents constant challenges - exactly like cyber security.
Data protection is not only an important issue; it is also a complex one. Here real know-how is in high demand, especially from an expert! Already, as is the case with GDPR there are many details lurking that can become your downfall. InfoGuard offers you a simple solution for staying on the safe side with your GDPR compliance. Our GDPR Web Audit uncovers any remaining security gaps in applications and infrastructures that are critical to data protection. In addition, we check the effectiveness of the security measures you have implemented. More details about our GDPR Web Audit can be found here: