Data protection reform - (not) an issue?

Ensuring a uniformly high level of data protection throughout the EU and uniform responsibilities to protect personal data from misuse - these are the broad aims of the new EU General Data Protection Regulation (EU GDPR), which will apply from 25.05.2018 and was the topic of the 9th IMS breakfast was.

The special thing about it is that it not only applies to companies based in Europe, but also to companies that use data from EU citizens.

In Germany alone, 200 laws need to be adapted to implement the directive. Prof. Spangenberg presented these regulations and the resulting requirements for companies in a vivid and clear manner. This is because it results in a wide range of obligations for companies. They must:

• familiarize themselves with the changed legal requirements,
• create a list of processes and responsibilities in which personal data is processed,
• recognize the level of protection required, assess risks,
• plan, implement and monitor technical and organizational protective measures - design the processes securely and set up an appropriate organizational structure,
• establish procedures for dealing with "data breaches".

However, according to Prof. Spangenberg, one in three companies has so far ignored the requirements that will soon apply, while non-compliance could result in a fine of  20 million euros or up to 4% of annual turnover. Regional companies are keeping an eye on the issue, as the lively participation of 20 company representatives at the IMS breakfast showed. Stefan Riedel, Account Manager at TÜV-Rheinland Akademie GmbH, co-organizer of the IMS breakfast, presented additional training opportunities in this area.

In addition to Prof. Spangenberg's presentation, Dr. Jörg Bentlage, Data Protection Officer and Managing Director, Anthesis Group Germany, spoke about the tasks of a company data protection officer. According to the EU GDPR, authorities and a large number of companies are obliged to appoint a data protection officer. His lecture was virtually transmitted and recorded with the support of the Center for e-learning so that it can be used in teaching. Many thanks to Enrico Schuster and Andreas Sommer!

Systematic information security management is a prerequisite for the implementation of data protection. In addition to quality, environmental, energy and occupational health and safety management systems, this topic is also taught by Prof. Spangenberg in our "Integrated Management Systems " / "Integrated Management" courses and is an important job market skill for our students.