Data protection and digitisation

Reasons to look forward to the coming years with the General Data Protection Regulation!

Even though the General Data Protection Regulation recently celebrated its one-year anniversary, the topic of Data protection has been current since the 1960s. Further historical milestones, to what extent data protection has the character of a fundamental right and which rights data subjects have thanks to the GDPR have received, was considered in more detail in the first article in this series: Part 1: The GDPR protects our fundamental civil rights

The background to the series of articles "Unfortunately, the GDPR has only been around for a year" is to show why the GDPR simply makes sense and why you too should start implementing it today rather than tomorrow. In today's article we explain how the implementation of the GDPR can prepare your company for digitalisation.

Part 2: The GDPR makes companies fit for the digital future

According to a Bitkom study from September 2018, 63 % of the companies surveyed consider the implementation costs of the GDPR to be too high. Likewise 63 % of the companies believe that business processes will become more complicated due to the GDPR. A total of 56 % assume a negative impact on sales. We claim: the benefit of the GDPR is greater than many companies think!

1. The GDPR cleans up and increases data quality in companies

Every small and medium-sized enterprise, can meet the requirements of the GDPR within a short period of time. In Germany and Europe, this affects the majority of companies. As a rule, 2-3 hours are sufficient to set up legally compliant basic protection. Solutions like Robin Data are well pre-structured, contain the necessary templates and speed up the process immensely.

At the same time, the implementation of the GDPR is often the beginning of a comprehensive data quality project. This is because during the implementation, optimisation potentials often arise in individual business processes. One of the following questions will certainly sound familiar to you:

• What software do we actually use in personnel administration?
• Why is our customer data not properly maintained?
• Why don't we finally get rid of old databases in our systems?

The key to success here is data erasure. Old data stocks such as files, business papers etc. can be critically examined within the process and systematically disposed of. This process contributes significantly to the improvement of data quality in companies as well as to the rationalization and digitalization of order and administrative processes.

2 The GDPR drives the digitisation of process flows

In many places it is worthwhile to think about the consistent digitalisation of process sequences. Since the introduction of the GDPR, companies among my clientele have increasingly been using digital workflows in their ERP systems instead of carrying analog sheets around. Data is managed consistently in one place and can thus be deleted centrally in compliance with GDPR.

Incidentally, this approach also supports the implementation of electronic accounting, the so-called GoBDwhich has been valid in Germany since 1 January 2015. The implementation of the GoBD requires data processing systems that above all enable the correctness and accountability of the processed data (e.g. posting documents). It is precisely these requirements that are also pursued in the DSGVO when processing personal data, so that the implementation of the GoBD and the DSGVO is of mutual benefit here.

3. The GDPR rightly increases cyber security

Germany is now one of the top targets of cyber attacks, affecting approximately 50 % of all companies and another 25 % of companies are likely to be affected. It is therefore not surprising that investment in cyber security has been among the top 3 IT investments of German companies for years.

The GDPR explicitly requires that personal data be processed in accordance with the state of the art. It therefore accelerates the trend to continue to invest in cyber security in the future. I can confirm this trend in many of my customer projects. Data protection projects have often been the starting point for systematically analysing security risks, considering how long a failure of data-carrying systems in the company can be compensated, what such a failure costs and deducing from this how high investments in the security of data processing can be.

Such investments were then of a very different nature. They included cost-effective organisational measures such as clear key regulations, reception management for visitors or the closing of sensitive areas such as the personnel department. Furthermore, larger-scale measures are also being tackled. These typically include expanding backup systems, upgrading the firewall to a latest-generation model or implementing extensive contingency plans. Also, in the event of a data breach, to securely organize reporting processes to the supervisory authority within the 72-hour reporting window.

Read it:

Part 1: The GDPR protects our fundamental civil rights

In the next article (Part 3) you will learn why the DSGVO is an innovation driver of digitisation.