The General Data Protection Directive (GDPR) of the European Union will come into effect in May 2018, thereby replacing the Data Protection Directive 95/46/EC from 1995. Its prime goal is to strengthen the rights and security of EU residents whose data is saved and processed. The directive contains over 60 “opening clauses”, which give the individual member states vast leeway for implementing it on a national level.

 

Important facts about the EU GRPR:

  • Burden of proof for the individual responsible for data processing
  • Higher penalties (2 - 4% of gross annual revenues)
  • Right to data erasure
  • Obligation to provide information
  • Obligation to report breaches with personal data
  • Mandatory registry of data usage
  • Data protection officer (DPO) in Austria: Companies with less than 250 employees are not required to designate a DPO unless data processing is their core business. 
  • Data protection officer in Germany: Companies with more than 10 employees are mandated to designate a DPO.
  • Impact assessment: Companies with less than 250 employees are only required to conduct an impact assessment if data processing poses a high risk for the affected individuals.

 

Major impact on the insurance industry

The new EU directive brings along a whole new set of challenges - especially in the insurance industry. Insurance companies save and process highly sensitive, personal data ranging from health issues to birth dates or even religious affiliation. Therefore implementing the appropriate actions in a timely manner is extremely important.

 

Achieving compliance with avedos risk2value

Gear up your company for EU GDPR compliance with risk2value. The checklist provides helpful clues on what actions you need to take. Create a data usage registry, conduct a data protection impact assessment, and report data breaches all within an audit-proof tool. User-friendly dashboards ensure fast, secure access to the right information.