EU General Data Protection Directive (GDPR)
Important facts about the EU GRPR:
- Burden of proof for the individual responsible for data processing
- Higher penalties (2 - 4% of gross annual revenues)
- Right to data erasure
- Obligation to provide information
- Obligation to report breaches with personal data
- Mandatory registry of data usage
- Data protection officer (DPO) in Austria: Companies with less than 250 employees are not required to designate a DPO unless data processing is their core business.
- Data protection officer in Germany: Companies with more than 10 employees are mandated to designate a DPO.
- Impact assessment: Companies with less than 250 employees are only required to conduct an impact assessment if data processing poses a high risk for the affected individuals.
Major impact on the insurance industry
The new EU directive brings along a whole new set of challenges - especially in the insurance industry. Insurance companies save and process highly sensitive, personal data ranging from health issues to birth dates or even religious affiliation. Therefore implementing the appropriate actions in a timely manner is extremely important.
Achieving compliance with avedos risk2value
Gear up your company for EU GDPR compliance with risk2value. The checklist provides helpful clues on what actions you need to take. Create a data usage registry, conduct a data protection impact assessment, and report data breaches all within an audit-proof tool. User-friendly dashboards ensure fast, secure access to the right information.