GDPR for companies at a glance

GDPR for companies at a glance

In May 2018, the new EU General Data Protection Regulation DSGVO came into force for companies. In the event of non-compliance with the requirements, there is a risk not only of high penalties but also of a loss of customer confidence. We have compiled the most important requirements of the GDPR for companies and show how to implement them efficiently.

Scope of the GDPR for companies

The General Data Protection Regulation (GDPR) – known as DSGVO in this country, consists of 99 articles and regulates how citizens’ personal data must be stored and protected in internal EU transactions.

Who has to comply with the GDPR?

Companies that store or process personal data of EU citizens must comply with the guidelines from May 25, 2018. The regulations apply equally to all 28 EU member states.

The most important requirements of the GDPR for companies at a glance:

  • Article 5 – Processing of data

    Personal data must be processed in a manner that ensures appropriate security – including protection against unauthorized or unlawful processing by appropriate technical and organizational measures.

  • Article 15 – Right of access

    EU citizens have the right to know, upon request, which of their personal data a company uses and for what purposes.

  • Article 17 – Right to erasure

    Companies must delete the personal data of an EU citizen upon request.

  • Article 20 – Right to data portability

    The citizens of the European Union may, upon request, arrange for the transfer of their personal data.

  • Articles 25, 32 – Data protection

    Companies must take appropriate technical and organizational measures to ensure an adequate level of protection (e.g., encryption of data).

  • Articles 33, 34 – Reporting obligation

    Companies must report security incidents to the competent authorities and also to the affected persons within 72 hours of becoming aware of them

  • Article 35 – Impact assessment
    Companies are required to conduct a privacy impact assessment that addresses the risks to EU citizens. The assessment must also provide information on what measures the company is taking to minimize the risks that have arisen.
  • Articles 37, 38 & 39 – Data Protection Officer
    Companies that store or process large amounts of personal data of EU citizens and conduct regular data audits are required to appoint a data protection officer. This person has to ensure both the data protection strategy and the GDPR compliance.

  • Article 83 – Penalties

    In the event of violations, companies may be subject to fines of up to 20 million euros or four percent of total global sales.

Significance of the GDPR for companies: Conclusion

The GDPR has two primary implications for companies: First, they must make the necessary technical and organizational adjustments to comply with the legal requirements. On the other hand, these adjustments must be reflected in an economic framework so as not to jeopardize competitiveness. For both areas, the use of suitable software is an elementary component, without which efficient work is hardly possible.

Test PIPEFORCE without obligation and free of charge

Contact us for a free trial account. You can use the account immediately for 30 days. Upon your request, you will also receive a personal introduction with all relevant functions for your area of application:


    Cookie Consent with Real Cookie Banner