GDPR - DatenTag

One year GDPR | DatenTag on May 24, 2019

On 25 May 2018, the European Data Protection Regulation (GDPR) came into force and has since then been applicable. This was preceded by the European Data Protection Directive (1995) and a two-year transitional period. The GDPR applies directly in all member states of the European Union and has priority over national law.

The GDPR is flanked, for example, in Germany by the Federal Data Protection Act; by opening clauses was left according to national design scope. Using the example of Germany: the purpose limitation principle or the principle of data economy have been retained.

Privacy by Design vs. Privacy by default

A new approach of the GDPR is that of a "privacy by default", which goes further than "privacy by design", according to which data protection should be implemented in the development of new technological solutions.

The protection and processing of personal data is governed by Article 32 of the GDPR: "Taking into account the state of the art, the controller and [...] the processor shall take appropriate technical and organizational measures to ensure a level of protection commensurate with the risk. Divided into three stages:

1. Proven technologies (consensus)

2. Innovative technologies (re-creation)

3. Future technologies (development)

Furthermore, the IT Baseline Protection Compendium (IT-GS) of the German Federal Office for Information Security (BSI) provides an overview of the state of the art from applications to security management. For example, companies receive an overview of minimum standards for cryptographic procedures and, in general, IT security.

While the privacy rights of those affected are to be guaranteed within the framework of the GDPR, IT-GS aims to protect applying organizations, such as public authorities and companies, and provides technical rules and best practices to specify legal due diligence.

Today, business processes without IT Usage hardly get along and because information technology is used in public authorities as well as in enterprises, it is therefore under special protection and requires measures in everyday work to safeguard corporate risks through GDPR-compliance.

This applies to all industries alike, operators of critical infrastructures, such as healthcare, card payments, and authorities such as SMEs.

The GDPR now contains a number of essential requirements, unlike previous legislation at national level

  • Stronger rights of individuals- et al on information / information, correction / erasure, the right to be forgotten, more restrictive declarations of consent
  • Stricter reporting requirements- et al the obligation to inform the data protection authority and data subjects about an infringement of the protection of personal data within 72 hours
  • Increased IT security requirements
  • Stricter organizational requirements- et al the obligation to create and maintain a register of internal data processing activities, "Privacy by Default", creation of deletion concepts

One year after its entry into force, it can now be established that the number of closed websites such as warned are not as high as announced – presumably because many of the requirements of the GDPR correspond to those of the Federal Data Protection Act.

On the #DatenDag of the foundation data protection on 24th May 2019 in Berlin, federal data protection officers and those from enterprises discussed with data protection experts and scientists sustainability, compliance and approach of the GDPR as to the freedom of data protection in general.

It had been expressly stated: The debate is alive; contradicting the positions, ("the idea of data protection" by its exaggeration in the GDPR is "meant well"). Data minimization and transparency offered interpretation scope in the interpretation of "purposeful and substantial". Data storage in clouds should be done in EU countries.

Despite all diversity, it should be clear: Special protection guidelines apply when processing sensitive, business-critical data. It is important to establish a holistic security architecture that integrates the various security factors into existing platforms and networks. Collaborations, versions of files and documents, applications links must be secured, with application-specific solution scenarios replacing standard measures.

Applications that include privacy right away (privacy by default and privacy by design) will continue to have a decisive advantage in the future.

Are you interested in further information on the General Data Protection Regulation, the Network Information Security Directive (NIS), the Payment Services Directive (PSD2), the Basel III framework, ISO or NIST standards? Please feel free to contact us.

[IMG ©]

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

I want to receive information from Rohde & Schwarz via

Marketing permission

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.