DSGVO-Rohde-Schwarz-Cybersecurity

The GDPR uncertainty

The General Data Protection Regulation (GDPR) has been in force for six months now. The media's dedication to this topic has not diminished and it is clear: data protection and possible sanctions, including the (supposed) fear of legal consequences, are unsettling and intensify the emotionality of discussions about a regulation, which could possibly suffer as a result.

The passion with which it is being reported about the GDPR - especially outside the professional community - suggests that this regulation will behave differently from other legislative changes and innovations. On the one hand, liberal possibilities are upheld, on the other hand, the basic pessimism and scepticism about the possibilities of digitalisation could not be greater.

The security of data processing is central to the GDPR, which is why companies must take organisational and technical measures when processing personal data. The aim is to ensure protection against unauthorised, unlawful data processing, data loss and accidental damage or even destruction. The concrete technologies and measures used will depend on the likelihood and severity of a risk to the rights of people affected.

By the way: You can download our white paper on the GDPR here.

Certainly, hardly any other regulation currently refers so much to the reality of people's lives, but similar directives and laws as the EU Data Protection Directive and the Federal Data Protection Act in its scope of application (protection of personal data, obligation to provide information and documentation, technical and organisational protective measures) already precede the GDPR. For the GDPR, points such as increased self-regulation and extended documentation obligations have been made stricter - and, in particular, the framework for fines applicable to violations of the regulation has been significantly increased. In addition, there is the concern of individuals and companies to be "overrun" with warnings when keywords such as 20 million mark or four percent limit are dropped.

A current example refers to a so-called data protection information centre based in Malta, which sends faxes to companies, together with a request to sign a form by means of which they comply with the "legal obligation to implement the basic data protection regulation" and which contains a so-called basic data protection. This form should then be sent by fax to a 00800 number in Switzerland within a few days. This "service" is based on a subscription that charges fees in the mid-three-figure range. Forms that are offered for this purpose, such as for the creation of processing directories, are provided free of charge by the authorities.

A case that may have caused further uncertainty. The fact that the Federal Data Protection Act already contained a framework for fines is lost in emotionality in debates about the above mentioned example. In view of the fact that no fines in the millions have been imposed since the entry into force of the GDPR in May 2018, it can be assumed that these will not be imposed in the event of violations in a data protection declaration from the start of validity of the regulation. The more so as the amount of a fine must always be adapted to the economic circumstances and, in addition to the fine proceedings, the means of remedying the deficiency in data processing must also be available. It can therefore be assumed that before a fine notice is actually imposed, the first step is to order the rectification of the deficiency.

The GDPR offers companies enormous opportunities in customer retention. We recommend an approach that takes equal account of data protection and information security. Rohde & Schwarz Cybersecurity advises companies on how a broad portfolio of secure networks, endpoints, applications and clouds can be implemented.

For advice on Europe-wide data protection, compliance with corporate regulations - and the competitive advantage they offer, download our white paper on the GDPR here.

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

Marketing permission

I want to receive information from Rohde & Schwarz via

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to news@rohde-schwarz.com. Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.