Newsroom / GDPR focus session: the clock is ticking!

GDPR focus session: the clock is ticking!

GDPR focus session: the clock is ticking!

The GDPR comes into force on 25 May 2018, but has been thesource of many headaches for decision-makers and IT officers for around two years now. S&T and LGP discussed how companies could best protect personal data, from a legal and technical standpoint, as part of an information event held on 24 October.

Stefan Schiebeck, AIT Austrian Institute of Technology, Harald Leitenmüller, Microsoft Austria, Rudolf Roschitz, S&T, Amra Bajraktarevic and Gerald Ganzger (both LGP)

Not a single company will remain unaffected by the European Union’s General Data Protection Regulation (GDPR): by mid-2018, at the latest, it will be clear whether the available security mechanisms are functioning properly, whether operating concepts meet modern technical and legal demands, and whether any areas of neglect in terms of data and information security need to be resolved. In any case, sanctions for non-compliance with the GDPR are hefty. Fines of up to 20 million euros, or up to four percent of the global annual turnover, can be imposed.

“In the future, companies will be observedmore closely by data protection authorities,” attorney-at-law and LGP Managing Partner Gerald Ganzger predicted at the very start of the event. He presented a detailed 10-point plan to ensure adherence to the GDPR to the more than 90 guests. Despite the variety of professional competent guidance, the media law expert believes that everyone should proactively engage with data security in their own company. Subsequently, Amra Bajraktarevic, associate and data protection expert at LGP, gave a presentation on the most important principles of data processing. Then she suggested concrete directions, such as how companies can optimise their existing technical systems in terms of legally compliant data processing steps (“privacy bydesign”) and standard settings that adhere to data protection guidelines (“privacy bydefault”).

Stefan Schiebeck used a live hacking session to show the guests how easily cyber criminals and foreign security services cangain access to third-party corporate networksor collect personal data. “The recentincrease in data breaches has demonstrated that no company is safe from attacks if the basic principles of data protection are not adhered to,” said the ethical hacker, who works for the Austrian Institute of Technology. The processing of personal information that represents a significant risk for affected individuals – such as criminal justice data – is a particularly sensitive area. “Pursuant to the GDPR, in many cases companies need to perform a ‘data protection impact assessment’, which must contain a systematic description of the processing operations and intentions, an assessment of the risks for those affected, and measures to protect information,” said Schiebeck. 

In light of the exponential growth in the quantity of data produced as a result of rapidly advancing digitalisation and stricter legal frameworks, Harald Leitenmüller, Chief Technology Officer at Microsoft Austria, believes it is high time to rethink data protection. Under the banner of “Next Generation Privacy”, guests were shown a cloud-based concept with innovative security and compliance measures. The objective is to ensure complete transparency and control of all the personal information gathered from a particular user, thereby making it considerably easier to verify that new control and documentation obligations have been met.

In this regard, technical components are of central importance, as Rudolf Roschitz, Head of Business Development at S&TAG, explained using a practical example: “Many companies are not aware that their own internal printers are one of the greatest weak spots in terms of data protection. If wage slips, HR files and medical records are left in the printer, there is the risk that external devices could access them using the printer’s network connection.”

My documents

Add page

There are currently no documents in your basket.