„Data breaches in access control can cost you a lot of money – and your reputation.“
Felix Hoellt, Deputy Vice President Product Management EAD Systems
Security Tips Legal security
The EU General Data Protection Regulation (GDPR) has been in force for more than a year. However, when talking to customers, I still notice that many companies continue to underestimate the possible consequences of violating data protection rules – especially in connection with their access control and attendance recording. In addition to heavy government fines, there is the threat of civil lawsuits and enormous damage to the company’s image. This is not just theory. There have already been a number of convictions.
If you want to find out more about the current status of the GDPR and the real risks for your company, I recommend reading our interview with Justyna Rulewicz, Consultant Data Protection and Lawyer at AGOR AG. She also deals with the importance of access control and attendance recording for compliance with the legal requirements.
Interview with Justyna Rulewicz, Data Protection Consultant, Lawyer at Agor
dormakaba: For which companies is the issue of data protection particularly relevant? Justyna Rulewicz: The issue of data protection is relevant for all companies that process the person-related data of customers or their own employees, for example. This is generally the case in almost all companies. Regardless of their size, these companies are therefore obliged to comply with the requirements of the EU General Data Protection Regulation (GDPR). In particular, processing so-called special categories of person-related data, such as health data or biometric data, is subject to certain strict requirements. Furthermore, companies that normally employ at least ten people on a permanent basis to deal with the automated processing of person-related data are obliged to appoint a data protection officer.
Why is it becoming increasingly important for companies to address data protection requirements? First and foremost, there are possible sanctions, because, in the event of violations of the provisions of the General Data Protection Regulation, there is now a risk of hefty fines and also civil lawsuits by data subjects. The issue of data protection is also becoming increasingly important for consumers. This means that if any data breaches become known about, it can result in enormous damage to their image. However, as clients also attach increasing importance to compliance with data protection regulations, companies can eventually gain a competitive advantage over competitors if the company complies with data protection standards.
What changed with the introduction of the EU General Data Protection Regulation (GDPR)? The EU GDPR creates largely uniform data protection legislation within the EU. There is therefore an enormous need for action and catching up, especially in countries where data protection has thus far been somewhat “neglected”. Data security requirements have increased, and strict data processing requirements must be met. These include, for example, the new data subjects’ rights (including: right to erasure, rights of access, information requirements or the right to data portability), the reporting and information obligations of companies in the event of data breaches or the obligation of the processor to keep a “list of processing activities”. The most important and far-reaching change, however, is the introduction of so-called accountability, which requires companies to “prove compliance with the law”. These new documentation obligations now require all data processing processes of a company to be documented.
Get answers to other important questions here:
Should threats of penalties by the GDPR, according to which penalties can amount to 20 million euros or 4 per cent of global turnover, be taken seriously?
When it comes to data protection, many companies rely on their software, such as firewalls etc. Is that enough?
In terms of access control, where do you see vulnerabilities in relation to data protection?
