The transitional period granted by the European legislator to companies to amend their processes to the General Data Protection Regulation (GDPR) will expire on May 25, 2018. From then on, supervisory authorities may impose fines of up to 4% of global company revenue in the event of non-compliance and threaten to issue warnings.

A considerable number of companies do not appear to have the problem on their agenda yet, however. A recent survey conducted by the Bitkom industry association showed that only one in every four companies has employed additional staff for the implementation of the GDPR to date. While 5% of respondents added new hires, 20% stated that they were using existing personnel.

The Bavarian State Office for Data Protection Supervision (BayLDA) also found that the implementation status of the new statutory requirements in data protection law at Bavarian companies is by no means as far advanced as one would hope. For this reason, BayLDA drafted an online test entitled “Road to GDPR - Self assessment”, which is available in German and English.

The purpose of this online test is to provide a sort of playful assessment of the status so that companies can assess for themselves where they are in order to correctly implement the new European data protection requirements.

As a result, each participant receives a detailed evaluation of the selected requirements and a description of how BayLDA believes the requirements for the GDPR should be implemented.

Practical tip:

It is to be expected that data protection audits by supervisory authorities will focus on areas of these issues from May 2018 on. By taking the online test, companies can check for themselves how far they have progressed in meeting the new European statutory requirements. Companies only have 6 more months left until the new European data protection law has to be implemented internally.