EU-GDPR

The GDPR’s state of the art is a reference term - decoupled from fixed technical and organizational standards at a given time. Therefore, it is vital to define how requirements should be methodically derived from the state of the art, as stating no hint in the regulation led to insecurities amongst the GDPR’s addressees. This article presents an approach from the German IT association TeleTrust which can help companies to reduce their insecurities. The problems with the state of the art in the effort saver digital world are shown on the example of identification and consent.

The increasing interconnectedness of production systems and the use of IoT devices generates a considerable amount of employee or customer data - whether directly or indirectly. The EU General Data Protection Regulation (EU-GDPR), effective 25 May 2018, results in a massive increase in the rights of data subjects and documentation obligations arising from the processing of personal data [1]. Those who do not respect these rights and/or fail to comply with their obligations face painfully increased fines of up to EUR 10 million (in serious cases EUR 20 million) or 2 % (4 %) of the annual turnover.