The spectre: One year of the EU General Data Protection Regulation (GDPR)
Only twelve percent (October 2017: four percent) of the companies surveyed are said to have fully complied with the requirements of the regulation to date. For Ralf Peters, DSAG Board Member Application Portfolio, the result is no surprise one year after the EU GDPR came into force:
"We know that many of our members set out to become data protection compliant some time ago. Some have undertaken one- or two-year projects to implement the EU GDPR."
The "DSGVO Index" study conducted by the research and analyst firm Techconsult and IT-Verlag also shows serious deficits in the implementation of the so-called technical and organizational measures (TOM), which are supposed to ensure data security at the technical and organizational level within the framework of the DSGVO.
The purpose of the GDPR is to protect personal data from unauthorized or unintentional processing, damage or deletion with the help of TOM. To this end, companies must ensure that only authorized persons have access to sensitive areas of the company.
This applies to both physical access to rooms and access to systems. Of the companies surveyed in the study, 31 percent do not implement advanced access control.
However, the DSAG user association recognizes success stories primarily among large companies that have the corresponding resources. Therefore, Ralf Peters estimates that these companies make up the bulk of the above-mentioned twelve percent that are now DSGVO-compliant.
Overall, however, the DSAG Board of Management considers the number of companies that fully comply with the regulation to be significantly too low.
The result is less positive with regard to SAP support. Here, members continue to see a need to catch up. While only around 17 percent (October 2017: eleven percent) of respondents are very satisfied or satisfied with SAP's support, around 69 percent (October 2017: 72 percent) expect more.
They are only moderately satisfied or not at all satisfied with what SAP offers in terms of implementing the General Data Protection Regulation in the SAP system. DSAG and SAP are continuing their proven partnership on this topic. In various DSAG committees, members' requirements for SAP solutions are discussed and debated in a constructive, critical dialog.
The Techconsult study results clearly show that companies are still a long way from full GDPR compliance. In particular, there is a lack of technical data security in almost all areas. In the GDPR implementation process, companies must also be proactive in dealing with potential threats.
DSAG has found that almost 67 percent of the companies surveyed have defined the channels for providing information and notifying the individuals concerned, and that these channels are already standard practice.