GDPR - one year on - data protection experts take stock

While criticism of the law was mounting in the run-up and there was talk in the media of waves of warning letters, for example, the companies' fears in this regard remained largely unconfirmed.

"However, even one year after coming into force, a DSGVO-compliant handling of sensitive data is still not part of the everyday life of many companies"

says Haye Hösel, CEO and founder of Hubit.

Particularly when it comes to legally compliant websites, secure passwords or the use of company cell phones, there is still a need for action.

"Companies don't always see the point of the GDPR, just more work. But at least we also lock the door when we leave the house, even though this means an additional effort"

Hösel emphasizes.

The aim of the GDPR is to protect personal data. Not only names, but also data such as telephone numbers, license plates, or IP addresses are considered personal data.

The GDPR requires companies with more than ten employees to appoint an internal or external data protection officer. The data protection officer is responsible for both instructional and advisory activities and acts as a contact person for employees, management and data subjects.

In the meantime, many companies have already implemented this requirement. However, even though monitoring compliance with data protection laws and the EU GDPR is one of the tasks of a data protection officer, employees must ensure that they are taken into account in their day-to-day work.

Companies also run high risks if they neglect email protection. At Totemo, for example, this led to an increase in requests for email encryption in 2018 - and only slowed down noticeably towards the end of the year.

"Since last May, companies from the retail and food industries have been increasingly interested in our solutions"

explains Marcel Mock, CTO of Totemo.

"Businesses in traditionally highly regulated industries such as banking, insurance and pharmaceuticals have been using appropriate solutions for some time."

Last year, an above-average number of small and medium-sized enterprises also requested solutions for secure communications. These included, in particular, so-called professional secrecy holders such as notaries and doctors.

Increasing cloud usage in conjunction with the GDPR is also impacting the order book. Companies moving their email infrastructure to the cloud want additional encryption.