What is the GDPR?

The GDPR (General Data Protection Regulation) is the data protection regulation (statutory order) by the European Union (EU) which will be effective from May 25th, 2018. It replaces all other laws of member states in the European Union. Other additional laws in countries can enhance the GDPR, i.e. GDPR and the Federal Data Protection Act (DSAnpUG-EU) are the data protection law amendments in Germany.

The GDPR protects the personal data of EU citizens within the EU, e.g. name, addresses, email, date birth etc. In the terminology it applies to both the Controller (and organization that collects personal data from EU citizens) and the Processor (an organization that processes the personal data of EU citizens). The GDPR addresses both parties irrespective of their location. The regulations also applies to organizations outside the EU that process the personal data of individuals residing in the EU.

Non-compliance with the GDPR can lead to significant penalties, 2% or 4% of a company´s world-wide transaction volume or up to 10 or 20 million Euro depending on the incident. Controller and Processor are jointly and severally liable.

What is required for organizations to comply with the GDPR?

  • A data protection officer (depending on local laws and company size)
  • A register of processing operations (both: Controller and Processor)
  • A contract regulating data for both Controllers and Processors
  • A wide range of documentation (e.g. data protection concept, guidelines, etc.)

What does Riege Software do to comply with the GDPR?

  • Riege Germany employs a data protection officer and an internal data protection team
  • Riege maintains a register of processing operations
  • Riege maintains data protection contracts:
    • Will be available in time for Scope customers (Controller)
    • Between all Riege affiliates
    • With all service providers that operate on personal data
  • Riege provides a Data Protection strategy plus a Data Protection Management System
  • Riege conducts internal audits and comprehensive external audits by the data protection officer
  • Riege has guidelines and technical as well as organizational measures to ensure the security of data
  • Riege personnel are liable for data privacy

The enumerations mentioned above do not claim completeness, but they respect the most common questions asked by Riege customers and partners. In general, you can be assured Riege undertakes everything legally required and humanly possible to cover the GDPR.

If you have any more questions, feel free to consult your contact at Riege Software.