According to our own estimates, only around one in eight companies will have fully implemented the requirements of the General Data Protection Regulation by the deadline," says Susanne Dehmel, Member of the Bitkom Management Board for Legal Affairs and Security. The statement is based on a Bitkom study which states that only one in two companies in Germany has sought help from external experts in implementing the EU General Data Protection Regulation (EU GDPR). "Given this low proportion and the level of potential fines, the rather low use of external help with implementation is surprising," continues Dehmel. In future, a breach of data protection law could cost up to 4% of annual income or 20 million euros.

The objectives of the EU GDPR are to protect the fundamental rights and freedoms of natural persons and, in particular, their right to the protection of personal data and the free movement of personal data. In future, for example, every person in the EU will be entitled to request an overview of all personal data stored about them by a company - including the purposes for which it is used. Furthermore, a data subject can request their deletion or irreversible anonymization. In general, data may only be stored or enable the identification of individuals for as long as is necessary for the purposes for which it is processed or if the respective data subject has given their consent. Accordingly, the purposes for which the data is used must be fully recorded and documented along with the data.

The GDPR also plays an important role in Industry 4.0, which is characterized by information technology networking and the combined use of innovative technologies - such as the Internet of Things, cyber-physical systems, cloud computing and big data. According to the VDMA, these technologies bring with them a number of data protection challenges, as Industry 4.0 production methods generally generate added value from the combination of numerous individual data, whereby it is often possible and intended to draw conclusions about individuals (such as employees, end users or other third parties affected by sensors) and, for example, profiles can also be created about the persons concerned.

The VDMA is therefore providing support with a guideline that outlines the most important principles of data protection and provides companies with a helpful tool for managing the data protection of personal data in their own company. Further information can be found at the Hannover Messe (Hall 8, Stand D08) or on the VDMA website.

GDPR-compliant ERP systems

ERP provider Asseco Solutions (Hall 7, Stand D26) believes that compliance with the GDPR is such a challenge that quite a few companies are almost resigned to the abundance of regulations and different approaches to their implementation. This is why the company is now providing users of its ERP software with a tool to meet the strict requirements of the GDPR within their ERP system as part of a new 'Solution Pack'. The Solution Pack expands APplus with key new functions for implementing the EU regulations. These include a GDPR-compliant anonymization function, the introduction of purposes of use as a new master data and protection against unauthorized processing for the highest possible level of data protection.

IFS (Hall 7, Stand E26) is also making its IFS Applications and IFS Field Service Management business software GDPR-compliant. New functions support the storage and processing of personal data in accordance with the EU General Data Protection Regulation.