GDPR fines concretised

August 25, 2020

On 14 October 2019, the "Conference of the Independent Data Protection Supervisory Authorities of the Federation and the Länder" decided how violations of the GDPR are to be punished. This concerned the amount of possible fines. The draft is based on the concept of the European Data Protection Committee (EDSA) from 2018. On this basis, the base value for minor cases is now assumed to be between €972 for micro-enterprises and just under €700,000 for large companies. For very serious offences, however, sums of up to the already known 4% of the company's annual turnover are possible.

Calculation of fines based on company turnover

The calculation is done in five steps:

  1. The company is assigned to a size class.
  2. The mean annual turnover of the size class subgroup is determined.
  3. The basic economic value is determined.
  4. The basic value is multiplied by a factor depending on the severity of the circumstances of the offence.
  5. The determined value is adjusted on the basis of various criteria.

This procedure is intended to guarantee a comprehensible and transparent form of fine assessment. It is also intended to serve as a deterrent. Even for companies in the smallest category, fines of several thousand euros can be imposed for minor and medium violations of the GDPR.

To prevent these as far as possible, or at least to reduce the multipliers, Libelle AG offers tools for some areas of TOMs.

Taking data out of the line of fire

Avoid access to GDPR or compliance-relevant data in non-production environments: LibelleDataMasking (LDM) Anonymises these systems, both for SAP and non-SAP systems. Already on board are a variety of standardised profiles and methods. The result is real-looking data that no longer has a concrete personal reference, but still makes logical sense. Thus, despite anonymisation, "real" and consistent data are available on the test systems.

In this way, you meet the requirements of general data protection, the GDPR and internal specifications on your test systems. Because there is no longer any sensitive real data there. Developers and external consultants can therefore continue to have full access and carry out meaningful analyses on the basis of realistic data.

Another solution in the GDPR environment is Libelle MDPT - Master Data Protection Tool. This allows you to lock master data in the production system in accordance with the GDPR on a regular basis or upon request, provided that business transactions have been completed. You can use the MDPT Data Vault to make blocked master data available only to persons and institutions with a legitimate interest. In this way, you make GDPR-relevant master data entries unrecognisable and still keep your data consistent. In this way, you can maintain the quality of your master data at a high level with little effort. Another advantage: Thanks to the "ready to run"concept, the solution is installed in just a few days and can be used immediately.

Next article Previous article
More news articles
August 25, 2020 Clone2Cloud - Automated system clones into the cloud or within the cloud
August 25, 2020 Significant acceleration of the order-to-cash process | Services | Solution: ABAP Development
August 25, 2020 BadenIT - Higher SLA through automated system copies | Solution: Libelle SystemCopy

All news articles