On 14 October 2019, the "Conference of the Independent Data Protection Supervisory Authorities of the Federation and the Länder" decided how violations of the GDPR are to be punished. This concerned the amount of possible fines. The draft is based on the concept of the European Data Protection Committee (EDSA) from 2018. On this basis, the base value for minor cases is now assumed to be between €972 for micro-enterprises and just under €700,000 for large companies. For very serious offences, however, sums of up to the already known 4% of the company's annual turnover are possible.
The calculation is done in five steps:
This procedure is intended to guarantee a comprehensible and transparent form of fine assessment. It is also intended to serve as a deterrent. Even for companies in the smallest category, fines of several thousand euros can be imposed for minor and medium violations of the GDPR.
To prevent these as far as possible, or at least to reduce the multipliers, Libelle AG offers tools for some areas of TOMs.
Avoid access to GDPR or compliance-relevant data in non-production environments: LibelleDataMasking (LDM) Anonymises these systems, both for SAP and non-SAP systems. Already on board are a variety of standardised profiles and methods. The result is real-looking data that no longer has a concrete personal reference, but still makes logical sense. Thus, despite anonymisation, "real" and consistent data are available on the test systems.
In this way, you meet the requirements of general data protection, the GDPR and internal specifications on your test systems. Because there is no longer any sensitive real data there. Developers and external consultants can therefore continue to have full access and carry out meaningful analyses on the basis of realistic data.
Another solution in the GDPR environment is Libelle MDPT - Master Data Protection Tool. This allows you to lock master data in the production system in accordance with the GDPR on a regular basis or upon request, provided that business transactions have been completed. You can use the MDPT Data Vault to make blocked master data available only to persons and institutions with a legitimate interest. In this way, you make GDPR-relevant master data entries unrecognisable and still keep your data consistent. In this way, you can maintain the quality of your master data at a high level with little effort. Another advantage: Thanks to the "ready to run"concept, the solution is installed in just a few days and can be used immediately.