General Data Protection Regulation (GDPR)

General Data Protection Regulation

Uniform data protection for all citizens of the EU

In international comparison, Germany is often referred to as being the country with the strictest data protection laws. The German data protection requirements are derived from the right of informational self-determination and based upon German Basic Law (Grundgesetz - GG) as decided by the Federal Constitutional Court in 1983. However, this understanding of the protection of personal data stands in contrast to the frequent wish of many companies to collect and evaluate as much data as possible about their users and customers, as well as the necessity of processing such data as employee data for administrative purposes.

The EU Parliament approved the General Data Protection Regulation (GDPR) on 27th April 2016. As part of the EU data protection reform already announced in 2012, it forms the foundation for future uniform data protection in all 28 states of the European Union. The new law has come into force since 25th may 2018 - without transition period.

The new law has come into force since may 2018 - without transition period. If you process personal data from eu citizens, you must act now.


The core elements of the GDPR are:

  • Justified interest: A justified interest for processing must exist, e.g. a contractual relationship or a legal obligation (Art. 5 paragraph 1b; Art. 6).
  • Transparency of nature and scale: The controller and processor must ensure that the nature, scale and purpose of processing are transparent and presented in an intelligible and easily accessible form for the data subject (Art. 5 paragraph 1a; Art. 12).
  • Prior permission: The data subject must explicitly and verifiably consent to the processing of his/her data (Art. 6, paragraph 1a; Art. 7).
  • Right to be Forgotten: Also known as Data Erasure, means that when no justifiable reasons for further processing exist, the controller and processor must erase all personal data of a data subject upon his/her request (Art. 17).
  • Personal liability: In future, both the controller and the controller’s contract processor (service provider) will be liable for damages (Art. 82).

Update your processes & data management!

Avoid risks and fully exploit all opportunities – your 6-point plan:

General Data Protection Regulation - penalties & fines

The GDPR focusses in particular upon all topics surrounding electronic data processing; it is adapted to current technical circumstances and partially anticipates new trends. The rules and restrictions defined in the regulation should guarantee protection of the data and personal rights of EU citizens. These restrictions and rules mean that most companies will have to make changes to their existing processes and IT systems. In future, processing of personal data will have to overcome major hurdles and be subject to stronger regulation. Also, breaches of applicable law will no longer be considered a trivial matter. Severe fines of up to 4% of annual global turnover or €20 Million (whichever is greater), as well as the personal liability of responsible individuals in companies, should deter potential perpetrators.

Our whitepaper entitled “Prepare for the EU-GDPR: Your 6-point plan” gives you an overview of the core elements of the regulation, as well as a plan for determining your current status, ready for when the regulation comes into force.

General Data Protection Regulation - your 6-point plan

Are you ready for the data protection reform?

The Uniserv EU-GDPR audit:

Uniserv is the expert for business partner data; and focusses particularly on customer data. In the first step, we provide our customers with an audit to prepare for the time when the regulation comes into force. Currently, the situation in many companies is that neither their processes nor systems are designed or prepared for the regulation. Personal data is organised in silos; is incomplete, inconsistent and full of duplicates. The full extent of the need for action is not clear, and concrete measures can only be implemented with the greatest difficulty.

To be able to achieve a qualified representation, Uniserv offers its Data Quality Audit for the EU General Data Protection Regulation. Within the framework of the audit, our experts examine processes and data quality, following which you receive a qualified representation and transparent overview of any gaps existing, as well as recommendations for concrete remedial measures. You can then react promptly and optimally use the limited time frame for structured preparation until the regulation comes into force.

Learn more and download the fact sheet for the EU GDPR Audit.

The Uniserv EU-GDPR audit

Fact Sheet

Uniserv General Data Protection Regulation Assessment