My View on the General Data Protection Regulations

Post by Christopher Smid

Only a few Days left until the General Data Protection Regulations kick in

In a few days, everyone will feel like they have graduated from college again. The time to implement the General Data Protection Regulations (GDPR) or also know as “Datenschutzgrundverordnung (DSGVO) will end at 11:59pm. Many firms are waiting until next week to start with the first implementation, some have been working on it for months and some people will finish just on time. I guess, nothing has changed since college.

If you run an a data-heavy business or are part of a larger corporation, you are most likely part of a group of people that don’t have to worry too much anymore. You have been notified by your lawyers 2 years ago that there are some changes coming. However most of the people are not prepared and if you are prepared, you are still worried if you comply with all the regulations that have been set.

At this point, it is important to inform you, that most likely only a handful of firms will be complying with the GDPR to 100%.


Who is affected by the GDPR / DSGVO?

Everyone who is interacting with personal data of European citizens has to comply with the regulations. Many people are confused by the term “personal data” and believe that the term focuses on consumer or customer data, this is not true. The information about your employees, service partners, and logistic partners are also personal data. Meaning, if you are currently a one-man-show startup or a 200 employee strong business, you have to comply with the GDPR in one way or another (B2B or B2C in the EU).

The easiest way to put it, if you are hosting a website for your business and you have traffic coming in from EU Citizens, you are part of the GDPR.


Help! What can I do?

First of all, breath and remember that you are not alone. When you wake up on the 26th of May, you won’t get a phone call from your lawyer letting you know there is a 2.000.00 € lawsuit coming your way.

At this point in time, you will most likely not be able to implement every change if you haven’t started yet. However, you are able to set the foundation for your further efforts.There is enough information online for everyone to read for the next few years. Inform yourself about the fundamental changes and what you can do to take the first steps.


The 2 biggest task for firms:

  • Make a list of every department, what data they work with, how they work with the data, who has access to that data and what measures have been taking to secure that data.
  • Make a list of service providers you work with, that stores personal data of you, your consumer, your employees or anything else and ask them what you need to do.

The key aspect is to show effort this late in the process. If your firm is not yet complying with all regulation, take the needed measures to build the needed foundations and build from that.


This is just crazy!

The changes of the GDPR / DSGVO are designed to Facebook and Google, and this can be frustrating for a lot of firms. However, if we are being honest with ourselves, the basic principles and the idea is way overdue and the effects of that have been visible in the news for the last months.

Still, I believe that many principles of the regulations cannot be implemented in every market. Two key design flaws of the regulations are, not to differentiate between a B2B and B2C Markets and declaring every personal data aspect to a white house security level.

Say for example you are visiting the biggest fair for your market and you ordered 200 brand new business cards to hand out in the next few days. At the end of the 2 days, you have handed out most of your business cards and are holding almost 200 new ones. Back in the office, you will upload all the new contacts into your sales software, to follow up on any conversations you have. However, before you are able to follow up you will need to send the business card owner a formal Email notifying her or him, that their contact information is now stored in your systems and that if he wants to opt-out he can do this by contacting you. After you have written this email you will have received 200 emails notifying you as well, that your contact information is now stored in their systems.

Whoever doesn’t know that their contact information is stored somewhere after handing it out, should not hand out business cards at all. You shouldn’t need to notify them about saving the contact information.

Therefore I believe that the current regulations will not stand as they are today, change will come in the near future. Despite that, firms will need to take action and we will all learn more about data privacy in the past 10 years.


I want to know more about the GDPR / DSGVO and I have some questions.

We have worked closely with our clients to prepare them for the regulation changes. During that process, we have gained interesting and powerful insights.

If you are looking for a young and energetic group of entrepreneurs to help you out. We would love to get in contact with you help you.

We are not lawyers but we can share some of our insights and take a look at your current organizational situation – from a purely pragmatic point of view. A fundamental view of your structure and a list of your highest pain points is the first step into a GDPR / DSGVO friendly life.

No one will be done on the 25th of May, even if you believe you are the GDPR doesn’t stop after that Date. It’s at that point in time, where the GDPR will take a real effect on your business. You need to be able to understand the regulations and the implications for new processes within your company.


A sign that none of the regulators really ever developed a digital product is, setting the go live for a Friday evening. Just so that the problems can come flying in, first thing on Saturday when no one is working. If you have ever launched a digital product on a Friday, you will know what I am talking about.

Simply book a free appointment to continue the conversation, and ask us questions about your business.