Login / Sign Up
Blog Posts Business Management
Contributed on December 29, 2017
Loading 1.7K
924

GDPR: No part of a group is to small for appropriate focus

Blog: Capgemini CTO Blog

When having an initial discussion with a company representative, we talked about where they are, what they initially have to do and a very rough roadmap what needs to happen until May 25 2018 and beyond. The actual scope of work was limited and a decent view on the IT landscape seemed to be in place. When we started to get into the applications not directly managed by the company, including 3rd party SaaS, a bit of a twist to the overall risk landscape was identified. A couple of the systems was mentioned to “be taken care of by the group”, such as HR and a few other support systems.

It turned out that the company is a part of a the very large global group, and not a stand-alone separately owned company as I assumed.

Article 83:
“6.Non-compliance with an order by the supervisory authority as referred to in Article 58(2) shall, in accordance with paragraph 2 of this Article, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.”

This means, in this case, that 4% of the groups global yearly turnover exceeds the total yearly turnover of the company I talked to by >10 times, possibly even >15 times. In other words, the fact that this small company get very little support from the global organization in terms of “systems and applications they manage themselves”, and very little auditing on the progress and actions taken, can have a tremendous effect globally.

How this will be calculated by the SAs in case of fines remains to be seen, but you need to be aware of the question to ask yourself:

Are you, despite being a small company, part of a large group?

This question is very much relevant and should, despite the effort needed to meet the GDPR requirements anyway, be taken into consideration and visualised to management when discussing funding for the work to be done.

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="https://www.businessprocessincubator.com/content/gdpr-no-part-of-a-group-is-to-small-for-appropriate-focus/?feed=html" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples

BPMN.org

XPDL.org

×