{"id":36872,"date":"2018-05-25T10:43:08","date_gmt":"2018-05-25T08:43:08","guid":{"rendered":"https:\/\/owncloud.com\/?p=36872"},"modified":"2020-10-21T15:30:17","modified_gmt":"2020-10-21T15:30:17","slug":"welcome-to-a-gdpr-world","status":"publish","type":"post","link":"https:\/\/owncloud.com\/de\/blogs\/welcome-to-a-gdpr-world\/","title":{"rendered":"Welcome to a GDPR World"},"content":{"rendered":"

Today on May 25, 2018 is the day that the EU-General Data Protection Regulation (GDPR) has officially been put into effect. For the past two years companies have been working to make sure that their companies are GDPR compliant in order to avoid penalties. If businesses fail to comply, fines of up to 20 million euros or 4% of the world\u2018s annual turnover<\/a> might be the consequence. But now that it\u2019s finally here, what does it mean?<\/p>\n

Well, according to The Verge<\/a>\u2019s Sarah Jeong<\/a>, \u201cno one is ready \u2014 not the companies and not even the regulators.\u201d And at the time of writing this blog, the GDPR informational website<\/a> is down; perhaps a sign that it has been completely overwhelmed by last minute scramblers?<\/p>\n

\n

\u201cIn a survey of over 1,000 companies conducted by the Ponemon Institute<\/a> in April, half of the companies said they won\u2019t be compliant by the deadline. When broken down by industry, 60 percent of tech companies said they weren\u2019t ready.\u201d
\n– Sarah Jeong, The Verge<\/p>\n<\/blockquote>\n

 <\/p>\n

But What is the GDPR?<\/strong>
\nAs stated, the GDPR site is currently down, so I will refer to Slate\u2019s simplified description<\/a> of the mandate:<\/p>\n

EDIT 19.06.2018:\u00a0https:\/\/www.eugdpr.org\/ is back online.<\/em><\/p>\n

\n

\u201cThere are a host of new requirements rolled into the GDPR. Companies will now have to report data breaches within 72 hours and allow people to access the private data that has been gathered on them and find out how it\u2019s being used. Users also have the \u201cright to be forgotten,\u201d allowing them to demand that companies remove certain personal information from the internet, and the right to opt out of sensitive data collection. The GDPR further broadens the definition of \u201cpersonal data\u201d to include locations, browsing history, IP addresses, and other information.\u201d<\/p>\n

– Aaron Mak, Slate<\/p>\n<\/blockquote>\n

Ok, so it\u2019s understandable that many companies are working to be compliant, but the regulators aren\u2019t even ready?
\nAccording to Reuters<\/a>,<\/p>\n

\n

\u201cSeventeen of 24 authorities who responded to a Reuters survey said they did not yet have the necessary funding, or would initially lack the powers, to fulfill their GDPR duties\u2026 Many watchdogs lack powers because their governments have yet to update their laws to include the Europe-wide rules, a process that could take several months after GDPR takes effect\u2026\u201d<\/p>\n

– Douglas Busvine, Julia Fioretti, Mathieu Rosemain<\/p>\n<\/blockquote>\n

What a Mess!<\/strong>
\nIt\u2019s a good thing that you are an ownCloud user and, therefore, do not have to worry about any of this.
\nownCloud offers you a secure file-sharing alternative to conventional public cloud offerings. Through on-premises installation and a variety of administration and security features<\/a>, you not only gain full control of your data, but a truly private cloud<\/a> for your business that is fully compliant with the GDPR.<\/p>\n

When somebody is running ownCloud for you, make sure that they are in the EU jurisdiction or monitor regulatory changes to things like privacy shield very closely! Keep in mind that with the recent Cloud Act your data can be monitored \u2013 without your knowledge by US agencies at any time.
\nThe barrier for issues of National Security just got lowered this week dramatically \u2013 asked for by the President the US Ministry of Trade is inquiring if normal car imports are affecting National Security.<\/p>\n

Here is an overview of how ownCloud meets the GDPR requirements:<\/p>\n