On 7 November 2018, the data protection authority of the Free State of Bavaria, Germany, issued a press release that, now that the European General Data Protection Regulation (GDPR) has been in effect for six months, the authority will intensify its GDPR compliance monitoring. The Bavarian data protection authority is responsible for monitoring GDPR compliance in the state of Bavaria within the non-public sector. The authority’s intensified monitoring activities will, in general, concern cybersecurity vulnerabilities and GDPR information duties.
For example, the authority will monitor whether online shops whose operations are based in Bavaria and local doctors’ practices have adequate cybersecurity measures in place. According to the authority, in recent months, online shops were increasingly the target of attacks in which the hacker tried to gather customers’ payment information. In doctors’ practices, increased use of “ransomware” has been reported. This type of malicious software allows an attacker to, inter alia, block access to certain data until a ransom is paid. The authority is also concerned with whether small and medium-sized companies have provided job applicants with sufficient information on how their personal data is processed in the company’s application process.
Another focus of the authority’s monitoring will be whether major companies satisfy their GDPR accountability obligations. Under the GDPR, the data protection authorities do not have to provide evidence of non-compliance. Rather, upon request, the data controller itself has to demonstrate to the respective authority that it is in compliance with its obligations. To collect information on the implementation of the GDPR within major companies, the Bavarian authority has provided such companies with a questionnaire .
Other state data protection authorities are likely to follow the Bavarian example of intensified monitoring.
This article was originally published on AllAboutIP – Mayer Brown’s blog on relevant developments in the fields of intellectual property and unfair competition law. For intellectual property-themed videos, Mayer Brown has launched a dedicated YouTube channel.