All in all, the GDPR is a good basis for every consumer and all those affected by data processing. This is because they are protected by the GDPR. In addition, GDPR regulations also affect the rights of employees.
These rules are relevant for all companies with employees. This then means that numerous companies are doubly affected, as it concerns the privacy of employees (employment data protection), as well as those of customers, suppliers, and website visitors.
Of course, the GDPR is of relevance for those employed as data protection officers. The regulations considerably increase the number of these throughout the continent. All public authorities and all companies, whose core activity relates to the handling of personal data, have to appoint a company-wide data protection officer. Even if a business’ core activity is not related to data processing, if it is the case that at least twenty people are constantly engaged in the automated processing of personal data on the premises, then a data protection officer must be appointed. This is most likely the case for many medium-sized companies. Companies affected by this scheme must have taken the appropriate measures already.
Even for data protection officers who are already employed by a company, the GDPR represented a major change. This is because their role in the company has fundamentally changed. If the data protection officer has been working towards data protection conformity previously, they are responsible for monitoring the implemented measures. In other words, the scope of duties has expanded significantly, which of course subsequently increased their potential for liability.
Overall, the regulations increased the workload for data protection officers. They had to familiarize themselves with the new legal situation. However, the laws also had positive aspects for them. Their expertise is in great demand and, as well as this, their position in the company is enhanced due to the increasing number of tasks. Article 39 of the GDPR actually refers to the tasks of a data protection officer. Some of these include informing and advising in relation to the GDPR as well as other data laws, monitoring GDPR compliance, advising on the impact of the regulations, and being available for any enquiries.
The following is a summary of the General Data Protection Regulations, focusing particularly on the core tasks and effects for website operators and companies.