Press Release


Kapsch Security Day: The long road to data protection

The new EU General Data Protection Regulation (GDPR) is forcing companies to act quickly. Kapsch BusinessCom assists in legally compliant implementation.

Vienna, July 5, 2017 – It’s no laughing matter: Companies could face fines of up to EUR 20 million, or 4% of their global revenue, for violating the new General Data Protection Regulation (GDPR). The European Union is taking a “maximum shock value” approach: Starting on May 25, 2018, the new statute will massively increase the scope of protections afforded to personal data to include identified or identifiable natural persons, reported Markus Dörfler, attorney at the law offices of Höhne, In der Maur & Partner Rechtsanwälte, on June 21 at Kapsch Security Day in Schönbrunn, Austria. The Regulation expressly covers genetic and biometric data as well as profiling. Compliance will be monitored by a new supervisory agency to which violations are to be reported within 72 hours.

Even less agreeable is the requirement to personally notify all individuals concerned. If this would involve disproportionate effort, the data subjects must be informed via a public communication. “That can quickly lead to a loss of valuable trust among customers,” warns Markus Dörfler. Companies will need to begin implementing the Regulation as quickly as possible to meet the new requirements by next year’s May 25 deadline. “The authorities will start checking compliance from the effective date of the Regulation. If you haven’t done your homework, you could quickly encounter problems,” adds Dörfler.

Schedule of responsibilities for companies

What can businesses do? No company will be able to avoid working through an extensive, complex schedule of responsibilities – a task that will have to be performed as quickly and conscientiously as possible. Anyone collecting customer data must not only obtain the customer’s express consent, but also be able to document that consent. Moreover, suitable technical and organizational measures must be taken to protect data privacy. Consideration must be given to the state of the art, the cost of implementation, and the nature, scope, context, and purposes of processing the data as well as the risks of varying likelihood and severity. The Regulation also includes a data minimization provision stipulating that data may only be collected and processed for good reason. All of this must be documented in detail.

Kapsch BusinessCom helps identify data protection risk

Kapsch began implementing the new requirements back in January of last year, for which purpose it formed its own data protection organization. “The difficulty here was that the subject matter covered by the GDPR is highly complex and wide ranging, and the wording in the Regulation is unclear and vague,” notes Günter Wildmann, Chief Privacy Officer at Kapsch. The first step was to collect the data and assess its risk potential. “Share Point was ideal for data collection, but risk management will be the real challenge. This is because it will be necessary to manage risk in order to comply with the Regulation.” The solutions for this still had to be designed, even at Kapsch. “What we did was basically learning by doing,” recalls Wildmann.

Now customers can also benefit from the experience gained by Kapsch in implementing the Regulation. “We support companies in carrying out a data protection risk assessment, or we conduct an internal audit to gauge the technical risk impacting the security of the internal infrastructure,” explains Robert Jankovics, Teamlead Information Security Audit & Assessment at Kapsch BusinessCom. The expert recommends CRISAM from Calpana as a data protection management system that allows for planning, organizing, managing, and monitoring of the legal and operating requirements placed on data protection.

Kapsch BusinessCom, a Kapsch Group company, supports companies in taking their business performance to the next level and developing new business models. As a leading partner in digitalization, the company operates as a consultant, system supplier, and service provider. Kapsch BusinessCom is the ideal partner for keeping abreast of rapidly evolving digital technologies thanks to its widespread expertise in handling large quantities of data and matters of security, in addition to the valuable experience gained from successful implementation of a variety of use cases across numerous industries. The company’s comprehensive portfolio in Austria and the CEE countries includes technology solutions for intelligent and – most importantly – secure ICT infrastructure along with smart building technology, media and security technology, and outsourcing services. Kapsch pursues a strategy of manufacturer independence, cooperates with leading global providers such as HP, Cisco, and Microsoft, and participates in a wide network of research partners and industry-specific solution providers ranging from startups to major corporations.
Kapsch BusinessCom services more than 17,000 customers both locally and globally, including Allianz, Erste Bank, ÖBB, OMV, ORF, and Vodafone. In fiscal year 2016/17, Kapsch BusinessCom generated revenue of approximately EUR 320 million with its 1,200 employees. As a family-owned company headquartered in Vienna, Austria, in 2017, Kapsch celebrates 125 years of successfully developing and implementing new technologies for the benefit of its customers.

Follow us on Twitter:

Press contact:

Alf Netek
Chief Officer Marketing & Communications
Kapsch AG
Am Europlatz 2, 1120 Vienna, Austria
Phone +43 50811 1700

Jutta Hanle
Vice President Marketing & Communications
Kapsch BusinessCom AG
Wienerbergstraße 53, 1120 Vienna, Austria
Phone +43 50811 5787