After the many speculations about the inspections of the GDPR implementation, the Bavarian State Office for Data Protection Supervision (BayLDA) has started with a new round of questionnaire dispatch (available online)and on-site inspections. According to the BayLDA press release, the focus is on the secure operation of online shops, encryption protection in doctors’ offices, the fulfilment of accountability obligations and the information obligations at companies.
It is pointed out in the press release that the aim of the controls is not to overburden small businesses, but to sensitise organisations to possible sources of risk. On-site visits to selected companies are also planned in addition to the written checks in order to check the accuracy of the information, according to the BayLDA.
Furthermore, data protection violations at (sub)contract processors are to be examined in 2018, as the ratio of notifications from responsible persons, in contrast to notifications of data protection incidents from international service providers, has not risen proportionally according to the BayLDA.In this context, several larger data-driven companies with international service providers are likely to be audited, also on site.
Moreover, the Bavarian data protection authority is focusing on the timely deletion of data in ERP systems in accordance with the GDPR in December 2018. The press release does not indicate which companies are likely to be affected.