The excellence team's consultancy services encompass the definitions in the GDPR which require further explanation such as "state of the art" and "personal data" as well as case examples dealing with these and other specialist terms. In addition, the team also offers market investigations and basic training sessions at the customer's premises on the topics of cryptography, redundancy, and wireless protocols. To this end, the Rutronik experts discuss the issues directly with the customers so as to determine precisely what problems might arise and how they can be avoided. Nobody knows an individual electronic component better than the component's product manager. The excellence team's thorough preparations allow customers to inform themselves about the weakness of individual components and alternatives to these components which are securer with regard to the new statutory requirements. Taking a closer look at additional aspects together with the experienced engineers and investigating all the applications across all the ISO/OSI layers is also recommendable.
"Manufacturers of electrical devices are very aware of the importance of security, but in such a short time have presumably not had the opportunity to investigate all the aspects and ramifications of the new legislation for their products," said Bernd Hantsche, Managing Director Embedded & Wireless and initiator of the GDPR campaign at Rutronik. This could allow competitors to lodge complaints about lacking GDPR conformity with courts and attempt to halt sales. This is where Rutronik comes into play as an external service provider with a wealth of expertise: "As such, a discussion with us is a sensible precautionary measure allowing you to identify competitors' possible arguments before May 2018 and prepare for them." From a legal perspective, however, the customer bears all responsibility.
A regulation with far-reaching consequences
The regulation, which will come into force and be legally binding throughout the European Union on May 25, 2018, stipulates stricter requirements in Article 25 "Data protection by design and by default" and Article 32 "Security of processing" for the production of electrical equipment than its predecessor, the German Federal Data Protection Act (BDSG). Should a company fail to comply with the requirements of these two articles, it could face penalties of up to €10 million or two percent of its turnover.