NEW DATA PROTECTION LAW (DSGVO / BDSG) FROM 25.05.2018
From 25.5.2018, the EU General Data Protection Regulation (“GDPR”) will apply directly and with priority to national law throughout the European Union. At the same time, the new (German) Federal Data Protection Act (BDSG), which specifies the requirements of the GDPR, applies. The implementation of the GDPR obligations in companies and enterprices requires both, legal and technical knowledge. We offer legal and technical data protection advice from a single source, by our experienced lawyers and IT consultants.
DATA PROTECTION ADVICE FROM SINGLE SOURCE – LEGALLY UND TECHNICALLY
This includes support in respect of GDPR documentation requirements (list of processing activities, processor contracts, etc.) and needed technical concepts (technical and organizational measures), as well as support concerning all of the day-to-day legal questions (inquiries and claims of affected customers, inquiries from employees, etc.). If necessary, Dr. Michael Lingenberg LL.M. oec. (BBT Dr. Lingenberg Consulting) is also available as an external data protection officer.
OBJECTIVES, SIGNIFICANCE AND CONSEQUENCES OF GDPR
The aim of GDPR is to create a uniform level of data protection throughout the EU. So far, each EU member state has got its own privacy policies, which are only partially based on EU law. However, since digitization does not stop at national borders, the GDPR shal rectify this situation and, above all, ensure uniform regulations and competitive conditions for data processing. It should be stressed, that GDPR applies not only to data-processing entities based in the EU, but also to those without a seat in the EU, who are addressed to data subjects in the EU.
The GDPR protects personal data. This includes all data that can be used to identify a natural person (“affected person”). The GDPR is addressed to public authorities as well as to all natural and legal persons (“controllers” and “processors”) who process personal data. “Processing” is, for example, the collection, organization, storage, modification, use, transfer and also the deletion of data – in short, any process involving personal data. Each company has got a variety of such data, e.g. employee and customer data, but also suppliers and business contacts often contain a personal reference.
The GDPR commits companies and enterprices to numerous data protection measures and precautions. If these are not met, DPAs may, unlike earlier, impose “effective, proportionate and dissuasive” fines. The DSGVO provides for fines of up to 20 million euros or up to 4% of the total worldwide annual turnover of a company or group of companies.
Please contact us, we would be pleased to assist you.