Lawyers for data protection law in Regensburg and Landshut
We advise you in all matters relating to data protection law.
Already on 25.05.2018 the EU-DSGVO comes into force by decision of the European Parliament. For you as an entrepreneur, many new features came with it. Here it was necessary to check many processes and adapt them if necessary. The new General Data Protection Regulation brings with it many challenges that have never been there before. In particular, the rapidly increasing internationalization in everyday business practices makes it inevitable to deal with the essential data protection regulations.
So far, the companies had to comply with the Federal Data Protection Act. Although this has also undergone various changes, it will have to be subdivided into the General Data Protection Regulation. The spectrum which has to be observed in the regulations and laws is very versatile.
For the DS-GVO also the Federal Ministry of the Interior, for building and homeland has published an extensive documentation which you call here can.
Table of Contents
Here you will find our latest articles on the topic.
In particular, it is still highly relevant for German companies to appoint a data protection officer under certain conditions. We are happy to assist you in answering this question. Each company is under an obligation to examine, document and prove independently whether it is necessary to appoint a data protection officer.
The following three areas need to be reviewed to say if you need to appoint a DPO:
If more than 9 employees regularly deal with automated data processing (collection and use), the obligation exists. This also applies if at least 20 employees are employed who regularly deal with non-automated data processing.
As soon as personal data is processed that informs about a person's ethnic origin, race, political opinion, religious conviction, trade union membership, health or sexual life, it is also mandatory.
Insofar as personal data is transmitted, collected, processed or used in a businesslike manner, the obligation generally exists irrespective of the number of employees.
The competent supervisory authority may impose substantial fines in the event of a breach.
If you need a data protection officer, we are also happy to assist you.
If you process data that poses a high risk to the rights and freedoms of individuals, then you must conduct a so-called privacy impact assessment.
First examples of this can be found in Art. 35 Paragraph 3 GDPR. According to this, these include systematic and comprehensive assessments of personal aspects of natural persons, which are based on automated processing including profiling and in turn serve as the basis for decisions which have legal effects on natural persons or impair them.
A concrete example of this is sports clubs, which record and evaluate the development of individual members digitally.
Finally, the privacy impact assessment can be understood as a risk assessment to protect the rights and freedoms of data subjects.
Further, important changes in the data protection law exist in the further processing of the personal data. Thereafter, data may only be collected for a purpose that has been determined in advance. But this purpose is a stumbling block for many companies. Because of this binding further processing is not allowed. However, there is one exception, namely the extension of the purpose. However, it is only permissible if it is compatible with the original purpose. Thus, it is necessary to check before any further processing whether a purpose extension is possible and permissible.
So far, data protection violations have been penalized with fines of up to 50.000 € or up to 300.000 € depending on their nature. However, the EU Parliament considers such a fine far too low. It was therefore decided that violations of data protection could be punished up to 10 million euros or even up to 20 million euros. If the company is an organization, it is even possible to calculate the fine based on the most recent annual turnover. The company must pay up to 2% or up to 4% of the respective previous annual turnover as a fine - whichever amount (10 million Euro or 2% or 20 million Euro or 4%) is higher.
Our Attorney Stephen Hendel is at your disposal to answer any questions concerning data protection and IT law. However, due to the current high request, we ask that you first make an appointment by phone.