The Legal 500

Twitter Logo Youtube Circle Icon LinkedIn Icon

GRP Rainer LLP

AUGUSTINERSTRAĂźE 10, 50667 COLOGNE, GERMANY
Tel:
Work +49 221 272 27 50
Fax:
Fax +49 221 272 27 52 4
Email:
Web:
www.grprainer.com
Berlin, Bonn, Cologne, Dusseldorf, Frankfurt, Hamburg and 3 more

Show all Press releases

General Data Protection Regulation (GDPR) must be implemented by May 25, 2018

May 2018

Businesses need to keep May 25, 2018 in mind. This is the day when the EU General Data Protection Regulation, GDPR for short, officially comes into force.

Following a two-year transitional period, the GDPR will come into full force and effect on May 25, 2018, thereby replacing an EU directive dating back to 1995. The GDPR is meant to create a uniform standard for data protection within Europe and provide consumers with greater protection in the digital age. The GDPR shall have precedence over national law. Notwithstanding this, we at the commercial law firm GRP Rainer Rechtsanwälte note that the European Regulation leaves many details open and provides for a certain amount of leeway for national rules and regulations.

In principle, the GDRP applies to all businesses within the EU that gather, record and process personal data. It concerns not only customer or client data, but also data pertaining to company employees. Businesses will now be subject to extensive information and documentation obligations. The more sensitive the data collected is, the stricter the data protection rules are.

For businesses, the implementation of the GDPR means more stringent requirements relating to data protection compliance, especially considering that violations of the Regulation can be severely punished. Fines of up to 20 million euros or up to 4 per cent of worldwide annual turnover can be imposed. Moreover, violations of the GDPR may also be penalized as violations of competition law.

Businesses need to communicate what personal data is being gathered and for what purpose. Personal data refers to information such as name and address, contact details, birthday, IP addresses etc. In short, all data that is likely to allow a person to be identified. This data cannot be collected without consent and has to be processed for a specific purpose or purposes in a transparent and comprehensible manner. Additionally, those concerned have the “right to be forgotten”, i.e. the data must be deleted once the purpose has been achieved. To ensure that data is protected, appropriate technical precautions need to be taken.

The GDPR entails complex changes to data protection law which businesses and employers need to be prepared for. Should violations of the GDPR occur, one should also anticipate formal warnings. To prevent this from happening, it is necessary to obtain expert legal advice or even appoint an external data protection officer.

https://www.grprainer.com/en/legal-advice/it-law-and-media-law/data-protection.html

Legal Developments by:
GRP Rainer LLP

Legal Developments in Germany

Legal Developments and updates from the leading lawyers in each jurisdiction. To contribute, send an email request to