DE | EN | RU (0)69 76 75 77 80Mon. - Fri. from 8am to 8pm, Sat. from 8am to 5pm

High Fines under German Data Protection Law

Mar 31, 17 • Privacy LawNo Comments

As of 05/25/2018, the General Data Protection Regulation will enter into force. The innovations will be quite complex and have to be strictly observed by companies that wish to avoid high fines.

Draft of a new data protection law

Although it is a regulatory act (and hence directly applicable in all EU member states), the General Data Protection Regulation includes numerous opening clauses for the national legislators. Therefore, observers keenly awaited how the German legislator would use the scope of freedom left to it by the General Data Protection Regulation. The wait is over now: On 02/01/2017, the federal government adopted the draft version of a new data protection act, which will bear the slightly complicated name “Data Protection Amendment and Implementation Act EU” (Datenschutz Anpassungs- und Umsetzungsgesetz-EU; “DSAnpUG-EU”). The present draft law also contains a draft version of the future Federal Data Protection Act (BDSG).

New BDSG considerably more complex

An initial reading of the draft already confirms the fears that – despite the massive criticism from regulatory authorities, political circles, companies and many expert colleagues – the legislator would draw up the new BDSG in a way that, in comparison with previous standards, has become much more complex, imprecise and not exactly practice-oriented. The companies concerned will have their difficulties in keeping track when wading through the thickets of regulations, exceptions and reverse exceptions.

In addition, it seems that, despite all the criticism, bringing the project to a conclusion cannot go fast enough for the government. It is identified as a matter of urgency – which means that things may move very fast now.

Fines of up to 4% of the sales threatened

Possibly, little adjustments will be made to one provision or another or some details will be ironed out. However, there is no reason for high hopes: As of May 2018 at the latest, companies and their legal advisors will not only have to cope with the new General Data Protection Regulation but also with a new national data protection legislation which is expected to create more problems than it will solve.

For those concerned this means that they should wait at least until the legislative process has been completed while keeping an eye on current developments. Once the framework conditions have been finalized, prompt action will be required. Companies must precisely analyze, which consequences will result from the new legislation. Companies shouldn’t be too casual about this issue: The fines faced in case of infringements can amount to up to 4% of the worldwide (!) sales of previous year. Please do not hesitate to contact us if you need help creating a data protection concept for your company.

Continue reading:
Creating a data protection concept for your company

Stefan Winheller

Attorney Stefan Winheller has specialized in tax law for about 20 years, especially in the areas of cryptocurrencies, foundations/nonprofits and international tax law.

>> show profile

Leave a Comment

Your email address will not be published. Required fields are marked with *

WINHELLER Blog via Newsletter

Subscribe to our free newsletter and receive regular updates on German business law by e-mail. (Mandatory fields are marked with *)

German Business Law News (4 times a year)
I would like to subscribe to the selected newsletter and for that purpose give my consent to WINHELLER to process my above mentioned data. I have read the "Information for Data Processing in the Newsletter Subscription". I understand that I can revoke my consent at any time with effect for the future by clicking the unsubscribe button within the newsletter. *