As of 05/25/2018, the General Data Protection Regulation will enter into force. The innovations will be quite complex and have to be strictly observed by companies that wish to avoid high fines.
Draft of a new data protection law
Although it is a regulatory act (and hence directly applicable in all EU member states), the General Data Protection Regulation includes numerous opening clauses for the national legislators. Therefore, observers keenly awaited how the German legislator would use the scope of freedom left to it by the General Data Protection Regulation. The wait is over now: On 02/01/2017, the federal government adopted the draft version of a new data protection act, which will bear the slightly complicated name “Data Protection Amendment and Implementation Act EU” (Datenschutz Anpassungs- und Umsetzungsgesetz-EU; “DSAnpUG-EU”). The present draft law also contains a draft version of the future Federal Data Protection Act (BDSG).
New BDSG considerably more complex
An initial reading of the draft already confirms the fears that – despite the massive criticism from regulatory authorities, political circles, companies and many expert colleagues – the legislator would draw up the new BDSG in a way that, in comparison with previous standards, has become much more complex, imprecise and not exactly practice-oriented. The companies concerned will have their difficulties in keeping track when wading through the thickets of regulations, exceptions and reverse exceptions.
In addition, it seems that, despite all the criticism, bringing the project to a conclusion cannot go fast enough for the government. It is identified as a matter of urgency – which means that things may move very fast now.
Fines of up to 4% of the sales threatened
Possibly, little adjustments will be made to one provision or another or some details will be ironed out. However, there is no reason for high hopes: As of May 2018 at the latest, companies and their legal advisors will not only have to cope with the new General Data Protection Regulation but also with a new national data protection legislation which is expected to create more problems than it will solve.
For those concerned this means that they should wait at least until the legislative process has been completed while keeping an eye on current developments. Once the framework conditions have been finalized, prompt action will be required. Companies must precisely analyze, which consequences will result from the new legislation. Companies shouldn’t be too casual about this issue: The fines faced in case of infringements can amount to up to 4% of the worldwide (!) sales of previous year. Please do not hesitate to contact us if you need help creating a data protection concept for your company.
Creating a data protection concept for your company