EU-GDPR
With the increasing internationalization of business, national borders and, among other things, cross-border data traffic are becoming more and more blurred. We are specialized in comprehensive data protection consulting across the entire European legal jurisdiction – especially concerning EU-GDPR.
Global markets, global data processing: The accounting department in Eastern Europe, the customer service in Asia, the media server overseas – transborder data traffic is gaining significance. And the dataflow is not ebbing away but generating increasingly bigger waves.
It is obvious that the volume of data transfer worldwide will grow even more, e.g. through autonomous driving, latest standard mobile networks and the increasing use of high definition media streaming. Along with it grows the challenge of achieving more stability of the law in terms of data protection within international dataflow. In 2016 the EU introduced the General Data Protection Regulation (GDPR), creating a legally reliable basis for all companies making business in the EU. In 2018 these laws became binding.
Important amendments to the
EU General Data Protection Regulation
(EU-GDPR) as of May 25, 2018.
Requirement for a data protection officer
It is still mandatory for all companies – in Germany – with at least ten employees to appoint a designated data protection officer. For some operations, which require special risk assessment, an officer may have to be appointed even when the staff total is less than ten.
Demonstrating compliance
Until recently, it has been common practice to compile documents and reports only when specifically asked to do so by a client or partner (systemic approach). Since the amendment, it is being examined whether documents, structures, and ongoing processes are compliant (factual approach). Due to the EU-GDPR we now deliver all documents necessary for the verification of an accountability framework (PLAN-DO-CHECK-ACT).
Accountability
So far, the Data Protection Officer (DPO) solely worked to implement the guidelines of data protection. Since the introduction of the EU-GDPR, the DPO can now be held accountable within the scope of his functions as he/she bears imputable responsibility.
Infringement fines
Before, penalties of up to € 300,000 were imposed only occasionally, in case of severe violations. Since the adjustments, fines can amount to up to € 20 million or 4 % of a company’s annual revenue.
Depending on which value is higher, the fines are:
- up to € 10 million or 2 %
when the structure of the organization does not meet data protection requirements. - up to € 10 million or 2 %
for unauthorized data processing (e.g. insufficient contracts in non-EU countries) - up to 20 million or 4 %
for violating personal privacy rights of individuals (e.g. non-disclosure agreements)
