• Press
  • Offices
  • Contact
  • Legal notice
  • EN
  • UPC
  • Firm
    • Main Focus
    • History
    • Guiding Principle
    • Code of Conduct
    • Awards and Rankings
  • Our Practice
    • Legal Areas
    • Industries
  • Our Team
  • News & Events
    • News
    • Events
    • UPC-Update
    • IP-Update
    • Publications
    • B&B Bulletin
  • Career
  • Menu Menu
FIND EXPERTS
  • UPC
  • Firm
  • News & Events
    • News
    • Events
    • UPC-Update
    • IP-Update
    • Publications
    • B&B Bulletin
  • FIND EXPERTS
  • Contact
  • Our Practice
  • Career
  • Offices
  • EN
  • Legal Areas
  • Industries

Countdown to GDPR – Beware of the new Data Protection Rules

1. February 2018/in Issue February 2018, Data Protection

In about four months, on 25 May 2018, the European General Data Protection Regulation (GDPR) will enter into force. The new law will not only apply to European companies but also to Non-European companies acting on the EU market. Besides a number of new obligations and adapted requirements, the GDPR comes with a considerably strengthened system of sanctions. With our series “Countdown to GDPR” published in our upcoming B&B Bulletin issues, we want to provide an overview on the most relevant changes in the new law as a basis for a timely review of data protection compliance.

25 May 2018 is a date that should be marked in the calendar of all companies collecting and using personal data within the European Union. On this date the existing data protection rules in all EU Member States will be replaced by the new General Data Protection Regulation (Regulation (EU) 2016/679 – GDPR). The GDPR will apply to practically all acts of data processing taking place within the EU or aiming at EU subjects and therefore is of relevance for European Union as well as Non-European Union companies.
Companies are faced with a considerable need for adaption, and anyone who has not previously had data protection compliance on the agenda should do so by now at the latest. As the GDPR does not provide for a transitional period, all data processing operations must comply with the new law as of 25 May 2018.
In this article we will outline some important aspects and new provisions. In the next newsletter issues, under the heading “Countdown to GDPR”, we will focus on specific topics that should be considered and addressed by all companies before 25 May 2018.

New data protection law

lawThe new data protection law is based on Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR), which will be applied uniformly in all EU Member States from 25 May 2018.

What will remain? What will change?

Many of the data protection mechanisms and principles that are known from the existing data protection law will also apply under the GDPR. In particular, the basic principle that all use of personal data is prohibited unless covered either by the consent of the person concerned or by a specific statutory permission was adopted in the GDPR.
However, the new data protection law also entails a whole series of changes:

Territorial applicability

The GDPR is not only binding to entities based in the EU, but is also applicable to any non-European data processors where data of EU citizens is concerned and where data processing is related to the provision of goods or services or to the observation of the behavior of EU citizens. For example, a US-based company that collects and processes data of EU citizens (e.g. running an online-shop) will in future be subject to EU data protection legislation

Accountability

As of the end of May 2018, companies will have an increased degree of accountability when handling personal data. Companies have a non-delegable liability for compliance with the GDPR. Their accountability, however, does not only include legal compliance but also obligatory documentation of compliance measures within the framework of a real accountability towards authorities. In the future, companies will have to keep directories of all data processing operations with legally prescribed information and, under certain conditions, carry out so-called data protection impact assessments (DPIA).

Processing on behalf of a Controller

A common constellation, especially in the digital environment, is that one company (controller) commissions another company (contractor) to process personal data in accordance with its instructions. The applications are diverse and include, for example, hosting contracts, IT maintenance contracts, HR services and payment services. Practically every company that works with external service providers faces the constellation of commissioned data processing.

Commissioned data processing will also be available under the GDPR and will even be available to contractors outside the EU. Although the principal of responsibility for compliance with data protection regulations will continue to lie primarily with the controller, the GDPR imposes an increased liability on the contractor, and also introduces the new concept of a joint liability which does not exist under the current law.

These changes thus affect the contractual relationship and therefore require reviewing and adjusting the existing contracts with external service providers such as hosting providers, payment providers etc.

Sanctions

The GDPR comes with a considerable strengthening of potential sanctions. Violations of the GDPR can result in fines of up to EUR 20 million or, in the case of companies, up to 4 % of the global annual turnover of the previous financial year. This is intended to encourage also large corporations to comply with data protection regulations and it is expected that data protection authorities will use their new instruments to make sure that industries comply with the regulations.

The time remaining

remainingThere are still about four months to go before the GDPR will take effect. This time should be used to review, adjust and document the internal data protection concepts and processes for compliance with the GDPR. Furthermore, existing contracts with external service providers and / or customers should be reviewed and adjusted if needed.

In view of the considerable increase in the risk of sanctions and / or warning notices from competitors, we strongly recommend commencing this review process immediately and to provide your company‘s data protection officers with the required resources for timely compliance measures.

If you have any legal questions on the subject of data protection, please contact our data protection team.

/wp-content/uploads/2022/04/boehmert_logo.svg 0 0 Petra Hettenkofer /wp-content/uploads/2022/04/boehmert_logo.svg Petra Hettenkofer2018-02-01 13:24:162022-08-24 12:09:32Countdown to GDPR – Beware of the new Data Protection Rules

Author

Dr. Sebastian Engels
BOEHMERT & BOEHMERT

Contents

More articles

  • No infringement of copy­right protected product… 1. February 2018
  • Amendments to the Ger­man Trademark Act 1. February 2018
  • Update UPC: Further De­lays and Obstacles 1. February 2018

More Articles

No infringement of copy­right protected product at (international) trade fair in Germany 01. February 2018
Amendments to the Ger­man Trademark Act 01. February 2018
Update UPC: Further De­lays and Obstacles 01. February 2018
European Patent Office Revokes Broad Institute’s CRISPR-Cas9 “Gene Edi­ting” Patent 01. February 2018
BGH on Internet test pur­chases 01. February 2018
Implementation of the EU Trade Secret Directive – companies need to anti­cipate new developments 01. February 2018
Amendment of the tele­media act: Liability of WLAN operators will be further limited 01. February 2018
Case Law: Infringement of German Patents by Sup­plying Goods outside of Germany 01. February 2018
G 1/16 – To disclaim or not to disclaim 01. February 2018
New EPO Guidelines for Examination on the Pa­tenting of Graphical User Interfaces 01. February 2018

Menu

  • Firm
  • Our Practice
  • Career
  • News & Events
  • FIND EXPERTS

Informations

  • Press
  • Contact
  • Legal notice
  • Data Protection
  • General Terms and Conditions
  • Contact

Legal Areas

  • Employee Inventions
  • Data Protection
  • Designs
  • Domains
  • Information Technology
  • Anti-Trust
  • Licensing
  • Trade Marks
  • Patent Valuation
  • Patents & Utility Models
  • Patent Litigation
  • Product Piracy
  • Copyright
  • Unfair Competition

© Copyright 2025– BOEHMERT & BOEHMERT

Scroll to top Scroll to top Scroll to top
Cookie settings Cookie settings

We need your consent before you can continue to use our website.


If you are under 16 and wish to give your consent to volunteer services, you must ask your parent or guardian for permission. We use cookies and other technologies on our website. Some of them are essential, while others provide you with more advanced information. For more information about how we use your data, please see our Data Protection Policy. There is no obligation to consent to the processing of your data in order to use this offer. You can revoke or adjust your selection at any time under Settings. Please note that due to individual settings, not all functions of the website may be available.

Cookie settings

Accept all cookies

Save settings

Accept only essential cookies

Individual data protection settings

Cookie details Privacy policy Legal notice

Cookie settings Cookie settings

If you are under 16 and wish to give your consent to volunteer services, you must ask your parent or guardian for permission. We use cookies and other technologies on our website. Some of them are essential, while others provide you with more advanced information. For more information about how we use your data, please see our Data Protection Policy. There is no obligation to consent to the processing of your data in order to use this offer. Please note that due to individual settings, not all functions of the website may be available. Here you can find an overview of all cookies used. You can give your consent to entire categories or view more information and thus select only certain cookies.

Accept all cookies Save settings Accept essential cookies only

Back

Cookie settings

Essential cookies enable basic functions and are necessary for the proper functioning of the website.

Display cookie information Hide cookie information

Name
Provider Borlabs GmbH, Legal notice
Purpose Stores the settings of the visitors selected in the Cookie Box of Borlabs Cookie.
Data protection policy https://borlabs.io/privacy/
Cookie name borlabs-cookie
Cookie duration 1 year

Content from video platforms is blocked by default. If cookies from external media are accepted, access to this content no longer requires manual consent.

Display cookie information Hide cookie information

Accept
Name
Provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose Used to unlock YouTube content.
Data protection policy https://policies.google.com/privacy
Host(s) google.com
Cookie name NID
Cookie duration 6 months

Privacy policy Legal notice