• Press
  • Offices
  • Contact
  • Legal notice
  • EN
  • UPC
  • Firm
    • Main Focus
    • History
    • Guiding Principle
    • Code of Conduct
    • Awards and Rankings
  • Our Practice
    • Legal Areas
    • Industries
  • Our Team
  • News & Events
    • News
    • Events
    • UPC-Update
    • IP-Update
    • Publications
    • B&B Bulletin
  • Career
  • Menu Menu
FIND EXPERTS
  • UPC
  • Firm
  • News & Events
    • News
    • Events
    • UPC-Update
    • IP-Update
    • Publications
    • B&B Bulletin
  • FIND EXPERTS
  • Contact
  • Our Practice
  • Career
  • Offices
  • EN
  • Legal Areas
  • Industries

General Data Protection Regulation (GDPR) – Trans­parency obligations for companies

1. January 2019/in Issue January 2019, Data Protection

The GDPR introduced new and in some cases deviating regulations with regard to data protection information obligations. In particular, companies should review their data protection declarations and consent procedures in order to avoid fines and official objections. Becoming GDPR compliant can certainly be seen as an opportunity to eliminate previous flaws with regard to transparency in data processing and ensuring the effectiveness of existing declarations of consent.

Transparency in the handling of personal data is an integral part of data protection. Data subjects should always have the opportunity to understand who is processing which data, when and for what purpose. Accordingly, data protection law contains a large number of transparency obligations designed to ensure transparency in data processing.

Duty to provide information when collecting data

The GDPR contains an extensive catalogue of provisions requiring the controller to inform potential data subjects on the scope of data processing, which are reflected in Articles 13 and 14 of the GDPR. In addition, Article 12 GDPR contains specific provisions on the form in which the information must be provided, namely in a precise, transparent, comprehensible and easily accessible form in clear and simple language.

Art. 13 and Art. 14 GDPR list obligatory information, which must be communicated to the data subject. It is of particular relevance that according to Art. 14 GDPR, the data subject must also be informed if the data is not collected directly from the data subject but from another source, e.g. from the Internet or via a lead provider. Although Art. 14 allows for a number of narrow exceptions to this principle, these will normally not be relevant, in particular for the collection of personal data for commercial purposes.

Further information and disclosure obligations

In addition to Art. 13 and Art. 14 GDPR, the GDPR contains further transparency obligations, some of which go beyond the previously applicable obligations. According to Art. 15 GDPR, for example, the data controller must provide the data subject with comprehensive information on the data stored and processed in relation to this data subject. Insofar as a controller invokes a legitimate interest, the data subject must be informed of his right to object pursuant to Art. 21 para. 4 GDPR.

Consent under the GDPR

Of particular importance is the transparency of data processing also in connection with obtaining consent for data processing, which is often overlooked by the responsible controller. Compliance with the transparency rules and information obligations is particularly important in this context, as a lack of transparency can, in case of doubt, lead to the ineffectiveness of the consent and thus to the illegitimacy of the data processing carried out on the basis of the consent as a whole.

Particularly when obtaining consent through pre-formulated texts, it must be ensured that the type, purpose and scope of data processing is made clear from the text of the consent in plain, intelligible and simple language in order to ensure that the consent is “informed” and therefore valid. In addition, the data subject must be made aware of his or her right to revoke consent at any time. Finally, consent must be given actively so that implicit acceptance of the declaration is not an option.

Of practical relevance is the question of the extent to which consents obtained in the past, i.e. before 25 May 2018, continue to be valid under the GDPR. It follows from recital 171 of the GDPR that existing consents remain effective provided that their nature corresponds to the conditions of the GDPR. Accordingly, the association of the German supervisory authorities for data protection (Düsseldorfer Kreis) also regards previously effective consents as still valid, at least in principle, if they were obtained in accordance with the requirements of the old version of the German Data Protection Act (“BDSG”). However, this does not apply to the consent of minors who had not yet reached the age of sixteen when the consent was granted, because under the GDPR, minors under the age of sixteen cannot grant consent without the consent of their legal guardians.

Against the background of the increased liability for data protection violations under the GDPR, we recommend, that existing consents be critically re-examined in any case as to their compatibility with the requirements of the GDPR. In this respect, it should also be borne in mind that the willingness of affected customers to give their consent in connection with the conversion to the GDPR is likely to be significantly increased. Accordingly, the switch to the GDPR should also be seen as an opportunity to “improve” the data protection consents and to avoid legal risks for the future.

Conclusion

The GDPR introduces new and in some cases deviating requirements with regard to transparency obligations. In particular, companies should review their privacy policies and consent procedures in order to prevent future fines and official objections. In this context, the conversion to the GDPR can well be seen as an opportunity to eliminate previous flaws with regard to transparency in data processing and ensuring the effectiveness of existing declarations of consent.

/wp-content/uploads/2022/04/boehmert_logo.svg 0 0 Petra Hettenkofer /wp-content/uploads/2022/04/boehmert_logo.svg Petra Hettenkofer2019-01-01 12:48:352022-08-24 14:08:40General Data Protection Regulation (GDPR) – Trans­parency obligations for companies

Author

Dr. Sebastian Engels

Contents

More articles

  • Are preventive duties on hosting service providers… 1. January 2019
  • Commentary on the Scope and Application of The… 1. January 2019
  • Inventive Plants and Ani­mals can be patented after all! 1. January 2019

More Articles

Are preventive duties on hosting service providers in line with EU law? Some comments from a legal perspective on Art. 13 Draft DSM Directive and “upload filters” 01. January 2019
Commentary on the Scope and Application of The Portability Regulation (Regulation (EU) 2017 / 1128) 01. January 2019
Inventive Plants and Ani­mals can be patented after all! 01. January 2019
Caution when referring to Industrial Property Rights! The indication “Patent Pending” may be misleading. 01. January 2019
Implementation of the EU Trade Secrets Directive – German Government Draft Published 01. January 2019
The EPO is making ano­ther attempt at Deferred Examination 01. January 2019

Menu

  • Firm
  • Our Practice
  • Career
  • News & Events
  • FIND EXPERTS

Informations

  • Press
  • Contact
  • Legal notice
  • Data Protection
  • General Terms and Conditions
  • Contact

Legal Areas

  • Employee Inventions
  • Data Protection
  • Designs
  • Domains
  • Information Technology
  • Anti-Trust
  • Licensing
  • Trade Marks
  • Patent Valuation
  • Patents & Utility Models
  • Patent Litigation
  • Product Piracy
  • Copyright
  • Unfair Competition

© Copyright 2025– BOEHMERT & BOEHMERT

Scroll to top Scroll to top Scroll to top
Cookie settings Cookie settings

We need your consent before you can continue to use our website.


If you are under 16 and wish to give your consent to volunteer services, you must ask your parent or guardian for permission. We use cookies and other technologies on our website. Some of them are essential, while others provide you with more advanced information. For more information about how we use your data, please see our Data Protection Policy. There is no obligation to consent to the processing of your data in order to use this offer. You can revoke or adjust your selection at any time under Settings. Please note that due to individual settings, not all functions of the website may be available.

Cookie settings

Accept all cookies

Save settings

Accept only essential cookies

Individual data protection settings

Cookie details Privacy policy Legal notice

Cookie settings Cookie settings

If you are under 16 and wish to give your consent to volunteer services, you must ask your parent or guardian for permission. We use cookies and other technologies on our website. Some of them are essential, while others provide you with more advanced information. For more information about how we use your data, please see our Data Protection Policy. There is no obligation to consent to the processing of your data in order to use this offer. Please note that due to individual settings, not all functions of the website may be available. Here you can find an overview of all cookies used. You can give your consent to entire categories or view more information and thus select only certain cookies.

Accept all cookies Save settings Accept essential cookies only

Back

Cookie settings

Essential cookies enable basic functions and are necessary for the proper functioning of the website.

Display cookie information Hide cookie information

Name
Provider Borlabs GmbH, Legal notice
Purpose Stores the settings of the visitors selected in the Cookie Box of Borlabs Cookie.
Data protection policy https://borlabs.io/privacy/
Cookie name borlabs-cookie
Cookie duration 1 year

Content from video platforms is blocked by default. If cookies from external media are accepted, access to this content no longer requires manual consent.

Display cookie information Hide cookie information

Accept
Name
Provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose Used to unlock YouTube content.
Data protection policy https://policies.google.com/privacy
Host(s) google.com
Cookie name NID
Cookie duration 6 months

Privacy policy Legal notice