• Press
  • Offices
  • Contact
  • Legal notice
  • EN
  • UPC
  • Firm
    • Main Focus
    • History
    • Guiding Principle
    • Awards and Rankings
  • Our Practice
    • Legal Areas
    • Industries
  • Our Team
  • Career
    • Working with us
  • News & Knowledge
    • News
    • Events
    • UPC-Update
    • IP-Update
    • Brexit-Update
    • Publications
    • B&B Bulletin
  • Menu Menu
FIND EXPERTS
  • UPC
  • Firm
    • Main Focus
    • History
    • Guiding Principle
    • Awards and Rankings
  • News & Knowledge
    • News
    • Events
    • UPC-Update
    • IP-Update
    • Brexit-Update
    • Publications
    • B&B Bulletin
  • FIND EXPERTS
  • Contact
  • Our Practice
    • Legal Areas
    • Industries
  • Our Team
  • Career
    • Working with us
  • Offices
  • EN

General Data Protection Regulation (GDPR) – Trans­parency obligations for companies

1. January 2019/in Issue January 2019, Data Protection

The GDPR introduced new and in some cases deviating regulations with regard to data protection information obligations. In particular, companies should review their data protection declarations and consent procedures in order to avoid fines and official objections. Becoming GDPR compliant can certainly be seen as an opportunity to eliminate previous flaws with regard to transparency in data processing and ensuring the effectiveness of existing declarations of consent.

Transparency in the handling of personal data is an integral part of data protection. Data subjects should always have the opportunity to understand who is processing which data, when and for what purpose. Accordingly, data protection law contains a large number of transparency obligations designed to ensure transparency in data processing.

Duty to provide information when collecting data

The GDPR contains an extensive catalogue of provisions requiring the controller to inform potential data subjects on the scope of data processing, which are reflected in Articles 13 and 14 of the GDPR. In addition, Article 12 GDPR contains specific provisions on the form in which the information must be provided, namely in a precise, transparent, comprehensible and easily accessible form in clear and simple language.

Art. 13 and Art. 14 GDPR list obligatory information, which must be communicated to the data subject. It is of particular relevance that according to Art. 14 GDPR, the data subject must also be informed if the data is not collected directly from the data subject but from another source, e.g. from the Internet or via a lead provider. Although Art. 14 allows for a number of narrow exceptions to this principle, these will normally not be relevant, in particular for the collection of personal data for commercial purposes.

Further information and disclosure obligations

In addition to Art. 13 and Art. 14 GDPR, the GDPR contains further transparency obligations, some of which go beyond the previously applicable obligations. According to Art. 15 GDPR, for example, the data controller must provide the data subject with comprehensive information on the data stored and processed in relation to this data subject. Insofar as a controller invokes a legitimate interest, the data subject must be informed of his right to object pursuant to Art. 21 para. 4 GDPR.

Consent under the GDPR

Of particular importance is the transparency of data processing also in connection with obtaining consent for data processing, which is often overlooked by the responsible controller. Compliance with the transparency rules and information obligations is particularly important in this context, as a lack of transparency can, in case of doubt, lead to the ineffectiveness of the consent and thus to the illegitimacy of the data processing carried out on the basis of the consent as a whole.

Particularly when obtaining consent through pre-formulated texts, it must be ensured that the type, purpose and scope of data processing is made clear from the text of the consent in plain, intelligible and simple language in order to ensure that the consent is “informed” and therefore valid. In addition, the data subject must be made aware of his or her right to revoke consent at any time. Finally, consent must be given actively so that implicit acceptance of the declaration is not an option.

Of practical relevance is the question of the extent to which consents obtained in the past, i.e. before 25 May 2018, continue to be valid under the GDPR. It follows from recital 171 of the GDPR that existing consents remain effective provided that their nature corresponds to the conditions of the GDPR. Accordingly, the association of the German supervisory authorities for data protection (Düsseldorfer Kreis) also regards previously effective consents as still valid, at least in principle, if they were obtained in accordance with the requirements of the old version of the German Data Protection Act (“BDSG”). However, this does not apply to the consent of minors who had not yet reached the age of sixteen when the consent was granted, because under the GDPR, minors under the age of sixteen cannot grant consent without the consent of their legal guardians.

Against the background of the increased liability for data protection violations under the GDPR, we recommend, that existing consents be critically re-examined in any case as to their compatibility with the requirements of the GDPR. In this respect, it should also be borne in mind that the willingness of affected customers to give their consent in connection with the conversion to the GDPR is likely to be significantly increased. Accordingly, the switch to the GDPR should also be seen as an opportunity to “improve” the data protection consents and to avoid legal risks for the future.

Conclusion

The GDPR introduces new and in some cases deviating requirements with regard to transparency obligations. In particular, companies should review their privacy policies and consent procedures in order to prevent future fines and official objections. In this context, the conversion to the GDPR can well be seen as an opportunity to eliminate previous flaws with regard to transparency in data processing and ensuring the effectiveness of existing declarations of consent.

/wp-content/uploads/2022/04/boehmert_logo.svg 0 0 Petra Hettenkofer /wp-content/uploads/2022/04/boehmert_logo.svg Petra Hettenkofer2019-01-01 12:48:352022-08-24 14:08:40General Data Protection Regulation (GDPR) – Trans­parency obligations for companies

Author

Dr. Sebastian Engels

Contents

More articles

  • Are preventive duties on hosting service providers in line… 1. January 2019
  • Commentary on the Scope and Application of The Portability… 1. January 2019
  • Inventive Plants and Ani­mals can be patented after all! 1. January 2019

More Articles

Are preventive duties on hosting service providers in line with EU law? Some comments from a legal perspective on Art. 13 Draft DSM Directive and “upload filters” 01. January 2019
Commentary on the Scope and Application of The Portability Regulation (Regulation (EU) 2017 / 1128) 01. January 2019
Inventive Plants and Ani­mals can be patented after all! 01. January 2019
Caution when referring to Industrial Property Rights! The indication “Patent Pending” may be misleading. 01. January 2019
Implementation of the EU Trade Secrets Directive – German Government Draft Published 01. January 2019
The EPO is making ano­ther attempt at Deferred Examination 01. January 2019

Menu

  • Firm
  • Our Practice
  • Career
  • News & Knowledge
  • FIND EXPERTS

Informations

  • Press
  • Contact
  • Legal notice
  • Data Protection
  • General Terms and Conditions
  • Contact

Legal Areas

  • Employee Inventions
  • Data Protection
  • Designs
  • Domains
  • Information Technology
  • Anti-Trust
  • Licencing
  • Trade Marks
  • Patent Valuation
  • Patents & Utility Models
  • Patent Litigation
  • Product Piracy
  • Copyright
  • Unfair Competition

© Copyright 2023– BOEHMERT & BOEHMERT

Scroll to top

We only use functional cookies and no third party services. Learn more in our privacy policy.

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.