Since 2010, consultations are ongoing on the revision of the
European Data Protection Directive 95/46/EC, which forms the legal
basis for the German Federal Data Protection Act
(Bundesdatenschutzgesetz, BDSG). Now, an in-official proposal for its revision by the EU Commission
leaked out. It includes important changes that we summarize for you
in this Newsflash. Once the official proposal has been made public
(to be expected at the end of January 2012), we will inform you in
more detail in one of our Newsletters.
The most important changes introduced by the in-official proposal
In order to achieve a greater harmonisation amongst Member
States, a directly applicable Regulation, in connection with a
number of specifications to be made by the Commission, shall
replace the current Directive. In particular international
companies will benefit from the possibility to apply a unique
framework throughout the EU. The German Federal Data Protection Act
shall (to a large extent) no longer apply to private
The Regulation shall also apply to non-European bodies, if they
address their activities specifically to EU citizens (e.g.
The Accountability" Principle
Enterprises shall ensure compliance with the Regulation by
internal policies and procedures. On the other hand German
companies shall be relieved in relation to data protection officers
(to be appointed only for companies with more than 250 employees)
and, in most other countries, in relation to notification
If different entities co-operate in the course of a data
processing, they shall need to clearly define their
responsibilities. If they fail to do so or act beyond their
respective competencies, they – in case of doubts
– shall be considered to be (joint) data controllers and
be jointly liable.
Preemptive Data Protection
Data protection aspects shall be taken into consideration as
early as possible by carrying out a data protection impact
assessment and by use of data protection friendly measures (i.e.
Privacy by Design, Privacy by Default).
Enhanced rights of data subjects
Apart from greater transparency, to be implemented by simple
technical means, data subjects shall benefit from a "right to
be forgotten" (e.g. relevant for social networks and search
engines) and a "right to data portability" (e.g. relevant
for cloud computing). As already implemented in Germany, there
shall be far reaching obligations to notify security breaches.
Simplified international data transfers
There shall be easier rules on the acceptance of Binding
Corporate Rules (including BCRs for data processors) and more
simplified and standardised contractual regulations.
The enforcement of the Regulation
shall be enhanced: Independent supervisory authorities with far
reaching competencies shall co-operate internationally and are
subject to mutual consistency mechanisms.
In case of infringements there shall be draconic sanctions all
over Europe. Apart from specific sanctions of up to 1 million Euro
for the acting individuals, companies may be subject to sanctions
of up to 5 % of their annual global turnover!
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In this article Filippo Noseda examines the impact of the Common Reporting Standards (CRS), based on practical examples of data transfer and data breaches and analysed in the light of general tax law principles.
Four years after the overhaul of European data protection laws began, the final text of the new General Data Protection Regulation (GDPR) was approved in Spring 2016 and the new rules will come into effect on 25 May 2018.
This update is dedicated to covering the latest legislative developments affecting the way data is managed and protected, as well as reporting on the most recent news governing data breaches and industry developments.
The market of the so-called "connected vehicles" has been considerably growing since 2015. According to a recent study by AlixPartners, 78 million of connected vehicles will be commercialized in 2018, generating a EUR40 billion turnover.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).