Germany is one step closer to new data protection rules as the German Parliament and the Federal Council have both approved the draft of a new Federal Data Protection Act (Bundestag printing matter 18/11325). The purpose of the draft is to align German data protection law to the European General Data Protection Regulation (“GDPR”), which will be applicable as of May 25, 2018. The new law is intended to replace the existing Federal Data Protection…
On April 28, the Baker McKenzie Munich office hosted a GDPR client workshop. The format of this workshop was kind of unique: Clients could submit questions relating to the interpretation and implementation of the GDPR in advance which were than discussed by the panel.The panel consisted of the president of the Bavarian Data Protection Authority, Mr. Thomas Kranig, Michael Schmidl, Partner in the Munich office, Julia Kaufmann, Partner in the Munich office, and Lothar Determann,…
The Data Protection Authority (“DPA”) of Hamburg, one of 16 German State DPAs, has issued fines against three companies for failing to implement alternative data transfer mechanisms following the invalidation of the European Commission Safe Harbor adequacy decision in October 2015. The fines range from EUR 8,000 to EUR 11,000 for each company.This is the most high-profile example of a DPA taking action against companies for continuing to transfer personal data from Europe to the…
In March 2016, the Duesseldorfer Kreis, an association of the German data protection authorities, issued guidance on obtaining consent from data subjects (“Guidance”). The Guidance provides helpful instructions and recommendations for drafting consent forms when obtaining consent in written or electronic form and is available here (in German language). Businesses subject to German data protection law would be well advised to review and revise their consent forms in light of the Guidance. BackgroundIn many cases the…