Negotiations Are Finished. EU General Data Protection Regulation is Coming. Prepare Yourself Now.
After four years of intense wrangling for a uniform level of data protection in Europe, binding for each Member State, the chief negotiators of the European Parliament, the EU Commission, and the Council of Ministers came to an agreement on 12/15/2015 on the exact wording of the EU General Data Protection Regulation. The law firm of Kazemi & Lennartz Rechtsanwälte PartG is offering a range of training opportunities to companies already dealing with the new regulations at this time.
Unlike in the past, the EU is no longer relying on the guidelines concept in matters of data protection, the implementation of which has failed to produce any uniform level of data protection within the EU in recent years, despite all efforts for harmonization. Rather, “dataprotection islands” had established themselves, inviting large and mid-size companies to forum shop, especially those in the online market; Ireland in particular was the means of choice and time and again has been criticized for its data protection regulations, which are
weak compared to those of the EU.
However, forum shopping will probably come to an end when the EU General Data Protection Regulation enters into force, because the EU General Data Protection Regulation will be directly applicable in all Member States – without requiring any conversion into national law – and will put an end to the existing patchwork quilt of data protection regulations within the European economic area. Without exception, the EU General Data Protection Regulation will apply for all companies, even those registered outside of Europe, if they offer goods and services in the EU and focus their activities on the EU. Even contract data processing will come directly under the EU Data Protection Regulation, regardless of the processor’s registered place of business.
The text of the regulation, a hefty 200 pages and more, thus poses a huge challenge for every company that is actively operating in Europe and that processes personal data here. Therefore every company should begin adjusting ahead of time to the new requirements of the EU General Data Protection Regulation and analyze its databases and data processing procedures according to the regulation’s guidelines, because the fines for violating the regulation threaten to be high and will go far beyond those previously applicable in Europe, and primarily in the Federal Republic of Germany. In the future, depending on the type of violation, the regulation threatens to impose fines of 10 million euros or 2%, or 20 million euros or 4%, of annual sales, whereby the respective higher value of each will apply (Article 79 of the draft). At the same time, with respect to annual sales, this will be based on annual sales of the entire (worldwide) group, not just on sales generated in Europe.
Even under the application of the EU Data Protection Regulation, Member States will retain a certain degree of self-regulation, for example, when it becomes necessary to standardize stricture rules for appointing internal data protection officers; here, the EU Data Protection Regulation only prescribes a mandatory appointment for certain data processing operations and primarily excludes small-to medium-sized companies from the obligation to appoint an officer. Looking at the concerns raised in Germany against this regulation, it must be assumed that nothing in the general appointment obligation (more than 9 employees) will change here for Germany. The regulation regarding employee data protection will also, for the most part, remain untouched by the EU Data Protection Regulation.
The law firm of Kazemi & Lennartz Rechtsanwälte PartG, in cooperation with the firm Tsambikakis & Partner Rechtsanwälte, the Deutscher Anwaltverlag in Bonn and medi-ip dataprotect UG in Bonn, are offering a range of training opportunities to companies already dealing with the new regulations at this time and who wish to make good use of the time remaining.
The number of participants is limited. Seminars will be held in German as well as English, and are therefore particularly interesting for international companies and colleagues.
For more information please visit our website: medi-ip.de/negotiations-are-finished-eu-general-data-protection-regulation-coming-prepare-yourself-now/id_1451475133
Dr. Robert Kazemi
Kazemi & Lennartz Rechtsanwälte PartG*
Attorney at Law (Rechtsanwalt) Dr. Robert Kazemi
Tel: +49 (0)228- 3500 89-0
Fax: +49 (0)228- 3500 89-10
*PR 2019, AG Essen