After nearly five years of intensive work, accompanied with charged political discussions and wide societal echo, the European Union’s (EU) Data Protection Reform has finally become a reality. The new framework consists of a General Data Protection Regulation (GDPR), which replaced the former Data Protection Directive, and a new Directive for the police and criminal justice sector. They came into force in May 2016 and became applicable law in May 2018. The reform aims at modernizing and har-monizing data protection across the EU and is an essential element of the broader and particularly ambitious Digital Single Market Strategy that the EU launched in parallel and whose far-reaching consequences will unfold in the years to come.
As this new European Data Protection Regulation will obviously entail many changes for all kinds of companies in the EU and thus Germany, the aim of this seminar paper is to answer the following question: “What measures do German companies have to implement in order to meet the data protection requirements of the new EU GDPR, which is applicable since May 25th 2018?”
To answer this question, first some important terms that play a role in the regulation are defined (e.g. privacy by design / privacy by default). Then a systematic literature analysis is carried out to identify the most important contents of the GDPR, such as possible penalties for non-compliance. In addition, it will be described how companies outside the EU will be affect-ed by this European legislation.
Next, it will be examined which are the crucial differences of the GDPR compared to the former German Bundesdatenschutzgesetz (BDSG), which documentary measures companies must implement as well as which infringements must be reported to supervisory authorities.
Furthermore, the state of sources for this most current topic will be discussed by reviewing the various types of literature (journals, scientific papers, professional service firm literature) used in this seminar paper.
Last but not least, the most important results of this seminar paper are summarised and then, based on these conclusions, four theses are presented and substantiated. Finally an outlook is given on further regulations that are currently in the EU legislative process and will come into effect in the coming years.
Inhaltsverzeichnis (Table of Contents)
- INTRODUCTION.
- TERMINOLOGY.
- FUNDAMENTALS OF THE EU GDPR.
- CONTENTS OF THE EU GDPR.
- EXTENDED RANGE OF SANCTIONS
- RELEVANCE FOR COUNTRIES OUTSIDE THE EU.
- EFFECTS OF THE EU GDPR ON GERMAN COMPANIES
- CRUCIAL DIFFERENCES TO THE FORMER BUNDESDATENSCHUTZGESETZ (BDSG)
- Increased reporting obligations.
- Extended rights of objection
- Right to be forgotten.............
- Right to Data Transferability.
- Changes in age restrictions.
- DOCUMENTATION REQUIREMENTS
- VIOLATIONS TO BE REPORTED
- CRUCIAL DIFFERENCES TO THE FORMER BUNDESDATENSCHUTZGESETZ (BDSG)
- LITERATURE ANALYSIS..
- SYSTEMATIC LITERATURE ANALYSIS.
- ADDITIONAL LITERATURE
- PROFESSIONAL SERVICE FIRMS
- CONCLUSION.
Zielsetzung und Themenschwerpunkte (Objectives and Key Themes)
This seminar paper aims to address the question of what measures German companies need to implement to comply with the data protection requirements of the new EU GDPR, which came into effect on May 25th, 2018. It explores the critical differences between the GDPR and the former German Bundesdatenschutzgesetz (BDSG), examines the reporting obligations and documentation requirements for companies, and investigates how companies outside the EU will be affected by this European legislation.
- Data Protection Requirements of the EU GDPR
- Key Differences Between the GDPR and the BDSG
- Reporting Obligations and Documentation Requirements
- Impact of the GDPR on Companies Outside the EU
- Literature Analysis of the GDPR
Zusammenfassung der Kapitel (Chapter Summaries)
- Introduction: This chapter introduces the new EU GDPR, its purpose, and its significance in the context of the Digital Single Market Strategy and the recent Facebook and Cambridge Analytica data privacy scandal.
- Terminology: This chapter defines important terms related to the GDPR, including personally identifiable information, privacy by design, and privacy by default.
- Fundamentals of the EU GDPR: This chapter delves into the core contents of the GDPR, including its extended range of sanctions and its relevance for countries outside the EU.
- Effects of the EU GDPR on German Companies: This chapter focuses on the crucial differences between the GDPR and the former BDSG, highlighting specific areas such as increased reporting obligations, extended rights of objection, the right to be forgotten, the right to data transferability, and changes in age restrictions. It also outlines documentation requirements and violations that must be reported to supervisory authorities.
- Literature Analysis: This chapter provides a systematic overview of the literature on the GDPR, examining various types of sources such as journals, scientific papers, and professional service firm literature.
Schlüsselwörter (Keywords)
The key themes and concepts explored in this paper include the EU GDPR, data protection, privacy, data processing, reporting obligations, documentation requirements, personal data, privacy by design, privacy by default, and the impact of the GDPR on German companies and companies outside the EU.
- Quote paper
- Robert Komorowsky (Author), 2018, Corporate Governance and the new GDPR (General Data Protection Regulation), Munich, GRIN Verlag, https://www.grin.com/document/437828