Preparing for the EU General Data Protection Regulation (GDPR), which will be directly applicable in all EU Member States as of May 25, 2018, the German legislature adopted the Data Protection Adjustment and Implementation Act EU.
It is intended to fill the regulatory space left by the GDPR on the one hand and to transpose the EU Data Protection Directive into German law in cases of law enforcement and crime prevention on the other hand. The Data Protection Adjustment and Implementation Act EU contains an entirely new Federal Data Protection Act (“Federal Data Protection Act-new”) and amendments to other laws (Federal Constitution Protection Act, Military Counterintelligence Service Act, Security Screening Act). The Data Protection Adjustment and Implementation Act EU was adopted by the Bundestag on April 27, 2017 and by the Federal Council on May 12, 2017. In addition, sector-specific data protection regulations in many German statutes are to be adapted to the GDPR, which will only take place in a further statute in the future (“Omnibus Act”).IT Ticker Special Issue “The New Federal Data Protection Act”
The provisions of the Data Protection Adjustment and Implementation Act EU and the Federal Data Protection Act-new are partly controversial. It is particularly questionable whether they are entirely compatible with the GDPR. These individual issues will be discussed and negotiated between the EU and Germany and may have to be decided by the CJEU. Companies in Germany have to pay attention to the Federal Data Protection Act-new and need to assess its impact on ongoing implementation projects relating to the GDPR. SKW Schwarz has performed an initial evaluation of the new provisions, in particular from the perspective of companies, which is available for download.