Search
Contact
04.07.2017 | KPMG Law Insights

There is no turning back. The new GDPR applies. – New data protection law approved by cabinet

New data protection law approved by cabinet

On February 1, 2017, the German Federal Cabinet approved a new draft law for the adaptation and restructuring of German data protection law. The “Data Protection Adaptation and Implementation Act” (DSAnpUG-EU) is necessary to adapt German data protection regulations to the European Data Protection Directive for Police and Justice and to the requirements of the new EU General Data Protection Regulation (EU GDPR). The EU GDPR aims to create a unified data protection law and thus largely the same standards for handling personal data within the EU. Nevertheless, it opens up scope for national regulations in the member states with a large number of opening clauses.

What does the new law regulate?

The DSAnpUG-EU represents a comprehensive reform and restructuring of German data protection law. The focus of the redesign is the comprehensive revision of the current Federal Data Protection Act (BDSG), which is intended to supplement and concretize the EU GDPR that will apply in Germany from May 2018. The 85-paragraph law presented in the draft is much more comprehensive than the previous BDSG. The underlying regulation is directly applicable as a European regulation. However, it is supplemented by the new BDSG. As a result, companies will have to comply with both sets of rules in the future. In addition, there are sector-specific regulations in specialized laws, which must also be within the framework of the EU GDPR regulations that have priority.

Criticism from experts and data protection authorities

The draft of the DSAnpUG-EU adopted by the Federal Cabinet is – like the previous drafts – in part considered to be contrary to European law and misguided. Many opening clauses are repeated in the draft of the new BDSG, which lacks the necessary concretizing regulation. In addition, the room for maneuver granted to the member states is being overstretched in some cases, so that regulations are being created that are not covered by the opening clauses of the EU GDPR. For example, the German supervisory authorities criticize that the rights of data subjects in particular would be unduly restricted. Overall, this would jeopardize the intended harmonization of data protection law in the EU and unlawfully lower the level of data protection provided for by the EU GDPR. Due to the many exceptions and references in the draft of the DSAnpUG-EU, an opaque thicket had been created especially for companies subject to German law. This would make the application of the new data protection law considerably more difficult and thus counteract the EU’s efforts to standardize and simplify data protection law for companies throughout Europe.

Finally, the draft in its current form leaves open the extent to which additional regulations are necessary with regard to the numerous sector-specific data protection provisions in Germany. Accordingly, there is a risk of an inconsistent data protection structure in Germany with partly contradictory regulations. The legal practitioners are simply overwhelmed with this situation and considerable legal uncertainty is created by the draft law.

Outlook

It remains to be seen in what concrete form the draft will actually be promulgated as law after the vote in the Bundestag and Bundesrat and whether the points of criticism raised will be taken into account. In any case, companies are advised to keep a close eye on the legislative process and deal with the largest data protection reform in Europe now, otherwise they will face severe fines of up to EUR 20 million or 4% of the previous year’s global turnover as of May 25, 2018. On March 10, the Federal Council is expected to discuss the new law.

Services of KPMG Law

Our team of highly specialized attorneys advises international and national corporations, small and medium-sized enterprises, public corporations, as well as financial investors and start-ups comprehensively in the area of information management (data protection and IT security), especially in the identification, analysis and evaluation of existing legal documentation and internal processes for handling personal data (“Privacy Impairment Check”) as well as their optimization.

In addition, we provide creative advice on the introduction of information and data management in compliance with data protection requirements, as well as on the development and market launch of products (“Privacy by Design”).

Of course, we also advise you on an ad hoc basis in internal or external investigation proceedings, e.g. following a “data loss incident” in the event of a crisis, and represent you in all official or court proceedings (legal representation). Feel free to contact us at any time about our consulting services!

Explore #more

14.11.2024 | KPMG Law Insights

EU deforestation regulation forces companies to act

Anyone who trades in or uses the raw materials soy, oil palm, cattle, coffee, cocoa, rubber and wood and certain products made from them should…

06.11.2024 | In the media

Interview in stores + stores magazine on the topic: “Companies need AI rules”

Evaluating application videos using AI, translating employment contracts via smartphone or using AI analyses for target agreements and salary discussions – all of this is…

31.10.2024 | In the media, Legal Financial Services

Statement by Ulrich Keunecke in the in-house counsel on the topic of capital market compliance

For private equity investors, going public is the most common exit strategy when investing in a company.
However, family businesses and SMEs can also gain…

30.10.2024 | In the media

Guest article in ZURe on the topic of reporting channels under the Whistleblower Protection Act and the Supply Chain Due Diligence Act

The dual obligation to implement reporting channels in accordance with the HinSchG and LkSG poses major personnel and administrative challenges for practitioners, especially in times…

25.10.2024 | In the media

Guest article in the Audit Committee Quarterly: New regulations on the remuneration of works councils

On June 28, 2024, the German Bundestag passed the Second Act Amending the Works Constitution Act (BetrVG). This amendment is intended to increase legal certainty…

23.10.2024 | In the media

Guest article in the Neue Zeitschrift für Gesellschaftsrecht: Update Gesellschafterdarlehen: Risks in M&A transactions

Christian Hensel and Daniel Dörstling have published a new article on the insolvency-proof handling of shareholder loans in the context of M&A transactions in the…

18.10.2024 | Deal Notifications

KPMG Law advises Adiuva Capital on the acquisition of a majority stake in Advellence Solutions AG and Sharedien AG

KPMG Law Rechtsanwaltsgesellschaft mbH and KPMG Law Switzerland (KPMG Law) advised the owner-managed investment company Adiuva Capital GmbH (Adiuva) on the due diligence, structuring and…

18.10.2024 | KPMG Law Insights

BAG: Showering can be working time

Can showering be working time? The Federal Labor Court had to decide on this question (BAG, judgment of April 23, 2024 – 5 AZR 212/23

11.10.2024 |

Deforestation regulation: The most common mistakes made by companies

The very name of the regulation is misleading. “Deforestation Ordinance” sounds more like a set of rules for agriculture or forestry. But it…

11.10.2024 | In the media

Guest article in the Asset Management Guide 2024: The Fund Market Strengthening Act – Flexibilization and Debt Fund reloaded

On August 5, 2024, the Federal Ministry of Finance published the draft bill for the Act to Strengthen the German Fund Market and Implement Directive…

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.

Scroll