Search
Contact
04.07.2017 | KPMG Law Insights

There is no turning back. The new GDPR applies. – New data protection law approved by cabinet

New data protection law approved by cabinet

On February 1, 2017, the German Federal Cabinet approved a new draft law for the adaptation and restructuring of German data protection law. The “Data Protection Adaptation and Implementation Act” (DSAnpUG-EU) is necessary to adapt German data protection regulations to the European Data Protection Directive for Police and Justice and to the requirements of the new EU General Data Protection Regulation (EU GDPR). The EU GDPR aims to create a unified data protection law and thus largely the same standards for handling personal data within the EU. Nevertheless, it opens up scope for national regulations in the member states with a large number of opening clauses.

What does the new law regulate?

The DSAnpUG-EU represents a comprehensive reform and restructuring of German data protection law. The focus of the redesign is the comprehensive revision of the current Federal Data Protection Act (BDSG), which is intended to supplement and concretize the EU GDPR that will apply in Germany from May 2018. The 85-paragraph law presented in the draft is much more comprehensive than the previous BDSG. The underlying regulation is directly applicable as a European regulation. However, it is supplemented by the new BDSG. As a result, companies will have to comply with both sets of rules in the future. In addition, there are sector-specific regulations in specialized laws, which must also be within the framework of the EU GDPR regulations that have priority.

Criticism from experts and data protection authorities

The draft of the DSAnpUG-EU adopted by the Federal Cabinet is – like the previous drafts – in part considered to be contrary to European law and misguided. Many opening clauses are repeated in the draft of the new BDSG, which lacks the necessary concretizing regulation. In addition, the room for maneuver granted to the member states is being overstretched in some cases, so that regulations are being created that are not covered by the opening clauses of the EU GDPR. For example, the German supervisory authorities criticize that the rights of data subjects in particular would be unduly restricted. Overall, this would jeopardize the intended harmonization of data protection law in the EU and unlawfully lower the level of data protection provided for by the EU GDPR. Due to the many exceptions and references in the draft of the DSAnpUG-EU, an opaque thicket had been created especially for companies subject to German law. This would make the application of the new data protection law considerably more difficult and thus counteract the EU’s efforts to standardize and simplify data protection law for companies throughout Europe.

Finally, the draft in its current form leaves open the extent to which additional regulations are necessary with regard to the numerous sector-specific data protection provisions in Germany. Accordingly, there is a risk of an inconsistent data protection structure in Germany with partly contradictory regulations. The legal practitioners are simply overwhelmed with this situation and considerable legal uncertainty is created by the draft law.

Outlook

It remains to be seen in what concrete form the draft will actually be promulgated as law after the vote in the Bundestag and Bundesrat and whether the points of criticism raised will be taken into account. In any case, companies are advised to keep a close eye on the legislative process and deal with the largest data protection reform in Europe now, otherwise they will face severe fines of up to EUR 20 million or 4% of the previous year’s global turnover as of May 25, 2018. On March 10, the Federal Council is expected to discuss the new law.

Services of KPMG Law

Our team of highly specialized attorneys advises international and national corporations, small and medium-sized enterprises, public corporations, as well as financial investors and start-ups comprehensively in the area of information management (data protection and IT security), especially in the identification, analysis and evaluation of existing legal documentation and internal processes for handling personal data (“Privacy Impairment Check”) as well as their optimization.

In addition, we provide creative advice on the introduction of information and data management in compliance with data protection requirements, as well as on the development and market launch of products (“Privacy by Design”).

Of course, we also advise you on an ad hoc basis in internal or external investigation proceedings, e.g. following a “data loss incident” in the event of a crisis, and represent you in all official or court proceedings (legal representation). Feel free to contact us at any time about our consulting services!

Explore #more

26.08.2024 | In the media

Interview with Moritz Püstow on sustainability and increasing efficiency in the construction industry

How is the construction industry equipping itself for the future, which is facing major challenges?
In an interview with Baublatt, KPMG Law expert Moritz

22.08.2024 | Press releases

Strategic alliance between KPMG Law and MHP – A Porsche Company

KPMG Law and MHP – A Porsche Company have entered into a strategic alliance.
MHP is a leading consulting firm in the field of Engineering…

21.08.2024 | In the media

Guest article in the dpn: Initial practical experience with the implementation of DORA

In times of crisis and increasing cybercrime, digital operational stability is extremely important for companies.
In future, financial companies and third-party service providers of information…

19.08.2024 | In the media

Guest article at Springer Professional: Giralgeldtoken wants to simplify financial processes in industry

The commercial banks’ cash token should be an alternative to the digital euro for industry and have the character of a deposit.
This could be…

16.08.2024 | Deal Notifications

KPMG Law advises Hagedorn on syndicated financing

KPMG Law advised the Hagedorn Group on the negotiation and closing of a financing transaction A team led by Frankfurt-based KPMG Law partner and head…

06.08.2024 | In the media

Interview with Daniel Kaut on Talent Rocket about working in M&A

Daniel Kaut is a partner at KPMG Law and has been advising on M&A transactions and corporate law for 20 years.
He also has strategic…

06.08.2024 | In the media

Guest article in Betrieb on the topic of data protection and co-determination

The introduction of artificial intelligence in companies offers numerous opportunities, but also brings with it considerable challenges.
Complex issues arise in particular at the interface…

06.08.2024 | In the media

Guest article in IT-Zoom: The path to safe and ethical AI

The June 25, 2024 issue of IT-Zoom contains a guest article by KPMG Law expert Francois Maartens Heynike and KPMG Law expert Kerstin Ohrem.…

02.08.2024 | KPMG Law Insights

AI and employment law: what the AI Act means for HR

On August 1, the EU AI Act in force.
It regulates the use of artificial intelligence within the European Union.
As a regulation, the AI…

24.07.2024 | In the media

KPMG Law recognized as a top employer in Central Germany in the magazine azur

The legal market in Hesse is clearly characterized by the legal metropolis of Frankfurt am Main.
For those seeking a career in banking and finance…

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.

Scroll