Search
Contact
04.07.2017 | KPMG Law Insights

There is no turning back. The new GDPR applies. – Tightening of European data protection: the countdown is on!

Tightening of European data protection: the countdown is on!

Only 20 months remain until the General Data Protection Regulation (GDPR) applies. Companies must take action now at the latest in order to adapt their processes in good time.

The comprehensive digitization of large parts of social life has led to a massive increase in the importance of data protection law in recent years. Increasingly, the competition for customers is being won by companies that are smart in their use of data. Companies without an effective data protection organization tend to lose out in the increasingly digital economy.

German data protection law as a model

With the GDPR, the data protection requirements for companies are once again significantly tightened. The already high level of data protection in Germany was the model for the new European legal framework in many respects. In part, therefore, the General Data Protection Regulation merely specifies and concretizes the requirements that must already be observed under German data protection law. The data subject’s right to information, the obligation to appoint a company data protection officer, the procedure directory or notification obligations in the event of data protection violations should already be well known in German companies.

New framework conditions

However, the GDPR also introduces new requirements. For example, the position of the company data protection officer is strengthened considerably by the GDPR. He must no longer merely work towards compliance with data protection requirements, but must also actively monitor them. This growing responsibility is accompanied by painful sanctions: the GDPR expands the previous fine framework for data protection violations to up to EUR 20 million or up to 4% of the annual global revenue generated in the previous fiscal year. At the same time, however, data protection pitfalls are not diminishing as networking continues. Data protection liability risks will therefore increase significantly with the GDPR.

At a glance

  • The GDPR applies directly across Europe as of May 25, 2018, without the need for an implementing law.
  • The GDPR standardizes European data protection law at a high level and creates a new framework for handling personal data.
  • Data protection violations will be severely punished and more strictly prosecuted on the basis of the GDPR.
  • Many companies misjudge the effort required to convert their processes and are not aware of the demands placed on them.
  • With our consulting services, we minimize legal risks and support you in overcoming data protection challenges.

Lack of preparation despite high sanction risks

In view of such sanction risks, the hesitant preparation of companies that can currently be observed can be fatal. Current studies show that only a single-digit percentage of companies have developed concrete plans to implement the new European legal requirements. The data protection authorities have already indicated to us that their hitherto predominantly cooperative approach will no longer be sustainable at the pan-European level. It is likely that sanctions will be imposed far more frequently and will be significantly higher. This is already the case in other European countries.

Become active now

Those who still believe they can take their time preparing for the GDPR are underestimating the implementation effort involved. Experience shows that in many companies there is already little clarity about the type and scope of existing data processing structures. However, the GDPR demands precisely this transparency and also IT security, for example by strengthening the data subject’s rights to information and forcing companies to conduct detailed data protection impact assessments.

Standard processes are also affected: Consent under data protection law, which has already been difficult to formulate, must soon provide even clearer information about the purposes of data collection and processing in order to be effective. Finally, the idea of “privacy by design” has been elevated to a guiding principle, meaning that companies are required to protect data through technology design and data protection-friendly default settings. So companies don’t have much time left to overcome these numerous technical and organizational challenges. We are happy to support you!

Services of KPMG Law

Our team of highly specialized lawyers provides comprehensive advice to international and national corporations, small and medium-sized enterprises, public corporations, as well as financial investors and start-ups in the area of information management (data protection and IT security), in particular in the identification, analysis and evaluation of existing legal documentation and internal processes for handling personal data (“Privacy Impairment Check.) as well as their optimization.

In addition, we provide creative advice on the introduction of information and data management in compliance with data protection requirements and on the development and market launch of products (“Privacy by Design”).

Of course, we also advise you on an ad hoc basis in internal or external investigation proceedings, e.g. following a “data loss incident” in the event of a crisis, and represent you in all official or court proceedings (legal representation). Feel free to contact us at any time about our consulting services!

 

Explore #more

09.01.2025 | In the media

KPMG Law strengthens Legal Transformation Managed Services and Legal Corporate Services with two new senior managers

On January 1, KPMG Law strengthened its Transformation Managed Services practice with Jana Sichelschmidt and its Corporate Services practice with Dr. Michaela Lenk. Both are…

06.01.2025 | Deal Notifications

KPMG Law advises on the sale of Käppler & Pausch GmbH

Gabriel Pausch, the co-founder and main shareholder of Käppler & Pausch GmbH, a system supplier for metal assemblies as well as metal and sheet metal…

03.01.2025 | In the media

Interview in Betrieb on the EU money laundering package and its impact

The EU anti-money laundering package harmonizes anti-money laundering and counter-terrorism rules in Europe and introduces new measures such as cash limits of €10,000, identification requirements…

02.01.2025 | In the media

KPMG Law Statement in eMagazin Immobilienanwälte: Creativity meets law in trademark protection

Four Frankfurt, Elbtower, Vonovia: real estate projects and companies are backed by constructs worth millions or even billions. In order to stand out from the…

20.12.2024 | KPMG Law Insights

The EU packaging regulation sets strict requirements for packaging

The EU has adopted the Packaging Regulation. After the European Parliament adopted the Commission’s draft on April 24, 2024, the EU member states also approved…

20.12.2024 | Deal Notifications

KPMG and KPMG Law supported the sale of circular Informationssysteme to the teccle group

Together with the corporate finance/M&A advisors of KPMG AG Wirtschaftsprüfungsgesellschaft (KPMG), KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) advised the shareholders of circular Informationssysteme GmbH (circular)…

19.12.2024 | Press releases

KPMG Law defends Federal Motor Transport Authority against claim for damages in connection with the emissions scandal

The state is not liable to vehicle purchasers for damages. KPMG Law has defended the Federal Motor Transport Authority (KBA) against a civil plaintiff’s state…

18.12.2024 | KPMG Law Insights, KPMG Law Insights

MiCAR – What the new EU regulation means for crypto service providers and issuers

An EU regulation will soon come into force that will regulate crypto assets uniformly throughout Europe. It contains significant new obligations for issuers and crypto…

16.12.2024 | Deal Notifications

KPMG Law advises CERTANIA Holding GmbH on the acquisition of RASG Holdco Ltd.

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) has provided legal advice to CERTANIA Holding GmbH, a platform of the Munich-based PE firm Greenpeak Partners, on the…

04.12.2024 | Deal Notifications

KPMG Law and KPMG advises Brain Biotech AG on license agreements and monetization of license rights

KPMG Law Rechtsanwaltsgesellschaft mbH and KPMG AG Wirtschaftsprüfungsgesellschaft (KPMG) advised Brain Biotech AG on the monetization of licensing rights with Royalty Pharma and the conclusion…

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.

Scroll