GDPR is coming.
As of May 25th 2018 the new General Data Protection Regulation (GDPR) becomes effective. By that virtually all of the member states of European Union undergo a total rearrangement of the national data protection law.
An even bigger bang in this matter is the attribute of the new regulation in regards to storing or processing of personal data of EU citizen is the fact that is relevant to not only companies located within the EU borders but for companies globally. Keeping also in mind that penalties are set up to 20 Mio. Euro or 4% of the global turnover GDPR is no topic for a company to be taken casually about.
Directive 95/46/EG versus Regulation (EU) 2016/679
Compared to the existing data protection rule, the Data Protection Directive 95/46/EG, the GDPR has a much more binding effect onto the German legislative due to its rule type. Following comparison provides a quick understanding of the main differences:
- point of realisation lies in the authority of the member state
- member states have to decide for effective realisation (Art. 10 (5) EGV, “effèt utile”))
- are effective for all member states directly after declaration (announced in the Official Journal of the European Union)
- the regulation has higher priority than national legislation
BDSG, GDPR and DSAnpUG-EU
For companies situated in Germany there are currently two main instances relevant in data protection legislation: the Directive 95/46/EG and the so called BDSG (Bundesdatenschutzgesetz engl.: Federal Data Protection Act).