Summary

The GDPR almost completely replaced the German Federal Data Protection Act as of 25 May 2018 and established “new rules” for companies. The provisions affect every company in every sector and demand an entire review by every company. Along with, if necessary, adaptions regarding the area of Data Protection. Consequently, all companies have the obligation to review existing Data Processing systems and create numerous new processes.

Even established Data Protection organizations must be rethought and adapted to the new requirements. In addition, a revision of existing models, checklists and contract documents is necessary. Data Protection principles such as “privacy by design” and “privacy by default” are very important. They come now alongside the extended requirements of a “data protection impact assessment” and call for appropriate technical and organizational measures.