Data protection


 Overview of our services

„Personal data is the new oil of the internet.” This quote from Meglena Kuneva, former EU commissioner, reveals the tension surrounding data processing. The conflicting interests of added-value through the processing of data and the maintenance of data privacy means that the digitalisation of private and business communication increasingly requires a more sensitive handling of data processing.
After years of negotiations to reach an agreement in keeping with the objectives of the harmonisation of data protection, in 2016 the EU general data protection regulations (EU GDPR) came into effect. From May 2018 the law will become directly applicable and in particular it will supersede the German Data Protection Act (BDSG).

Assessment acc. to the EU general data protection regulations (EU GDPR)

Request more information »

Webinar „Data protection and EU general data protection regulations (EU GDPR)”

The GDPR introduces numerous changes and extensions to the rights of persons and also an adjusted range of sentences. For companies it amounts up to 20 million euros or 4 percent of annual global sales, whereby the higher value is taken to the upper limit. In comparison, previously the maximum fine was 300,000 euros. Therefore, German Mittelstand shaped companies are especially called upon to prepare for the GDPR in order to avoid drastic fines which could even threaten the company's existence. The first step in this process is a survey of the current situation that as a first valuation determines the respective maturity of the company with regard to compliance of the existing data protection laws and the GDPR. The recording of the current situation serves as the starting point on the way towards the desired situation, i.e. the handling of data in such a way as to ensure compliance with the GDPR. The valuation is used to elaborate an action plan which has to be implemented at the latest by May 25, 2018. 
In the modern working world, the technical possibilities of networking and increasing combination of private and professional information results in the recording and processing of ever more data and sensitive data relating to employees.
In this demanding environment, a special point of the GDPR takes effect. The directive establishes extensive and detailed regulations for the processing of personal data, including data protection for employees. However, in a fashion which is untypical for a directive, these regulations are not exhaustive. On the contrary, the directive includes an opening clause which allows member states to make national regulations for the purpose of employee data protection through legislation or through collective agreements. In other words, instead of European harmonisation, the result will be a different interpretation of the employee data protection regulations from member state to member state and from company to company.
Against this background, the German government has passed the "Law for the adjustment and implementation of data protection in the EU" which, although it represents a reform of the German Federal Data Protection Act (BDSG), does not include an independent employee data protection law. Employee data protection rather remains integrated in the BDSG and maintained according to the explanatory memorandum. The GDPR itself introduces new content requirements including company agreements. Existing company agreements do not enjoy a right of continuance and are to be adjusted in order to avoid violations against the GDPR. 

Companies only appear to have a lot of time to implement the requirements of the GDPR. They are called upon to integrate holistic data protection concepts in their processes which, for example, clarify beyond doubt when a data protection impact assessment is required or when a data protection incident is determined and define how one should react to it. Do the procedures and processes allow the portability of the personal data and their deletion? In addition to deletion within the company, this also includes communication of the desire to delete the data to third parties who have received the data.
In order to fulfil the complex requirements, Rödl & Partner will gladly support you with interdisciplinary services covering all conceptual and legal issues.

 E-book ”Data protection and Covid-19”

Thanks to the cooperation of professionals from 13 countries worldwide, we provide you with an overview on the main measures and changes that have been introduced during the Covid-19 pandemic. The articles cover the following legislations: Czech Republic, Denmark, Finland, France, Germany, Kenya, Italy, Latvia, Lithuania, Romania, Russia, Spain and Turkey. They have come together to address the same issue from different points of view.


Download free e-book here »


Contact Person Picture

Dr. Michael S. Braun


+49 9281 6072 70

Send inquiry

Contact Person Picture

Alexander von Chrzanowski

Associate Partner

+49 3641 4035 30

Send inquiry

Contact Person Picture

Hannes Hahn

Partner, Rödl IT Secure GmbH

+49 221 9499 092 00

Send inquiry

Deutschland Weltweit Search Menu