On June 28, 2019, the German parliament (Bundestag) passed new legislation imposing several changes to the current German Federal Data Protection Act (“BDSG”). Although many of the changes addressed privacy aspects of criminal proceedings, the new legislation makes an important change for small companies by increasing the threshold to designate a Data Protection Officer (“DPO”). Whereas currently companies have to designate a DPO if they constantly employ at least 10 employees who deal with the automated processing of personal data, the new legislation increases the minimum number of employees from 10 to 20, significantly decreasing the financial and administrative burden for small companies doing business in Germany. This article explains the changes and their impact and explains what companies should do.
Dennis Schmidt is a member of our Cyber, Privacy & Data Innovation practice. He advises clients on data privacy and IT as well as telecommunications and gambling. With a passion for technology Dennis understands the practical as well as legal needs of his clients.
As a privacy advisor, Dennis advises on the implementation of the General Data Protection Regulation (GDPR), data privacy contracts, privacy policies and employee data protection. As a telecommunications advisor, Dennis advises companies regarding telecommunication secrecy. He is also familiar with the peculiarities of German gambling law.
Before joining Orrick, Dennis practiced data privacy law at another international law firm. He conducted his legal studies in Duesseldorf and Los Angeles.
Posts by: Dennis Schmidt
In November, the German Data Protection Conference (committee of the independent German federal and state data protection supervisory authorities) (“DSK”) published a guidance on the processing of personal data for direct marketing purposes under the GDPR. This guidance finally brings some light into the darkness of marketing under the GDPR. READ MORE