On June 28, 2019, the German parliament (Bundestag) passed new legislation imposing several changes to the current German Federal Data Protection Act (“BDSG”). Although many of the changes addressed privacy aspects of criminal proceedings, the new legislation makes an important change for small companies by increasing the threshold to designate a Data Protection Officer (“DPO”). Whereas currently companies have to designate a DPO if they constantly employ at least 10 employees who deal with the automated processing of personal data, the new legislation increases the minimum number of employees from 10 to 20, significantly decreasing the financial and administrative burden for small companies doing business in Germany. This article explains the changes and their impact and explains what companies should do.
Yumiko advises on data privacy, IP and IT related matters as well as on unfair and deceptive trade practices law.
For Yumiko the law is where her passion for innovation meets technology and research. With a background in scientific research she has experienced the importance of legally protecting data and ideas. Yumiko understands the creation process and companies turn to her for advice at the intersection of data privacy, intellectual property and technology.
As a privacy advisor, Yumiko partners with clients globally to navigate complex data protection issues. She advises clients on the General Data Protection Regulation (GDPR), data processing and transfer agreements. She councels clients to tackle challenging privacy questions by giving practical advice to craft data guidelines and policies including privacy policies and incident response plans.
As an intellectual property and technology advisor, Yumiko advises companies on their license agreements, and company contracts, and issues in relation to unfair anddeceptive trade practices. She also advises on due diligence assessments.
With a German/Japanese background, Yumiko has a focus on working with Japanese clients. She is trilingual in German, Japanese and English. She studied at Rheinische Friedrich-Wilhelms University in Bonn, Germany and Waseda University in Tokyo, Japan.
Prior to joining Orrick, Yumiko worked as a scientific researcher at Bonn University and as an associate in the field of IP/IT and data privacy with another international law firm.
Posts by: Yumiko Olsen
The Bavarian Data Protection Authority (“BDPA”) took the “safer internet day” in February 2019 as an opportunity to conduct privacy checks on website operators. The focus was on “cybersecurity” (in particular, password security) and “tracking” and the outcome is rather disillusioning, according to the BDPA. The BDPA stated that necessary security measures were not implemented and none of the cookie banners obtained valid consent. The BDPA announced it would conduct further checks via written procedures or even by on-site inspections to validate the quick check results and assess whether further actions must be taken. In those cases where the BDPA is not competent, the BDPA will consider reaching out to competent lead supervisory authorities where necessary so that they can provide their insights. READ MORE
The EU-Japan Economic Partnership Agreement between Japan and the European Union (“EU”) recently came into force, creating the world’s biggest open trading zone that covers 635 million people and almost one-third of the world’s total GDP. In the shadow of that agreement, however, another development—the mutual acknowledgment of data protection standards—took place, which should not be overlooked because it sets another world record. On January 23, 2019, the European Commission adopted its adequacy decision on Japan, acknowledging that Japan provides for an adequate level of data protection. Similarly, effective January 23, 2019, the Japanese independent data protection authority, the Personal Information Protection Commission (“PPC”), has also designated countries within the European Economic Area as having an equivalent level of data protection. This mutual acknowledgement created what is being referred to as the “largest area of safe data transfer” in the world.
These developments have important benefits for companies transferring data from the EU to Japan and vice versa, reducing burdens and giving companies greater access to customers. Below, we discuss the developments and describe what companies should consider in the future. READ MORE