open search
close
Internationales Arbeitsrecht

Germany – The GDPR one year on

Print Friendly, PDF & Email

This review of the first year of the GDPR in Germany looks at actions by the state data protection authorities, legislative initiatives and a significant court decision relating to data subject access requests.

According to a recently published article, the German Data Protection Authorities (DPAs) have issued 75 fines since the GDPR was implemented, based on the authorities’ answers to this research. The total amount of all fines imposed, based on these answers, was only EUR 449,000, the largest single fine being EUR 80,000. By way of background information, in Germany, the DPAs are organised on a German state level. Not all 16 Authorities had responded to the questions during this research.

The German legislator has passed a set of national implementation rules that was implemented as the same time as the GDPR. This German statute (‘Bundesdatenschutzgesetz’) includes a specific rule on the processing of employee data, which is for the most part based on previous German data protection legislation.

The GDPR received a huge amount of attention in Germany, especially around the time of implementation before and after May 2018. This included interest in the impact of the GDPR in employment relationships. Now that ‘GDPR preparation’ has been completed by most employers, an increasing number of new practical issues are emerging, such as how to handle data subject access requests (DSARs) or how to manage a very detailed list of data retention or deletion periods.

Regarding DSARs, a recent lower court verdict against German car manufacturer Daimler has received a lot of attention in the employment law community. The action is now pending before the highest German Labour Court, Bundesarbeitsgericht. In proceedings relating to a termination, the plaintiff, a lawyer himself, demanded to be provided with information about all data collated about his performance and behaviour and about the origin of this data. While DSARs are generally granted by the GDPR, the parties are now debating to what extent DSARs are limited by third party rights such as the privacy of other employees included in correspondence, and to what extent DSARs are limited by practical considerations, to avoid an obligation to provide bottomless amounts of information.

Ius Laboris




Ius Laboris is a leading international employment law practice combining the world’s leading employment, labour and pension firms. Our role lies in sharing insights and helping clients to navigate the world of labour and employment law successfully.
Verwandte Beiträge
Internationales Arbeitsrecht Neueste Beiträge

ECJ rules data subjects entitled to know of recipients

The decision clarifies the scope of the Data Subject Access Request under the GDPR. The ECJ decided the previously open question of how much detail the employer must provide about the recipients or groups of recipients of the personal data upon request.   The right to information under data protection law Under Article 15 of the GDPR, the data controller (in the employment context, usually the…
Datenschutz Internationales Arbeitsrecht Neueste Beiträge

GDPR: five years on

For those  impacted by the EU General Data Protection Regulation, known as the GDPR since its entry into operation across the bloc on 25 May 2018, it’s quite something to think that the legislation has been with us for five years today. So what has gone well and what has gone less well? One of the main purposes of the legislation was to get the…
Compliance Datenschutz ESG Neueste Beiträge Unternehmensführung

Diversity Monitoring: In Deutschland (noch) problematisch

Viele Unternehmen haben sich mittlerweile die Förderung einer diversen Belegschaft zum Ziel gegeben. Hierfür könnte ein Diversity Monitoring ein erster sinnvoller Schritt sein. Bislang stößt eine derartige Abfrage von Diversity-Faktoren auf rechtliche Bedenken. Doch das könnte sich demnächst aufgrund europarechtlicher Vorgaben ändern. Bedeutung von Diversity Monitoring in Deutschland Das Diversity Monitoring, d.h. die gezielte Sammlung von Informationen über Diversity-Eigenschaften der Belegschaft (wie Migrationshintergrund, Religion, Behinderung,…
Abonnieren Sie den kostenfreien KLIEMT-Newsletter.
Jetzt anmelden und informiert bleiben.

 

Die Abmeldung ist jederzeit möglich.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert