Europe - What was the first year of GDPR like? Where is it heading?

This article initially published on the Open Access Government page on 16 October 2019 explains the current and future effects of the GDPR one year after its implementation. Ius Laboris share their thoughts on what the first year of GDPR looked like and where they see it heading in the future. In the run-up to 25 May 2018, preparations for the implementation of the European…

Denmark – The European Data Protection Board takes stock

The European Data Protection Board (EDPB) has issued its annual report for 2018. The report provides information on the EDPB’s work in the first seven months after the GDPR entered into force and outlines the EDPB’s plans for the future. Since the entry into force of the GDPR on 25 May 2018, the European Data Protection Board (EDPB) has been tasked with ensuring consistent application…

Germany – The GDPR one year on

This review of the first year of the GDPR in Germany looks at actions by the state data protection authorities, legislative initiatives and a significant court decision relating to data subject access requests. According to a recently published article, the German Data Protection Authorities (DPAs) have issued 75 fines since the GDPR was implemented, based on the authorities’ answers to this research. The total amount…

France: EUR 50 million fine for data protection violations

On 21 January 2019, the French Data Protection Authority (the ‘CNIL’) fined Google EUR 50 million for lack of transparency, inadequate information and failure to obtain valid consent for ad personalisation in violation of the GDPR. The violations of the GDPR noted by the CNIL The fine followed an investigation carried out by the CNIL, as a result of a joint complaint filed by the…

IT-Rahmen-Betriebsvereinbarung – sinnvoll?

Die EU-Datenschutz-Grundverordnung (DS-GVO) gilt zwar schon seit etwa drei Monaten verbindlich. Bei manchem Arbeitgeber dauert die „Umsetzungsphase“ aber noch an. In diesem Zusammenhang kommt regelmäßig die Frage auf, ob eine Rahmen-Betriebsvereinbarung zu IT-Systemen Sinn macht. Um die Antwort vorwegzunehmen: Ja, sie macht Sinn – aber die Inhalte sollten gut durchdacht sein. Hauptargument: Compliance für bestehende Betriebsvereinbarungen Als Hauptargument für den Abschluss einer IT-Rahmen-Betriebsvereinbarung wird häufig…

New questionnaire published by German Data Protection Authority

With a press release of 29 June 2018, the local Data Protection Authority (DPA) of Niedersachsen has published a questionnaire. The questionnaire has recently been sent to 20 large and 30 mid-sized companies of various industry sectors which are located in the German state of Niedersachsen. The local DPA has pointed out that they will not send the questionnaire to small companies such as carpenters…

EU General Data Protection Regulation (GDPR) – countdown of one more year

Die EU-Datenschutz-Grundverordnung – noch ein Jahr bis zur Anwendbarkeit – bi-lingual posting / zweisprachiger Beitrag – The European General Data Protection Regulation (GDPR) will become applicable throughout the European Union on 25 May 2018, with additional national legislation. By then, companies need to be compliant. The German Bundesrat has recently passed the new Bundesdatenschutzgesetz, which will adapt the European Regulation into national German law. This…