On February 29, 2016, the European Commission issued a draft of the so-called Adequacy-Decision for the new agreement between the European Union and the USA called EU-US Privacy Shield to facilitate data transfers between the European Union and the USA. It is doubtful whether the Privacy Shield will be a reliable basis for a simplified transfer of personal data ...
On 15.12.2015 EU Commission, Council and Parliament agreed on the final terms of the General Data Protection Regulation (GDPR) in their trialogue negotiations. It is generally expected that the draft will be adopted soon, in any event not later than summer 2016. This ends the uncertainty about the content of the new European Data Protection law which will be directly applicable in all Member States two years after the adoption by Commission, Council and Parliament ...
1. Background and Issue Labour representation at board level is a well-established part of the German corporate governance system. According to the German Co-Determination Act, a corporation with more than 2,000 employees has to establish a co-determined supervisory board composed of an equal number of shareholders’ and employees’ representatives ...
The Hamburg data protection authority has imposed fines against the companies Adobe, Punica and Unilever, stating that they have continued to transfer personal data to the USA contrary to the stipulations of the Safe Harbor judgment. 1. The Safe Harbor judgment of the ECJ dated October 6, 2015 (legal matter C-362/14) makes it clear that European companies can no longer simply transfer personal data to the USA as a "non-secure third country" ...
Brexit – what does it involve and when could it happen? In a referendum, held in the United Kingdom on June 23, 2016, a majority of voters decided in favor of the United Kingdom of Great Britain and Northern Ireland (UK) leaving the European Union (EU) (this exit from the EU by the UK is the so-called Brexit). The referendum is not binding ...
1. IntroductionSince 2004 the sale by mail-order of prescription-only pharmaceutical products is no longer prohibited in Germany, being the biggest potential market for pharmaceutical products within Europe and thus generally most attractive for pharmacy companies. However, the German pharmacies have been protected during the last decade by a national legislation providing for a fixed–price system for the supply of prescription-only pharmaceutical products ...
The current EU regulations for medical devices and in vitro diagnostics are from the 1990s. The rapid technical developments in the health care system in recent years as well as the increased cross-border trade urgently require a modernization of the current legal framework. Now the adoption of new EU legislation is imminent. This article provides a brief overview of the planned content and the likely entry into force of the Regulations ...
A team led by Dr. Guido Hoffmann, LL.M., has been involved in structuring the transaction, corporate, labor and commercial law in a takeover offer for the German wheel manufacturer Uniwheheels Questions and due diligence. The takeover offer is valid for 100 percent of the outstanding Uniwheheels shares and takes place with the consent of the owner of 61 percent of the shares. The takeover is conditional on Superior acquiring at least 75 percent of the shares in Uniwheels AG ...
The Oberlandesgericht Celle has recently adopted a decision that is likely to be of particular interest to hospitals which are not, in principle, public contracting authorities within the meaning of the law, but which are used by public authorities to pay more than 50 percent for the construction of hospitals pursuant to Section 99, 4 of the GWB (decision ref. 13 G 8/16). In the decided case, the client planned to modernize a hospital in three construction phases ...
EnerDry holds numerous patents based on inventions by its founder and CEO Arne Sloth Jensen, including European Patent EP 1 070 223 B1. This patent relates to steam dryers with a specific type of cyclone, which substantially improves the capacity and efficiency of steam dryers ...
The forthcoming General Data Protection Regulation also results in adaptations with regard to the protection of social data. On May 25, 2018, an amended Code of Social Law will therefore come into effect simultaneously with the General Data Protection Regulation. Above all, the Code of Social Law (SGB) X is affected. Many of the adaptations are editorial changes that have become necessary, but the content has also been amended ...
The Bavarian Data Protection Authority ("BayLDA") has published an online test on its website that can be used by companies to determine how well they are prepared on key topics of the General Data Protection Regulation ("GDPR"). The GDPR will apply directly in the member states of the European Union with effect from May 25, 2018. This will result in significant changes to data protection law in many areas ...
The General Data Protection Regulation (GDPR) is aimed at extensive harmonization of data protection in the EU, and will be applicable with effect from May 25, 2018. The GDPR will replace the current EU Data Protection Directive (Directive 95/46/EC) and will be directly applicable in all EU member states. The new regulations mean that German employers will also have to prepare for changes as regards the protection of employees’ personal data ...
The Bavarian data protection supervisory authority has prepared a series of template documents and overviews, intended to help small companies with GDPR compliance. At first glance, these documents do indeed provide important support for small companies. These have to fulfil almost all obligations under the GDPR in a similar manner to medium-sized businesses and large corporations ...
Under Art. 26 GDPR, "joint controllers" must find an agreement on the data protection obligations between themselves. If they do not do so, they risk a fine pursuant to Art. 83 (4) GDPR. However, the question of when Joint Controllership applies is still a matter of dispute. REQUIREMENTS FOR A JOINT CONTROLLERSHIP Under Art. 26 (1) GDPR, where two or more Controllers jointly determine the purposes and means of processing, they must be classified as "Joint Controllers" ...
Many companies use so-called tracking tools on their website to analyze the use of the website by their visitors, and possibly also to carry out advertising activities on the basis of user profiles created with the tracking tools. These tracking tools mainly use cookies, i.e. small files that can identify a user of a website and that are deposited on the respective user's computer ...
Article 35 GDPR requires companies to carry out a so-called data protection impact assessment if based on the nature, scope, context and purposes of the processing, the processing is likely to result in a high risk to the rights and freedoms of natural persons, Art. 35 (1) Sentence 1 GDPR. The company must then document the processing procedure, identify the risks to the rights and freedoms of the natural persons, and explain what remedial measures the company is taking ...
Photography by promoters and artists is an integral part of any kind of event. Since the General Data Protection Regulation (GDPR) came into effect, the legal requirements for videos and photos depicting people however have to be reassessed. In the past, most member states of the European Union had their own regulations regarding photos that show individual persons ...
The General Data Protection Regulation (GDPR) also affects the working relationship between the employer and the works council. Among other things, it affects the use of works agreements as legal basis, the (possible) responsibility of the works council under data protection law, as well as the controlling authority of the company data protection officer over the works council. WORKS AGREEMENT AS INFORMATION PURSUANT TO ART ...
Many companies are currently facing challenges in relation to the GDPR compliance of their video surveillance. Main issues in this respect are questions related to transparency requirements and information notices, the need for a data protection impact assessment as well as questions concerning retention requirements and retention periods. The German Federal Labor Court (BAG) has recently commented on the admissible storage duration of lawful video recordings ...
It is now more than four months since the EU General Data Protection Regulation (GDPR) became law in all member states of the European Union. Time for an initial and brief interim assessment, and to outline the data protection challenges currently facing companies. Feared spamigation has not materialized To date, the widely feared mass sending of cease-and-desist letters (spamigation) has largely failed to materialize ...
When auditing annual financial statements, auditors are required to draw attention to risks that potentially threaten the company. Such risks can result for example from failure to implement the EU General Data Protection Regulation (GDPR) that has been in force since May 25, 2018. Given the substantial fines envisaged in the GDPR, these risks can result in high provisions, in the worst case in refusal on the part of the auditor to issue an unqualified audit opinion ...
The large number of vague terms as well as provisions requiring interpretation in the GDPR create significant application issues for companies. However, it becomes even more of a challenge if companies not established in the EU want to review whether the GDPR is applicable to them. Generally speaking, the European legislator set themselves the goal of creating the most extensive territorial scope of the GDPR possible ...
Since the GDPR has been in force, almost every company has, among other things, dealt with issues of the permissibility of direct marketing and other marketing activities under data protection law. At their data protection conference on Nov. 07-08, 2018, the German data protection supervisory authorities issued a new "orientation guide" on this topic (as of November 2018) ...