Data protection law is essentially used for the fundamental rights of informational self-determination, to protect privacy, and also for ensuring the safety of data. The central German policy, the German Federal Data Protection Act (BDSG), is therefore used primarily to protect personal data. State Data Protection Acts (LDSG) are also in place for the German federal states and special statutory provisions for online services are included in the German Telemedia Act (TMG). In addition to the German laws, data protection law is also determined by European guidelines and international treaties such as the Safe Harbor Treaty. There are also many data-protection guidelines included in other statutory provisions.
In the era of cloud computing, big data, and social media, data is circulated and exchanged worldwide. Hardly any company today can function without outsourcing and circulating even sensitive and personal data. External service providers often also have access to corresponding data, to which the legal regulations also apply. This places great demands on companies in the area of data protection.
As violations of data-protection regulations may be punishable as an administrative or criminal offense, in addition to the potentially damaging effect on the image of a company, the issue of data protection during daily operations has gained in importance for many companies. Data protection issues, for instance, play an important role in the area of compliance and corporate governance.
The essential issues in the area of data protection law rest in the collection, processing, and use of personal data, with the term personal data, e.g. in relation to IP addresses, still being disputed. Corresponding contractual stipulations, law-conforming consents from those affected, or legal permission are therefore necessary when processing orders, for example.
Data protection basically concerns every company, as there is hardly any company today that does not process personal data. Even storing, for example, personal and address data, purchasing addresses for mailing campaigns, or a service provider’s access to the personal data stored by a customer are sufficient for this to apply. Every company therefore has to deal with the questions of data protection and may even be legally obligated to engage a company data protection specialist.
In addition to the protection of personal data, the encrypting, authentication, and backing up of data are also part of data protection. Many innovative companies therefore rely on the effective protection of their data. However, the security of communications and electronic legal transactions should also be improved for many users by the provisions of the German Signature Act (SigG) and the German De-Mail Act (De-Mail-G).
Our expertise in data protection law
We have specialized lawyers with many years of experience in data protection law and advise and represent companies throughout Germany in all questions of data protection.