The new EU General Data Protection Regulation is meant to standardize European data protection law. The new regulation, which will enter into force in the first quarter of 2018 based on current planning (while approval of the EU Parliament is still outstanding), will discontinue the previous concept of a European data protection directive (which had established the general principles under data protection law) and the data protection regulations of individual states building on this, and will replace it with an EU General Data Protection Regulation applying directly in all EU member states.

For many users everyday life without smartphones and tbablets is virtually inconceivable. These devices have become constant companions in day-to-day life, recreationally as well as in business. Times when only a privileged handful of executives were granted access to active business communications and corporate data while “on the road” gradually come to an end. The following article shows essential parameters of pertaining data protection law and technical matters. These are facts companies have to keep in mind if they plan to allow employees to use their private smartphones for business purposes (“BYOD,” short for “Bring Your Own Device”).

Article by Prof. Dr. Michael Schmidl (Partner at Baker & McKenzie Partnerschaft von Rechtsanwaelten, Wirtschaftspruefern, Steuerberatern und Solicitors).

Corporate and consumer users are increasingly embracing hosted information technology solutions. Business models and terminologies vary and include service, rental, and advertising-financed offerings, described as “Software as a Service—SaaS,” “hosted solution,” “cloud computing,” and with other labels. In line with current nomenclature, this article will use “cloud computing” collectively for all hosted solutions that allow users to obtain additional functionality, storage, or processing capacity without having to buy additional devices or software copies. Instead, users access enhanced software, computing power, and data storage space on remote servers via existing computers and Internet browsers. This typically means less upfront investment to users and opportunities for leverage, specialization, and economies of scale for providers.

From March 7-9, 2012, the annual IAPP (International Association of Privacy Professionals) conference took place in Washington DC. More that 10,000 privacy professionals worldwide belong to the IAPP. Some 2,100 privacy professionals took part in the Washington conference, where they exchanged views on various global data protection issues in a series of workshops held over three days.

A document written by the EU Commission for the EU Council, which was published on the Internet, but not intended for the public, reports, as expected, on the great difficulties in EU-US negotiations on a general agreement on data protection.

Yesterday, President Obama introduced a framework for his planned US data protection regulations. It combines elements from the self-regulation efforts of market participants, which are controlled by the FTC, and integrates them with legislative initiatives.

Modern copy machines use hard drives for the intermediary storage of copied documents. Copy machines (usually) do not automatically delete the data on these hard drives. That means: The scanned data from the documents copied by the machine can be found on the copy machine’s hard drive. Please read the following 3-point list of measures, which companies should heed to safeguard their data.

The Hamburg Data Protection Authority arrived at an agreement with Google on the data protection-conforming use of Google Analytics. This agreement had been expected, according to related statements. A protracted dispute about the use of Google Analytics appears to be resolved. In the following, read about what website operators will soon have take into account.

Thus far, there is no specific law in Turkey regarding data protection. However, even without a specific law, personal data are protected by constitutional and statutory provisions.

The following article examines the legal provisions on data protection in Dubai that are governed by the DIFC Data Protection Law 2007, DIFC Law No. 1 of 2007 (referred to in the following as “DPL-DIFC 07”), and explores the potential economic implications.

For many corporate managers, data protection law has so far largely been merely a marginal issue in which lawmakers have more or less imposed burdensome regulations on companies. But companies overlook the strategic relevance of data protection regulations.

It is one of the basic mechanisms of the German Federal Data Protection Act (‘‘FDPA’’) to require a statutory permission or a declaration of consent for the collection, processing (which includes storing and transferring) and use of personal data. No permission is needed, however, for exchanging personal data with a data processor in Germany, the European Union or the European Economic Area (‘‘EU/EEA’’) and for having it carry out processing operations, it being understood that the parent company, a company of the same group of companies or an external service provider can be used as data processors. Should such a data processor be located outside the EU/EEA, the FDPA qualifies the exchange of personal data with the processor as a ‘‘normal’’ data transfer and the aforementioned rule applies again.

If a company has to appoint a company Data Protection Officer, then the question becomes who will be suitable to carry out the office? Apart from the question of whether an Internal Data Protection Officer or an External Data Protection Officer is more suitable for the company, this article will explain which employees in the company can perform the tasks of the Data Protection Officer and when difficulties may arise when determining the officer.

International groups of companies need international employee data transfers. The principles of the European Data Protection Directive of October 24, 1995 (95/46/EC) as implemented in the various Member States’ privacy acts, such as the German Federal Data Protection Act (“FDPA”), require that any data transfer must pass a two-step test.


Datenschutz-Kit Screen

Privacy Kit

the affordable complete solution

inform now


the comprehensive tool for EU GDPR

inform now

Stay up to date.

Subscribe to our free newsletter and get the latest news on data protection.