In recent blogs we’ve talked about the impact that the EU General Data Protection Regulation (GDPR) will have on in house legal departments, both in Europe and across the Atlantic. While it’s fair to say that many legal professionals around the globe remain uncertain about exactly how the incoming legislation will effect data compliance within their organisation, German General Counsels may be one step ahead.
One of the most notable stipulations of the GDPR is, in certain cases, is the obligation to appoint a Data Protection Officer (DPO). While in many countries the concept of a DPO will be fairly new, Germany is arguably one step ahead, given that the appointment of DPOs has been an essential component in German data protection law since 1977.
Under the GDPR DPOs will act as a lynchpin, advising the company on the intricacies of GDPR compliance whilst also acting as contact for Supervisory Authorities (SAs). Unlike in Germany, where most companies are currently obliged to install a DPO, the GDPR only requires the appointment of a DPO by companies in limited cases, namely when the company’s core activities consist of either data processing operations, or when they deal with large amounts of sensitive information.
According to a study by Dimensional Research and Dell, ‘GDPR: Perceptions and Readiness’, 44% of German businesses believe they are prepared for the implementation of the regulation, the highest percentage of any country in Europe surveyed. Interestingly, however, 46% of German businesses indicated they were ‘very concerned’ when asked how much of a worry GDPR compliance is for their organisation.
Although the GDPR itself has direct legal effect in all Member States, the German government recently released a revised version of its own Federal Data Protection Act (GFDPA), which will allow national legislators to enact national laws to supplement the EU regulation. The proposed revisions to the GFDPA largely seek to clarify aspects of the GDPR, however should it enter force, GCs will need to ensure they are compliant with both sets of legislation.
So while it’s certainly true German GCs may be one step ahead, as many organisation already have a DPO in place, the simultaneous implementation of both new Federal and EU legislation will certainly keep GCs, who are taking up an ever more strategic role, busy over the next 18 months.
For more information on the German recruitment market, please email Nicola Elsner.