June 29, 2018 : Proposed amendments to Germany’s GDPR Law

A political party has made a request to the country’s Federal Government to amend the Federal Data Protection Act adapting the GDPR.

The amendment request calls for the deletion of the requirement to appoint a Data Protection Officer (DPO), in cases where more than 10 employees are involved in processing personal data. The party also requests:

  • fines for association members that do not follow approved codes of conduct or certifications; but…
  • no penalties for insignificant information obligation breaches (where the violation is immediately fixed, and individuals are not seriously disadvantaged).

Requirement to appoint a DPO

The party believes that the requirement to appoint a DPO if 10+ permanent employees are involved on the processing of personal data will:

  • result in competitive disadvantages for the German economy; and
  • impose much stricter requrements than the GDPR

In terms of enforcement, the party said it should be made clear precisely which infringements can impact fair competition, particularly in cases of non-deliberate organisational and technical measures. Also that penalties should not be used for breaches of information obligations, such as incomplete notices or other minor flaws where:

  • the violation is insignificant;
  • the affected individual(s) are not seriously disadvantaged; and
  • effects on competition are low

In conclusion, the party calls for fines for members of associations that do not follow approved codes of conduct or certifications.

Is your organisation affected by Germany’s GDPR law? Leave a comment below.

Source: German Bundestag – See published document (in German)

Leave a Reply