The countdown has started. On 25 May 2018 the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into effect, as will the new ‘Federal law on data protection’ (Bundesdatenschutzgesetz – BDSG), which transposes the regulation into German law and which contains specific rules on treating employee data. German companies have until 25 May to comply with both texts after which time any violation of the rules could see them incurring fines of up to €20 million or 4% of global business revenues. Together with Klaus Thönißen, labor law specialist with the Luther law firm in Essen, and his colleague Christian Kuß, a data protection lawyer, Planet Labor reviews the primary HR-related obligations and requirements stemming from these texts.
A longstanding tradition. Germany has a long history in terms of data protection. Created in 1977 the Federal law on data protection (Bundesdatenschutzgesetz – BDSG) has seen several rewrites, most notably in 2009 after a series of scandals over employee spying rocked well-known companies (c.f. article No. 080275). At that time the scandals relaunched a debate on the need to formulate a data protection law attuned to the world of work, something that trade unions had been calling for throughout
…Do you have information to share with us?