What impact does the new data protection law have on my company?
February 6, 2024 | 70,00 EUR | answered by Daniel Netz
Dear lawyer,
I am Gertrud Maier, owner of a medium-sized E-commerce company. Lately, I have heard a lot about the new data protection law and I am wondering what impact it could have on my business.
Currently, we process a large amount of personal data of our customers in order to process orders and send newsletters. We have already taken some measures to protect data, such as implementing a privacy policy on our website and training our employees on handling sensitive data.
However, I am concerned that the new data protection law may impose additional requirements on us and that we may not be adequately prepared. I want to ensure that my company is acting in compliance with the law and does not have to fear fines or legal consequences.
Can you please explain to me what specific impact the new data protection law will have on my company? Are there any specific regulations that we must absolutely comply with? What steps should we take to improve our data protection practices and minimize potential risks?
Thank you in advance for your help and advice.
Sincerely,
Gertrud Maier
Dear Mrs. Maier,
Thank you for your inquiry regarding the new data protection law and its potential impact on your medium-sized e-commerce company. It is understandable that you are concerned and want to ensure that your company is acting in compliance with the law.
The new data protection law, also known as the General Data Protection Regulation (GDPR), was introduced in May 2018 and applies to all companies processing personal data of EU citizens. Its aim is to strengthen the protection of personal data and ensure the rights of the individuals affected.
For companies like yours that process a variety of personal data, there are some important points to consider. Firstly, you must ensure that you have a lawful basis for processing the data. This means that you must either obtain the consent of the individuals concerned or that the processing of the data is necessary for the performance of a contract or to pursue legitimate interests.
Furthermore, you must ensure that you respect the data protection rights of the individuals concerned, such as the right to information, correction, deletion, and objection. You must transparently inform about what data you collect, how you use it, and how long you store it.
It is also important that you implement appropriate technical and organizational measures to protect the data. This includes, for example, encrypting data, regularly reviewing and updating your security measures, and training your employees in handling sensitive data.
To ensure that your company complies with the requirements of the new data protection law, I recommend conducting a data protection impact assessment to identify potential risks and take appropriate measures to minimize risks. Additionally, you should conduct regular data protection audits to ensure that your data protection practices are up to date.
I hope that this information is helpful to you and I am happy to assist you further in answering any questions or supporting you in implementing data protection regulations in your company.
Sincerely,
Daniel Netz
Attorney specializing in business law
