What are the main changes brought by the GDPR compared to the old data protection law?
November 23, 2022 | 50,00 EUR | answered by Andrea Schlattmann
Dear Data Protection Lawyer,
My name is Bernd Zellmer and I work in a medium-sized company that processes personal data. With the entry into force of the GDPR, I have noticed many changes in data protection law and I am unsure which of them are most relevant for our company.
So far, we have complied with the old data protection law and were satisfied with our measures. Now I am wondering what new requirements the GDPR brings and how we can implement them. I am concerned that without a precise knowledge of the changes, we may potentially violate the new laws and risk high penalties.
Could you please explain to me the key changes brought by the GDPR compared to the old data protection law? What specific measures do we as a company need to take in order to comply with the requirements of the GDPR? Are there any possible training or consulting services that can support us in this process?
I thank you in advance for your help and look forward to your expertise on this matter.
Sincerely,
Bernd Zellmer
Dear Mr. Zellmer,
Thank you for your inquiry regarding the changes brought by the GDPR compared to the old data protection law. As a data protection lawyer, I can explain the most important points to you and recommend concrete measures for implementation.
The General Data Protection Regulation (GDPR) has brought some significant changes compared to the old data protection law. Among the most important innovations are the strengthening of the rights of data subjects, the expansion of information obligations, the introduction of data protection impact assessments, the obligation to report data breaches, and the introduction of higher fines for violations.
As a company processing personal data, you must ensure that you comply with the data protection requirements of the GDPR. Concrete measures you should take include creating a register of processing activities, implementing data protection measures (e.g. pseudonymization, encryption), ensuring the rights of data subjects (e.g. right to information, deletion), complying with information obligations (e.g. privacy policy on the website), and training employees in handling personal data.
To support you in implementing the GDPR requirements, I recommend taking advantage of training and consulting services. There are specialized data protection officers and consultants who can assist you in implementing the necessary measures. Additionally, the Chamber of Commerce, Crafts Chambers, or external service providers offer training and seminars on data protection law.
It is important that you address the requirements of the GDPR in a timely manner to avoid possible fines and damage to your company's reputation. I am available for further questions or individual consultations.
Best regards,
Andrea Schlattmann
