Skip to content
Sub practice
Sub practice

General Data Protection Regulation (GDPR)

Radical legislative changes – offenders facing administrative fines in the order of millions of euros

Among other requirements, the General Data Protection Regulation (GDPR) imposes rigid compliance requirements on companies in the event of cyber attacks: Any data protection breach must now be notified to the data protection supervisory authority not later than within 72 hours. If this time limit is exceeded or no notification is effected, administrative fines of millions of euros may be imposed. Operators of critical infrastructures (i.e. entities that are vital for the functioning of the community) must additionally comply with the requirements of the IT Security Act and, in this regard, in particular take appropriate organisational and technical safeguards to avoid any interference with the functioning of their information technology systems and furnish proof of compliance with these standards to the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik; BSI) every two years.

 

Explore our services

News & insights

Publications: 30 JUNE 2020

Webinar: Cybersecurity – How to respond to an incident

Allen & Overy partners with leading security experts, Kroll, to discuss how to respond to a cybersecurity incident. In light of the heightened threat level due to remote working and disruption caused…

Read more
Abstract graphic

Publications: 19 JUNE 2020

Covid–19 coronavirus: emerging data protection and cybersecurity guidance (Updated 18 June 2020)

The Covid-19 coronavirus is creating a need for organisations to process personal data, for a variety of specific purposes (including managing and protecting their workforce, customers and the…

Read more
Computer hardware

Publications: 29 MAY 2020

Active user consent is required, while previously practiced opt-out mechanisms are unlawful

On 28 May 2020, the German Federal Court of Justice (Bundesgerichtshof; BGH) issued its decision in the Planet49 case that had previously been referred to and decided on by the Court of Justice of the…

Read more

Publications: 20 MAY 2020

Warsaw podcast - GDPR in M&A transactions

Justyna Ostrowska, senior associate in Allen & Overy Warsaw, advises clients on new technologies, intellectual property and data protection law. In her podcast, she discusses the various stages of a…

Read more
View more

Related expertise

Cookies on our website

We use cookies on our site to remember you, show you content we think you will like and help you to use the site. For more details, please see our cookies policy.

Click 'Accept' to consent to cookies other than strictly necessary cookies or 'Reject' if you do not. You can change your mind at any time by visiting our cookie policy page.

Accept cookies
Reject cookies