Skip to content
Sub practice
Sub practice

General Data Protection Regulation (GDPR)

Radical legislative changes – offenders facing administrative fines in the order of millions of euros

Among other requirements, the General Data Protection Regulation (GDPR) imposes rigid compliance requirements on companies in the event of cyber attacks: Any data protection breach must now be notified to the data protection supervisory authority not later than within 72 hours. If this time limit is exceeded or no notification is effected, administrative fines of millions of euros may be imposed. Operators of critical infrastructures (i.e. entities that are vital for the functioning of the community) must additionally comply with the requirements of the IT Security Act and, in this regard, in particular take appropriate organisational and technical safeguards to avoid any interference with the functioning of their information technology systems and furnish proof of compliance with these standards to the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik; BSI) every two years.

 

News & insights

industrial fan

News: 24 AUGUST 2021

Allen & Overy advises DBAG on investing in Dantherm Group

Allen & Overy is advising Deutsche Beteiligungs AG (DBAG) on investing in Dantherm Group A/S (Dantherm), a Danish provider of heating, ventilation and air conditioning technology.

Read more
Mobile phone with security app on screen

Blog Post: 26 JULY 2021

CJEU Advocate General interprets direct marketing by email and targeted advertising under ePrivacy Directive

On 24 June 2021, the Advocate General (AG) of the Court of Justice of the European Union (CJEU) issued his opinion on the preliminary ruling request submitted by Germany's Federal Court of Justice…

Read more
An image of an ink nib touching paper

Blog Post: 05 JULY 2021

Schrems II Update - July

French CNIL issues guidance for organisations on transfer impact assessments, German DSK releases statement on supplementary measures and SCCs, and Hessian DPA comments on data transfer obligations…

Read more
Close up image of laptop screen downloading information

Blog Post: 07 JUNE 2021

Schrems II Update - June

New SCCs, EDPS investigations into cloud contracts, German DPAs inquiry into international data transfers, CNIL’s review of research collaboration tools and FTC report on Privacy Shield.

Read more

Related expertise