

General Data Protection Regulation (GDPR)
Radical legislative changes – offenders facing administrative fines in the order of millions of euros
Among other requirements, the General Data Protection Regulation (GDPR) imposes rigid compliance requirements on companies in the event of cyber attacks: Any data protection breach must now be notified to the data protection supervisory authority not later than within 72 hours. If this time limit is exceeded or no notification is effected, administrative fines of millions of euros may be imposed. Operators of critical infrastructures (i.e. entities that are vital for the functioning of the community) must additionally comply with the requirements of the IT Security Act and, in this regard, in particular take appropriate organisational and technical safeguards to avoid any interference with the functioning of their information technology systems and furnish proof of compliance with these standards to the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik; BSI) every two years.
Explore our services
News & insights

News: 04 May 2022
Allen & Overy advises HALEX Holding on the sale of its toolmaking division
Allen & Overy has advised HALEX Holding GmbH, a portfolio company of private equity investor Bencis Capital Partners, on the sale of its toolmaking division (HALEX Extrusion Dies) in Germany and in…

News: 24 February 2022
Allen & Overy advises TripActions on the acquisition of Comtravo
Allen & Overy has advised TripActions, a company for travel, corporate card and expense management based in Palo Alto, California, on the acquisition of all shares in Berlin-based Comtravo GmbH…

Blog Post: 13 December 2021
On 2 December 2021, the Court of Justice of the European Union (CJEU) published the Advocate General’s (AG) opinion in case C-319/20 (Facebook Ireland) (the AG Opinion) relating to the issue of…