Skip to content
Sub practice
Sub practice

General Data Protection Regulation (GDPR)

Radical legislative changes – offenders facing administrative fines in the order of millions of euros

Among other requirements, the General Data Protection Regulation (GDPR) imposes rigid compliance requirements on companies in the event of cyber attacks: Any data protection breach must now be notified to the data protection supervisory authority not later than within 72 hours. If this time limit is exceeded or no notification is effected, administrative fines of millions of euros may be imposed. Operators of critical infrastructures (i.e. entities that are vital for the functioning of the community) must additionally comply with the requirements of the IT Security Act and, in this regard, in particular take appropriate organisational and technical safeguards to avoid any interference with the functioning of their information technology systems and furnish proof of compliance with these standards to the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik; BSI) every two years.

 

News & insights

Lindenmann_Cedric-3025503_Web 1366x854

News: 12 MARCH 2021

Allen & Overy is pleased to welcome Cedric Lindenmann to join its Asia Pacific technology practice

Cedric is joining us from our Tier 1 technology practice in Europe and has worked on numerous international projects in Europe, the US, the Middle East and Asia. His relocation to the Singapore office…

Read more
Cloud Computing

News: 29 JANUARY 2021

Allen & Overy advises SAP on the acquisition of Signavio

Allen & Overy has advised SAP SE on the acquisition of Signavio GmbH, a leading company in the enterprise business process intelligence and process management space.

Read more
server

Publications: 09 OCTOBER 2020

Hamburg regulator issues EUR 35 million GDPR fine for data privacy breach

The Hamburg Data Protection Authority imposed the largest ever GDPR fine in German history on Swedish fashion company H&M on 1 October 2020. According to the regulator, the company had stored and used…

Read more
Computer hardware

Publications: 29 MAY 2020

Active user consent is required, while previously practiced opt-out mechanisms are unlawful

On 28 May 2020, the German Federal Court of Justice (Bundesgerichtshof; BGH) issued its decision in the Planet49 case that had previously been referred to and decided on by the Court of Justice of the…

Read more

Related expertise