A guest article on the GDPR by:
Dr Oliver Hornung, Attorney at Law for IT & Digital Business and Partner of SKW Schwarz Rechtsanwälte
The following topics are covered in this series of contributions:
- Objectives and principles.
- Rights of data subjects.
- Obligations for companies.
- International data transfers abroad.
- Technical and organisational data protection.
- Commissioned processing.
- Obligation to appoint a company data protection officer.
- New European data protection law also applies to website operators.
- Supervisory Authorities.
- Fines and Sanctions.
- Employee data protection.
- What do companies have to do?
New European data protection law also applies to website operators.
Website operators must comply with a large number of regulations. Regulations on website compliance can be found, among others, in §§ 11 ff. Telemedia Act (TMG). The GDPR will inevitably have an impact on the current compliance requirements of website operators. They will have to check whether the existing data protection declarations correspond with the requirements of the new European data protection law.
Supervisory authorities
The new European data protection law also changes the tasks, responsibilities and powers of the supervisory authorities. The competence of each supervisory authority remains limited to the territory of the member state. In principle, the national supervisory authority of the main establishment or the only establishment of the data processing entity will be designated as the lead supervisory authority responsible for cross-border processing. This means that internationally active companies have one point of contact for data protection supervision.