It is on everyone’s lips – the EU General Data Protection Regulation. While some of you have supplementary agreements written by your legal department and sent to your business partners, the other of you lean back and wait for the things to come.

Small and very small businesses are always overwhelmed with it, but unfortunately, not excluded from the scope. That’s why you essentially read here what you should know:


The content of the new GDPR
The new regulation will include inter alia the following are regulated:
• Legal basis of data processing
• Rights of those affected
• Duties of those responsible
In addition, the already existing consumer rights will be extended and supplemented by additional rights, i.a. the right to data portability and data deletion.


What’s changing for business
In general (albeit with different intensity) the following areas are affected:
• Data collection
• Data processing
• Rights of the customers
• Relations with service providers
• Privacy Management
• Reporting obligations for violations and data loss
• liability
• fines


The core elements
• Prohibition with reservation of permission,
• earmarking,
• Guarantee of affected rights and
• independent supervisory authorities
All Member States have to comply with this with personal data.


What are sensitive data?
Section of Article 1 of the basic Regulation:
‘1. This Regulation lays down rules for the protection of individuals with regard to the processing of personal data and the free movement of such data.
2. This Regulation protects the fundamental rights and freedoms of natural persons, and in particular their right to the protection of personal data.
3.The free movement of personal data in the Union must not be restricted or prohibited for reasons of the protection of individuals with regard to the processing of personal data.


In Article 4 we read by definition:
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter the “data subject”); a natural person is considered as being identifiable, directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified; ”

In Article 5 you read them principles for the processing of personal data


• Breaches of the EU GDPR may result in fines of up to € 20 million or 4% of global turnover, whichever is greater. Data protection violations that exclusively affect German law are limited to 50,000 euros.
• Employees and consumers can assert claims for damages for non-pecuniary damages (compensation for pain and suffering).

For the publication of the EU GDPR you can access the EUR-Lex.