• GL
Choose your location?
  • Global Global
  • Australia
  • France
  • Germany
  • Ireland
  • Italy
  • Poland
  • Qatar
  • Spain
  • UAE
  • UK

GDPR - the countdown begins

08 February 2018
Managing time

As of 25 May 2018 the General Data Protection Regulation (“GDPR”) becomes effective and will replace the National Data Protection Acts of all EU member states.

As of 25 May 2018 the General Data Protection Regulation (“GDPR”) becomes effective and will replace the National Data Protection Acts of all EU member states.

The GDPR brings significant challenges for companies of all sizes. It foresees tighter requirements for the processing of personal data and any infringement of the statutory requirements can be subject to administrative fines up to EUR 20 million or 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher. 

To avoid such sanctions, the following measures are – among others – urgently needed:

  • The processing of data must be documented by the Controller in order to comply with its obligation of accountability, held in the form of a record of processing. 
  • The requirements for contracts for data processing are changing with the GDPR. This means that these contracts need to be revised. The same is also true of employment agreements.
  • The Controller is obliged to carry out an assessment of the possible impact of the envisaged processing operations (“data protection impact assessment”) if the processing is likely to result in a higher risk to the rights and freedoms of the natural person. Does this apply to you? This may especially be the case where using new processing technologies to conduct an extensive evaluation of personal aspects of the natural person on automated processing and profiling or because of processing a large scale of special categories of data like health data.
  • Every company is under the legal obligation not just to be compliant with the requirements of the GDPR and, moreover, must be able to prove this.
  • The transfer of data to a recipient which is not based within the EU may be possible – e.g. at group-internal transfers or for the use of cloud-solutions –, however, this requires further legal preconditions.
The above are just some of those issues that you must bear in mind when asking yourself the question - Is your company compliant with the GDPR? Further information is however available in the enclosed legal update.

Further Reading

We use cookies to give you the best user experience on our website. Please let us know if you accept our use of cookies.

Manage cookies

Your Privacy

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. We mainly use this information to ensure the site works as you expect it to, and to learn how we can improve the experience in the future. The information does not usually directly identify you, but it can give you a more personalised web experience.
Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change permissions. However, blocking some types of cookies may prevent certain site functionality from working as expected

Functional cookies


These cookies let you use the website and are required for the website to function as expected.

These cookies are required

Tracking cookies

Anonymous cookies that help us understand the performance of our website and how we can improve the website experience for our users. Some of these may be set by third parties we trust, such as Google Analytics.

They may also be used to personalise your experience on our website by remembering your preferences and settings.

Marketing cookies

These cookies are used to improve and personalise your experience with our brands. We may use these cookies to show adverts for our products, or measure the performance of our adverts.