August

With the General Data Protection Regulation (GDPR) coming into effect next May, it is vital that organisations take action to ensure they are ready to comply.

It will be a challenge to be fully compliant by then, but taking care of the risky areas first will serve the most purpose. Begin by assembling a project team that identifies key stakeholders and a board or senior management buy-in to support the project.

Conduct an initial risk assessment to better understand how the business currently collects, uses and shares personal data, and how these steps are regulated.

Finally, establish a GDPR compliance action plan that includes prioritising activity and remedial measures, creates a data register, and provides training.

With just under a year until the General Data Protection Regulation (GDPR) replaces the Data Protection Act 1998, employers should consider the necessary steps to ensure compliance.
 
GDPR makes it clear that consent must be freely given if there is no genuine free choice. In addition, a data subject has the right not to be subject to a decision made solely by automated processing if that decision affects them, such as system-generated absence reports.
 
To ready themselves, employers should perform an audit on the personal data held by the company and compile a data processing register. They should consider the issue of where consent is avoidable and appropriate and review and amend existing Data Protection Policies.

The German Parliament and the Federal Council have approved the draft of a new Federal Data Protection Act to align German data protection law to the European General Data Protection replace the existing Federal Data Protection Act.

Overall, the draft includes much of Germany's existing Federal Data Protection Act, with specific provisions on processing of employee data, automated decision making, rating agencies and scoring, data subject rights and the requirement of every data controller to appoint a data protection officer, and more.