Subject: Privacy policy
Reading time: 1 Min

Revised Data Protection Act is in effect today

On September 1, 2023, the revised Data Protection Act will come into force. With the accompanying media coverage, many companies are noticing that they have not yet adapted their contracts and processes. Time to quickly get an overview.

Prager Dreifuss currently receives many inquiries on data protection issues. The new Data Protection Act can potentially affect all processes in companies, from startups to established international companies.

Uncertainty exists regarding e.g. the procedure to be followed in the event of a data protection breach, for example in the event of a cyber attack, or regarding the opportunities and risks associated with the use of artificial intelligence. The penalty provisions in the event of a breach are also not yet universally known.

Even if the law comes into force today, it's not all over. It is important to take the right steps quickly: First, the company sets itself a framework by drawing up a data protection concept. Then the data protection declarations and record of processing activities (RoPA) are adapted or completely reformulated. This also includes agreements for commissioned data processing, especially for transfers abroad.

Often, an initial review reveals that only a few changes are imminent, but conversely, this may result in further individual need for action. Our team of data protection experts will be happy to advise you on topics such as the following:

  • Setting up a data protection concept
  • Drafting data protection declarations and record of processing activities (RoPA)
  • Drafting and Negotiating Data Processing Agreements
  • Advice on the use of AI
  • Advice regarding international transfer of personal data abroad
  • Advice re procedure in the event of data breach (e.g. in the event of a cyber attack)
  • Advice on penal provisions
  • Further support tailored on a case-by case basis