GDPR (General Data Protection Regulation)
Data Protection Changes from 25 May 2018
At the beginning of 2016, the EU Parliament adopted the basic EU data protection regulation (EU-GDPR). This concludes a four-year legislative process. The EU GDPR came into effect on 25 May 2016 and must be implemented within a twoyear transitional period ending 25 May 2018. Do not postpone the large number of changes and start implementing them promptly.
Uniform EU data protection law
With the harmonisation of data protection within the European Union, a uniform data protection law applies throughout the EU with the new GDPR. Dealing with legal requirements when trading in EU member states has been eased considerably. Another advantage for retailers who (want to) trade internationally is the "One Stop Shop Principle". This means that you do not have to communicate with several data protection supervisory authorities in parallel – only with the one where your head office is situated.
- Formulated especially within the right of cancellation for online merchants, there is a right to be forgotten. The change relates in particular to the display of personal data in search engines.
- The conditions for the use of personal data are regulated in the new GDPR.
- Consent to receive newsletters may not be made dependent on the conclusion of a contract.
- The collection and processing of personal data may only take place with the prior unambiguous consent of the data subject, for example by ticking a selection box or through certain browser settings. Consent can only be waived in legally regulated cases.
- Non-European companies that are established in the EU or use data from EU citizens are also subject to the uniform GDPR.
- In the future, all information must be transmitted "in a precise, transparent, comprehensible and easily accessible form in a clear and simple language". Conversely, this means that the data protection declaration will be longer and more detailed than before.
- Contracts with a subcontractor of the merchant, e.g. computer centres or the e-mail service provider of the merchant, will have to be revised in the future. In the event of breaches of data protection law, both can be held separately liable.
- To what extent changes will come into force in the future for the use of the tools mentioned, e.g. an explicit consent of the users, depends significantly on the ePrivacy regulation. This is currently still in the legislative process
Assistance with the implementation of the GDPR with Händlerbund
Experienced, professional advice from experienced lawyers is indispensable. Particularly with the production of the data security policy, great attention must be paid to careful wording. Händlerbund members receive all information on the legally compliant implementation of the basic data protection regulation applicable throughout Europe. The two-year transition period until 25 May 2018 should not prevent us from dealing with the changes now. Become a member and always act legally!
We will discuss the following issues with you:
- Checking which consents are obtained in the shop and whether they meet the new requirements
- New guidelines for the implementation of the data protection declaration
- Tracking current developments regarding the correct use of tracking and remarketing tools