Home / Insight / GDPR

GDPR

General Data Protection Regulation

Go to International

The European General Data Protection Regulation (GDPR) has significantly increased the compliance requirements in relation to data protection law. With effect from 25 May 2018, companies throughout Europe and those that process the personal data of EU citizens had to rethink their handling of personal data and change their internal processes accordingly. Since then, processing of personal data within companies has had to comply with the GDPR.

CMS legal advice – mastering GDPR requirements in practice

The CMS data protection team offers clients legal advice on all aspects of the GDPR and related data protection issues. Since the start of 2016, when the countdown began for the GDPR’s entry into force, we have supported companies from across all sectors on a range of projects, both national and international, helping them to prepare for and implement the General Data Protection Regulation. We continue to provide them with dependable legal advice around the GDPR.

In all GDPR compliance matters, our experts on data protection law work closely with in-house legal departments, data protection officers and compliance officers, as well as IT security departments. Together, we ensure that GDPR-compliant data protection management is integrated effectively into all business processes, delivering outstanding compliance thanks to best-in-class legal advice on the GDPR.

GDPR – the next stage: looking ahead to the ePrivacy Regulation

Corporate data protection compliance could soon face even tougher requirements than those imposed by the GDPR, due to the upcoming implementation of the ePrivacy Regulation. It was originally intended to enter into force along with the GDPR, but was postponed several times due to a lack of consensus within the EU. A key aspect of the ePrivacy Regulation are its rules on online tracking.

Further information on the ePrivacy Regulation and registration for our free newsletter can be found here.

GDPR risk: fines for breaching data protection rules

While concerns about a huge wave of warning notices due to breaches of the GDPR have not been realised, the authorities have initiated several GDPR-related summary proceedings in recent months. This shows that any breach of GDPR data protection rules could have serious consequences for your company.

As part of our comprehensive legal advice on the GDPR, we alert companies to the possible risk of fines at a very early stage. We support them in establishing compliance with the GDPR in their operating procedures and processes and continuously monitoring compliance with the rules, with the aim of avoiding GDPR fines.

More information on the risk of fines and the schedule of fines for data protection infringements can be found in the CMS Enforcement Tracker. 

CMS Enforcement Tracker
GDPR Enforcement Tracker Report 2024
A warm welcome to the fifth edition of the GDPR Enforcement Tracker Report...
Data Law Navigator | Germany

Explore more

CMS Breach Assistant

Feed

23/05/2024
AI Act – What employers need to know
The following article explains the most important provisions of the AI Act that employers should be ready for.The Council's final vote on the AI Act is an important milestone in the regulation of artificial...
16/05/2024
Data Act and Cloud Service Providers (Part 2): Switching Providers
The Data Act means cloud service providers need to take action. Part 2 of our article provides an overview of the process for switching providers.Next blog post in the #CMSdatalaw seriesAs part of its...
02/05/2024
"Automatically disadvantaged?" – Discrimination in the use of AI in the...
Despite the enormous potential of artificial intelligence (AI) in the workplace, evidence shows that AI harbours the risk of perpetuating discriminatory decision-making patterns. There are increasing...
02/05/2024
Data Act and Cloud Service Providers (Part 1): Contract drafting and information...
The Data Act means cloud service providers need to take action. Part 1 of our article provides an overview of contract drafting and information ob­lig­a­tions. With the new Data Act, the European Union...
26/04/2024
Article 82 GDPR: Liability claims under the right of access under data...
It is easy to request access pursuant to the GDPR. If it is not granted, if it is granted late nor not fully, claims for compensation may be asserted as a result.Employees against former employers, consumers...
17/04/2024
CMS data protection update (04/2024)
I. The latest from the data protection authorities and current topics1. EDPB: Launch of coordinated enforcement on the right of accessThe European Data Protection Board (EDPB) selected the right of access...
16/04/2024
Scope and implementation of the right of access under data protection law
The scope of the right of access under data protection law pursuant to Article 15 GDPR is controversial. This is leading to uncertainties as to how to fulfil that right. In autumn 2023, the European...
28/03/2024
The data access rights of the Data Act
The data access rights under the Data Act and their restrictions are extensive – we provide an over­view.European legislators have recognised that data is an essential resource which is required for...
18/03/2024
The DGA is expected to spur on data altruism
Voluntary data donations are intended to make data widely usable. The DGA wants to build trust in data altruism or­gan­isa­tions.The range of applications in which the use of data and information is playing...
12/03/2024
DGA: European data strategy for data intermediation services takes shape
Data intermediation services play a key role in the implementation of the European strategy for data. The DGA subjects these to regulation.In addition to the Data Act, the Data Governance Act (DGA), which...
27/02/2024
Reusing data held by public sector bodies under the DGA
The Data Governance Act should allow data collected with public funds to be reused to benefit so­ci­ety. To­geth­er with the Data Act, the Data Governance Act (DGA) forms a key pillar of the European Commission's...
25/01/2024
Update: Latest news from the CJEU on GDPR compensation
Updated version of the article published on 26 August 2024The CJEU clarifies the requirements under Art. 82 GDPRThis year, as in the previous year, the European Court of Justice (CJEU) has published several...