Home / Insight / GDPR


General Data Protection Regulation

Go to International

The European General Data Protection Regulation (GDPR) has significantly increased the compliance requirements in relation to data protection law. With effect from 25 May 2018, companies throughout Europe and those that process the personal data of EU citizens had to rethink their handling of personal data and change their internal processes accordingly. Since then, processing of personal data within companies has had to comply with the GDPR.

CMS legal advice – mastering GDPR requirements in practice

The CMS data protection team offers clients legal advice on all aspects of the GDPR and related data protection issues. Since the start of 2016, when the countdown began for the GDPR’s entry into force, we have supported companies from across all sectors on a range of projects, both national and international, helping them to prepare for and implement the General Data Protection Regulation. We continue to provide them with dependable legal advice around the GDPR.

In all GDPR compliance matters, our experts on data protection law work closely with in-house legal departments, data protection officers and compliance officers, as well as IT security departments. Together, we ensure that GDPR-compliant data protection management is integrated effectively into all business processes, delivering outstanding compliance thanks to best-in-class legal advice on the GDPR.

GDPR – the next stage: looking ahead to the ePrivacy Regulation

Corporate data protection compliance could soon face even tougher requirements than those imposed by the GDPR, due to the upcoming implementation of the ePrivacy Regulation. It was originally intended to enter into force along with the GDPR, but was postponed several times due to a lack of consensus within the EU. A key aspect of the ePrivacy Regulation are its rules on online tracking.

Further information on the ePrivacy Regulation and registration for our free newsletter can be found here.

GDPR risk: fines for breaching data protection rules

While concerns about a huge wave of warning notices due to breaches of the GDPR have not been realised, the authorities have initiated several GDPR-related summary proceedings in recent months. This shows that any breach of GDPR data protection rules could have serious consequences for your company.

As part of our comprehensive legal advice on the GDPR, we alert companies to the possible risk of fines at a very early stage. We support them in establishing compliance with the GDPR in their operating procedures and processes and continuously monitoring compliance with the rules, with the aim of avoiding GDPR fines.

More information on the risk of fines and the schedule of fines for data protection infringements can be found in the CMS Enforcement Tracker. 

CMS Enforcement Tracker
GDPR En­force­ment Track­er Re­port 2022
What a year for GDPR en­force­ment: 2021/2022 saw vari­ous land­mark cases...
Data Law Nav­ig­at­or | Ger­many

Explore more

CMS Breach Assistant


Data pro­tec­tion and cy­ber­se­cur­ity laws in Ger­many
Data pro­tec­tion 1. Loc­al data pro­tec­tion laws and scope Data pro­cessing op­er­a­tions are gov­erned by the Fed­er­al Data Pro­tec­tion Act (Bundes­datens­chutzge­setz – BDSG) of 30 June 2017, as last amended...
The Chan­ging Face of Cy­ber Claims
A cy­ber in­sur­ance loss study in Con­tin­ent­al Europe
Data pro­tec­tion and se­cur­ity
Ex­pert leg­al ad­visers
Check­list M&A and GDPR
The scope of the EU Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) ex­tends to M&A trans­ac­tions. Sanc­tions for in­fringe­ments of data pro­tec­tion rules in­clude, amongst oth­ers, a fine of up to EUR 20 mil­lion...