💾 Archived View for gmi.noulin.net › mobileNews › 6666.gmi captured on 2021-12-05 at 23:47:19. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
Understanding the German mentality to data protection and data privacy is
fundamental to doing successful business in the country
February 2017 - Data Protection & Privacy | IT Law | Doing Business in Germany
Nowhere in the world are there stricter requirements for data protection and
privacy than in the European Union and within the Union, no other country
stands for data protection more than Germany. If you want your business to be
successful in Germany, you should know the reasons. They have to do with the
country s history.
Germany has given rise to two political systems in which the surveillance of
its own people played a fundamental part of control, manipulation and
oppression: the Third Reich and the German Democratic Republic. Both regimes
managed to survive for years. The shared experience was that no one could trust
in their privacy, and deviant behavior could be punished severely. Both systems
are history, and much has been written and said about the political reasons and
implications. And the consequences are still very present today.
For a comparison of privacy concepts set out in some domestic and international
privacy regulations, laws, and guidelines in relation to Generally Accepted
Privacy Principles, visit www.aicpa.org and search for international privacy
concepts
Therefore, topics related to privacy, data protection and thus, security, cause
stronger reactions in Germany than in its neighboring countries or in regions
of the world with even fewer cultural similarities. This is especially true for
health data. Research presented in the Harvard Business Review shows just how
deep the divide is not only between Germany and countries like India or China,
but also between Germany and Great Britain or the USA. When it comes to
protecting data related to personal health history, the average German is
willing to pay as much as $184 U.S., while the average Briton would pay only
$59 U.S. (U.S. citizens and the Chinese place a single-digit value on the
certainty that their health data is safe, and Indians not even that much.)
What does this mean for companies wanting to expand their reach into the German
market? Here are some things to consider for companies who do or do not
specialize in data protection, privacy or security.
Does your company offer products that do not primarily provide additional data
protection, privacy or security?
Then consider the legal requirements and concerns of your potential customers
in Europe and Germany from the start. Make sure your customers and their data
and devices are secure. The integrity of all transactions is a must; security
breaches may be considered a deal breaker. Transparency won t hurt you, and
proof of certifications and the meeting of industry standards will give you
competitive advantages. When marketing your products, underscore your thought
leadership in data protection and security.
Does your company offer products that especially provide additional data
protection, privacy or security?
Did you know that the German language has only one word for both safety and
security ? It is called Sicherheit and can be used either way. Even if your
German business partners are very good at English, don t be surprised if they
seem to confuse the two words. They probably mean the right thing!
Then you will find Europe, and especially Germany, to be a mature market one
that may not have waited for your specific solution. The advantage for your
company? You can expect your potential buyers to be aware of the issues you are
trying to help them with. You don t have to spend extra time explaining the
usefulness of data protection and security. The disadvantage for your company?
You can expect your potential buyers to be aware of the issues you are trying
to help them with. You will spend extra time explaining why it is your product
above all others that improves your potential buyers data protection and
security. Plus, you will have to live up to your promises.
Does your company do, or want to do, business in Germany or elsewhere in the
EU?
Then you should take more than just a peripheral glance at data protection.
Data protection is, and is becoming ever more important. Companies need to find
out in advance what data protection-related regulations and laws they are
subject to, not only to avoid the fines: The secure handling of personal data
is becoming more and more important in the public awareness. Data protection
has long since lost its role as the unloved stepchild, says Dr. Katharina
Kuechler from eco Association of the Internet Industry. Properly
implemented, data protection can be a real competitive advantage.
Do you want to learn more about eco Association of the Internet industry and
how we can help you run a successful business in Germany and Europe? Send us an
email at cometogermany@eco.de.
Data protection law within the EU will be harmonized through the new General
Data Protection Regulation, which will mean that, for example, the requirements
for gaining permission are becoming more stringent in comparison to existing
German data protection law. However, completely new concepts will also be
introduced, such as the data protection impact assessment (Art. 35 GDPR)
compensation or the right to data portability. The General Data Protection
Regulation came into effect on 25 May 2016 and will apply from 25 May 2018 in
all EU Member States, without the need for a further implementation law. This
means that companies have until 2018 to adapt their processes and contracts to
the new regulation. As of that date, companies that do not comply will be faced
with fines of up to 20 million EUR. There are only few cases where protection
is offered for contracts that were finalized before the General Data Protection
Regulation applies. So companies should really start to review their processes
and contracts now for compliance with the new regulation. Also new in the
regulation is the market principle. This means that, in future, companies must
apply the data protection law of the given EU state in which they offer their
service, regardless of whether the company is based in that state. As a result,
companies based outside of the EU must also observe the General Data Protection
Regulation from 2018 if they want to process data or market their products
within the EU.
To help companies in dealing with the transition, eco offers internal audits
for member companies, so they can find out if they are well prepared for doing
business in Europe.
The General Data Protection Regulation also includes the Europe-wide
stipulation for companies to appoint a Data Protection Officer. The central
obligation to report in Art. 37 Abs. 7 GDPR simplifies the monitoring of actual
appointments, so that the detection of inaction will become more likely. The
obligation to appoint a Data Protection Officer can be difficult to fulfill,
especially for SMEs. Here also, eco is happy to help members with an external
solution.
More information is available at go.eco.de/dataprotection.
Or you can send an email to dataprotectionofficer@eco.de and the eco legal team
will get in touch with you.