10 German Data Privacy Supervisory Authorities Investigating Potential Unlawful International Data Transfers

According to a press release of the Data Protection Supervisory Authority in the Land Mecklenburg Vorpommern of November 3, German supervisory authorities have randomly selected 500 companies in Germany and sent them requests for information on their international data transfers. The German supervisory authorities are undertaking this coordinated action in order to increase awareness among companies of the need to ensure data privacy compliance of international data transfers.

Content of Request

Companies coming under scrutiny will likely be asked if they send personal data to countries outside the EU, whether the destination country outside the EU is deemed to provide adequate data protection,-and whether they use EU Model Clauses or valid consent from the data subject or something else to justify the data transfers. The supervisory authorities noted that they would focus on several particular industries/services: remote services, help-desk services, other support services, customer relation management or the administration of job applications.

Even though the supervisory authorities have stressed that this action is primarily geared at promoting awareness, organizations should anticipate that enforcement actions will likely follow for companies that are clearly out of compliance.

Analysis and Recommendation to React

This coordinated action is likely a starting point and will be followed by various others with tougher enforcement threats. Accordingly, organizations that maintain a substantial amount of data regarding EU citizens-whether in the EU or the U.S.-should take note of the German supervisory authorities increasing...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT