Austria Belgium Bulgaria China Czech Republic France Germany Hungary Italy Poland Romania Slovakia Spain Turkey

SCHINDHELM WORLDWIDE

News & Jusful News Schindhelm Whistleblowing Solution Newsletter Archive Newsletter Law Library App RUSSIA/UKRAINE RELATED SANCTIONS

Austria: New data protection legislation 2018

On 25.05.2018 new data protection regulations will come into force.

The General Data Protection Regulation (GDPR)
The aim of the new EU regulations is to create uniform data protection law throughout the European Union. However, the escape clauses it contains make it possible for the continuation of country-specific regulations within individual national legislation.

The Austrian Data Protection Amendment Act 2018
The Austrian Data Protection Amendment Act 2018 will amend the existing Data Protection Act, which has been in force since the year 2000. Among other provisions it contains detailed stipulations relating to data protection officers, the structure of Austria's data protection authority and the processing of images, together with further regulations relating to data processing security.

What action may be necessary?
In comparison to the currently applicable Data Protection Act from the year 2000, the GDPR imposes significantly more obligations on public authorities and private companies as the controller of the data processing.

In order to meet these obligations in the best possible way it is advisable for companies to implement an internal data protection management system. Such a system should cover a number of requirements:

Creation of a list of processing operations
A risk analysis for the purpose of identifying risks involved in processing operations – privacy impact assessment
Ensuring compliance with data protection principles
Implementing appropriate technical and organisational data security measures
Protecting the rights of data subjects
Introducing a process of consent
Complying with duties to provide information
Identifying processors and creating contractual framework provisions
Ensuring privacy by design / privacy by default
Introducing a data breach process
Appointing a data protection officer (where legally required)
Drawing up an internal privacy policy
Carrying out employee training on the subject of data protection
Checking on the transmission of data to non-EU countries and obtaining approvals where necessary

Penalties

A breach of the provisions of the GDPR could lead to financial penalties of up to EUR 20 million or 4% of global annual turnover for the previous business year

It remains to be seen how high the financial penalties will actually be. However, it can at all events be expected that the data protection authorities will carry out more frequent and stringent checks.

Accordingly, because of their accountability public authorities and companies will in future need to pay increased attention to personal data in order to fulfil their responsibilities towards the data protection authorities and to protect the rights of the data subjects.

As partners with great experience and extensive expertise in this field we will be glad to support you on all questions relating to the subject of data protection, as well as in establishing a data protection management system.

Authors:
Michael M. Pachinger & Julia Spitzbart

Upcoming international events

Lecture in Hamburg (Master of International Taxation-M.I.Tax)

Fernando Lozano
23.11.2024 09:00, Hamburg (Germany)

Law Team Careers About us International News & Jusful Events Contact

We speak your language.
Everywhere.

SAXINGER s.r.o., advokátní kancelář

Pilsen - plzen@saxinger.com
Bedřicha Smetany 167/2 - CZ - 301 00 Pilsen - T +420 377 330163
Prague - praha@saxinger.com
Konviktská 291/24 - CZ - 110 00 Prag - T +420 222 534 490

2024 (c) SAXINGER s.r.o., advokátní kancelář

Disclaimer Privacy Policy Legal Notice