EU Law (GDPR)

The General Data Protection Regulation (GDPR) is a significant piece of EU legislation that came into effect in May 2018, and has far-reaching implications for businesses and organizations of all sizes. The GDPR requires companies to implement strict data protection measures and appoint a Data Protection Officer (DPO) in certain cases. In Berlin, the Berlin Supervisory Authority is the governmental body responsible for enforcing GDPR and has the power to issue fines for non-compliance.

The GDPR applies to all businesses and organizations that process personal data of EU citizens, regardless of where the business is based. This includes companies with a physical presence in Berlin, as well as those that offer goods or services to individuals in Berlin or monitor their behavior within the EU.

The GDPR lays down strict rules for how personal data must be collected, processed and stored, including the need for organizations to obtain explicit consent before collecting personal data, and to ensure that the data is accurate, up-to-date and is not kept for longer than is necessary. The GDPR also requires companies to appoint a DPO in certain cases, and to report data breaches to the relevant authorities within 72 hours.

The Berlin Supervisory Authority is responsible for enforcing GDPR within the city. The Berlin Supervisory Authority has the power to issue fines of up to €20 million or 4% of a company’s annual global turnover, whichever is higher, for non-compliance with GDPR. The Authority also has the power to order the suspension or limitation of data processing, and can even ban a company from processing personal data altogether in extreme cases.

We are currently not hosting the GDPR on this website. To access the official text of the GDPR please refer to the official instance.

Scroll to Top