Significant changes in Austrian Data Protection Law
The European Union General Data Protection Regulation (hereinafter referred to as GDPR), entered into force as of May 25th 2016 and will be directly applicable in all Member States, after the transitional implementation period of two years, as of May 25th 2018. Until then, all data applications must comply with the new legal terms. The new legal situation is briefly described in the following:
Due to the change in the European law, Austria’s parliament has recently adopted the amended 2018 Data Protection Act, which will also apply as of May 25th 2018.
The specific legal situation as of May 25th 2018 will then be determined by both the directly applicable GDPR and the amended Austrian Data Protection Act. There will be significant changes for companies as well as for individual persons due to the GDPR.
For companies the obligation to report to the data protection authority is replaced by extensive duties, such as compiling a list of data processing activities, extensive reporting obligations in the case of data breaches, the obligation to privacy-friendly layouts for automated data processing and the technical presetting of web pages known as privacy by design and privacy by default. For some companies an impact assessment of data protection and the assignment of a data protection officer will become obligatory. But there are several other possible obligations for companies.
The rights of those individuals whose data is used will be strengthened. Thus, the person concerned has an extended right of information, the right to rectify the data, delete the data and restrict the use thereof, as well as the right to data transferability and the right of objection to the use of the data.
Moreover, the powers and tasks of the supervisory authorities are being expanded. Above all, the possible imposition of fines of up to € 20 million or, in the case of a company, up to 4 % of its worldwide annual turnover, is probably the greatest threat to companies by the new GDPR.
Even if there is still some time left until the new data protection law is applicable, companies should use the time to prepare for the new data protection law.
In order to help you or your company with the preparation for the new data protection law, Mr. Herbert Hildenbrandt from our law firm has already successfully completed a course of the European Program for Human Rights Education for Legal Professionals (HELP) on the subject of data protection and privacy rights.
The corresponding certificate can be found here.