D: Changes and amendments of the BDSG 2009: Seizure of profits, higher penalties and new offenses subject to a penalty
Category: Nachrichten, GesetzBy: M. Belke - 2B Advice GmbH - the privacy benchmark
Amendments to the Federal Data Protection Act and the effect thereof on companies - Part 11
The maximum possible limits for fines have been adjusted. The penalty for the administrative offenses listed in para. 1 of Section 43 BDSG new version is now Euro 50,000 instead of Euro 25,000 and the offenses listed in para. 2 are subject to a penalty of up to Euro 300,000. These maximum limits can, however, be exceeded pursuant to a new provision if the economic advantage provides an incentive for additional breaches, i.e. exceeds the maximum penalty amount. This is designed to seize the profit that a company could otherwise keep, despite illegal actions, after payment of a penalty.
Three new administrative offenses, which are subject to fines of up to Euro 50,000 or seizure of profits gained through the commission of the offense were introduced:
• Outsourced data processing: failure to correctly or fully award contracts or failure to verify the contractor's compliance with the technical and organizational measures, either in advance or on a regular basis, constitutes a new offense as defined by Section 43 (1) No. 2b BDSG new version and may be subject to a fine of up to Euro 50,000.
• Random samples for automated collection: breach of obligation to take random samples (Section 10 (4) sentence 3) in the case of automated collection of personal data.
• Barriers to revocation: according to No. 3a of Section 43 BDSG new version, persons imposing more stringent formal requirements on the withdrawal of consent to the use of personal data for advertising purposes rather than those imposed on the creation of the contractual obligation under which the data is collected are guilty of an administrative offense.
The following two new offenses subject to a fine can be punished by penalties of up to Euro 300,000 or seizure of profits achieved through the breach.
• Use despite withdrawal of consent: those using data in spite of the consent for the use of this personal data for advertising purposes having been withdrawn by the person concerned is guilty of an administrative offense pursuant to Section 43(2) No. 5a.
• A breach of the new obligation to notify upon gaining unauthorized access to personal information is also subject to considerable monetary penalties.
(2418 times viewed)
Konzern-Datenschutzbeauftragte