New Data Protection Laws in Europe – What Businesses Need to Know

Data protection laws in Europe are continuously evolving. For companies and SMEs, it's crucial to stay informed about these changes to ensure compliance and strengthen customer trust. In addition to the EU-wide GDPR (General Data Protection Regulation), some countries like Germany and Switzerland have introduced specific national regulations that impose additional data protection requirements. In this article, we highlight the most important new laws and how they affect the daily operations of businesses.



What's New?



Germany: TTDSG (Telecommunications Telemedia Data Protection Act)


In December 2021, Germany enacted the TTDSG, which combines the previous Telemedia Act (TMG) and the Telecommunications Act (TKG) to create a unified regulation for data protection in digital communication.

  • Cookies and Tracking Technologies: The TTDSG regulates the use of cookies and similar technologies. Generally, informed user consent is required before cookies can be set. Exceptions apply only to technically necessary cookies.
  • Electronic Communication: The law strengthens the confidentiality of electronic communications and protects content and metadata from unauthorized access.


For more information, visit the website of the Federal Ministry for Digital and Transport.



Switzerland: New Data Protection Act (nDSG)


On September 1, 2023, Switzerland's new Data Protection Act (nDSG) came into force, replacing the previous law from 1992.

  • Enhanced Data Subject Rights: Individuals now have more extensive rights, including the right to access, correct, delete, and transfer their data.
  • Mandatory Reporting of Data Breaches: Companies are obligated to promptly report data protection violations to the Federal Data Protection and Information Commissioner (FDPIC).
  • Data Protection Impact Assessments: For high-risk data processing activities, companies must conduct a data protection impact assessment.


Details about the nDSG can be found at the Federal Data Protection and Information Commissioner (FDPIC).



Does the GDPR apply everywhere in Europe? Yes and no! Take Austria, for example.


Although the GDPR directly applies in Austria, the country has introduced additional national regulations to further strengthen data protection.

  • Stricter Sanctions: Austria has adjusted the framework for sanctions to enable more effective enforcement of data protection provisions.
  • Specific Regulations for Certain Data Processing: For example, specific national provisions apply to video surveillance or employee data protection.


More information is available from the Austrian Data Protection Authority.



Impact on Businesses


The new laws have significant implications for companies and SMEs in Europe:


1. Increased Compliance Requirements

Companies must review their data protection practices to ensure they meet the new legal requirements.

  • Consent Management: Obtaining and documenting user consent is essential, especially when using cookies and tracking tools.
  • Transparency and Information Obligations: Companies must provide clear and understandable data protection information.



2. Stricter Requirements for IT Infrastructure

The security of IT systems becomes even more critical.

  • Technical and Organizational Measures (TOMs): Companies must implement appropriate security measures to protect personal data.
  • Regular Reviews: Security measures should be regularly tested and updated.



3. Higher Fines and Sanctions

Non-compliance with data protection laws can lead to substantial financial penalties.

  • Germany: Fines of up to €20 million or 4% of the worldwide annual turnover.
  • Switzerland: Fines of up to 250,000 Swiss Francs for intentional violations.
  • Europe: The fines of the GDPR are up to €10 million or 2% of the worldwide annual turnover (for minor offenses) and €20 million or 4% of the worldwide annual turnover (for major offenses).



Practical Tips for Compliance



To meet the new legal requirements, companies should take the following measures.


1. Conduct Data Protection Audits


  • Analyze Data Processing Activities: Identify all processes where personal data is processed.
  • Assess Risks: Evaluate potential risks to the rights and freedoms of data subjects.



2. Employee Training


  • Awareness Raising: Regularly train your employees on data protection topics to promote awareness and responsibility.
  • Behavioral Guidelines: Establish clear policies for handling personal data.



3. Use Data Protection Management Tools


  • Software Solutions: Utilize tools that help manage consents, document processing activities, and report data protection incidents.
  • Example: Trustlytics offers privacy-compliant web analytics without the use of cookies and helps you meet legal requirements.


Learn more at www.trustlytics.ch.



4. Seek Legal Advice


  • Leverage Expertise: Consult data protection experts or lawyers to ensure your measures are legally compliant.



Conclusion



The new data protection laws in Europe require proactive action from companies. By adjusting internal processes, training employees, and using privacy-compliant technologies, businesses can not only minimize legal risks but also strengthen customer trust.



Stay Ahead of the Competition


Start your free 30-day trial with Trustlytics and make your web analytics privacy-compliant:


Test Now for Free


Note: This article is for general informational purposes and does not constitute legal advice. For specific questions, please consult a lawyer or data protection expert.