Society for Data Protection and Data Security (GDD) e.V.
The annual data protection conference (45th DAFTA) of the Gesellschaft für Datenschutz und Datensicherheit (GDD) e.V. took place on November 18, 2021.
This year, the symposium, which was once again held digitally due to the pandemic, once again impressed with its diverse selection of topics and thus provided all participants with added value in the office, home office or on the sofa at home.
DAFTA also featured a large number of digital participants and lecturers from the "Who's Who" of the data protection world, who spoke on the most important data protection topics of the moment:
The DAFTA was characterized by three current and practice-relevant topics. The new Telecommunications Telemedia Data Protection Act (TTDSG), which came into force on December 1, 2021, was a topic that played just as big a role on the agenda as the ongoing implementation issues regarding the ECJ's "Schrems II" decision. Another topic at this year's DAFTA was the developments in connection with claims for damages under data protection law in accordance with Art. 82 GDPR.
Rolf Bender from the BMWi informed the participants about the history of the TTDSG, the main new regulations of the TTDSG and the fact that not only telecommunications providers, but almost every company or public body is affected by the implementation of the TTDSG.
Dr. Stefan Brink, LfDI Baden-Württemberg, commented on implementation issues relating to the Schrems II decision. Brink considered a new agreement between the EU and the USA to be the only reliable solution to the challenges posed by Schrems II, as the economy could not afford transfer impact assessments. This is because the requirement for additional checks and measures for data exports will not disappear - even after the publication of the new EU standard contractual clauses.
Steffen Weiß, GDD, also showed the participants in an exciting presentation that in countries with data protection laws, a large number of transfer restrictions for data must be observed and that companies are therefore instructed to conclude agreements or organize their data flows and data exports accordingly and secure them at an early stage.
It was also debated whether compensation for damages due to a GDPR breach must exceed a materiality threshold. However, it was clarified that the GDPR does not have such a threshold. The question of a so-called materiality threshold for GDPR claims for damages will nevertheless only be conclusively clarified by the ECJ, as this question has been referred to the ECJ for a decision (decision of January 14, 2021, 1 BvR 2853/19). In general, however, the data subject must still provide reliable evidence of the damage (burden of proof).
Clemens Dörner, 2B Advice GmbH, also presented a contribution to the provider forum on the topic of transfer impact assessment, in which he showed the audience the key points of reference from 2B Advice's perspective on how those responsible can reduce their data protection risk and thus the risk of data protection breaches when using new technologies. A risk arises in particular when companies migrate technologies to the cloud or introduce new technologies such as video surveillance. He pointed out that companies should always carry out an appropriate data protection risk assessment when using new technologies. Among other things, the participants were shown when a risk assessment should be carried out and which types of risk assessments are suitable for different scenarios (e.g. PIA, CMIA, DTIA or DPIA).
The 45th DAFTA thus showed its participants that the uncertainties between jurisdiction, data protection supervision and the legislature pose a not inconsiderable economic challenge for companies.
As became clear towards the end of the DAFTA, in addition to data protection law, the IT Security Act will increasingly be added to the challenges facing companies in the future, currently only with regard to critical infrastructures. In order to mitigate these challenges and develop opportunities for competitive advantages, data protection and information security must be professionalized in the areas of technology, organization, strategy and law within the company.
As a reliable partner, we are therefore happy to support you in the professionalization of data protection. We are already looking forward to the next DAFTA and hope to see you again soon.