Skip to main content

Business owners should take note: There’s no transitional period

In the past, you mostly got off lightly for violations of the Data Protection Act – this will change starting on 1 September 2023. Because there is no transitional period, you need to make sure that your privacy policy is compliant as soon as possible.



The following aspects are important:

Do the new rules also apply to me?

In principle, the new law applies to all sectors. It is particularly relevant for businesses that process sensitive personal data, for example accountants and other fiduciaries, healthcare professions or IT companies.

If you are in any doubt, you need to clarify the situation now.

These are the issues that need to be clarified in your privacy policy:
  • The scope and purpose of data collection
  • The form of the users’ consent
  • The period and location that the data will be stored
  • A statement on further use of data
  • Options to ask for information about the stored data
  • A statement on whether you use an automated procedure for data collection
  • A statement about the use of various Google services
Where should the privacy statement be posted on my website?

Post the privacy policy where it’s easy to find. In practice, a link right next to the legal notice (German “Impressum”) at the bottom of your website has proven to be useful.

Can I outsource my data protection obligation?

In principle, you can also use external service providers for support. However, you always need a contact person at your company who handles data protection issues. In the case of a sole proprietorship, this is of course yourself.