(09.11.2022)
Various data protection topics in fall 2022
In Germany “Corona 3G” data must be deleted now
If you are still storing “Corona 3G data” regarding your employees (Tested/ Recovered/ Vaccinated), these must be deleted in a timely manner (strictly speaking, they should have already been deleted).
The obligation to check 3G requirements of all employees in Germany ended on March 20, 2022 (unless there is a facility-based vaccination requirement). So the associated “3G” documentation is no longer required and must therefore be deleted. To be on the safe side, ask within your company if this has already been done. We have already had cases of employees inquiring about this and lodging complaints.
EU Standard Contractual Clauses for international data transfers: Transition period ends
We already provided detailed information on this subject several times, but here is a brief reminder: The transition period for the old Standard Contractual Clauses templates will end on December 27, 2022. All older contracts must have been converted by then. This is important because the EU standard contracts serve as the legal basis when you transfer data from the EU to entities in the United States or other third countries.
“Data Privacy Framework” to come next year
Data transfer, especially with companies based in the United States, could possibly become a little easier again in the future. The EU is currently ratifying a “Data Privacy Framework” agreement, which could presumably be used starting next spring.
This is a successor agreement to “Privacy Shield” and “Safe Harbour”, both of which, however, were annulled by the European Court of Justice and therefore no longer apply. Unfortunately, there is a risk that this could also happen with the new privacy framework. We therefore consider it “safer” to simply stick to the legal basis of the EU Standard Contractual Clauses in the future and rather not rely on the new Privacy Framework.