"Newsletter Common Misconceptions about GDPR (November 2018)"

Newsletter Common Misconceptions about GDPR (November 2018)

Published: (Mon) 05 Nov 2018

The European General Data Protection Regulation (GDPR) has come into effect on 25 May 2018. Due to its broad scope and its implications for the processing of personal data inside and outside of the EU, the GDPR has drawn attention on a global level.

Since the GDPR has come into effect only recently, there are still many questions about the implementation and enforcement of the new rules. While some concerns turn out to be unfounded, a thorough investigation of the GDPR is imperative for companies around the globe doing business with Europe. This newsletter addresses frequent questions and misconceptions about the GDPR with a focus on Japanese companies doing business with Germany.

1. Consent is the cornerstone of data processing
Consent is only one of the lawful bases to process personal data under the GDPR and does not relieve the controller or processor from following the other principles of the GDPR, such as transparency, fairness, proportionality and accountability. Although consent will continue to have major importance, processing based on consent faces a number of challenges in practice:

  • Free choice: Consent must be freely given, specific, informed and unambiguous (Art. 4 no. 11 GDPR). Freely given means that the data subject must have a real choice and must not face any negative consequences for withholding his/her consent.
    • Bundling/Tying: The GDPR makes it clear that “bundling” (linking consent to the acceptance of other terms & conditions) and “tying” (linking consent to the provision of goods or services) is considered highly undesirable. This can be a problem for businesses which offer goods or services that are “paid” with personal data, such as certain smartphone applications and games.
    • Employees: Consent might not be freely given where there is an imbalance of power or dependency, such as in an employer/employee (or applicant) relationship. It is therefore problematic for employers to rely on consent to process personal data of employees, except in those cases where not giving consent will have no adverse consequences at all for the employees and is sought for the provision of a legal or economic benefit for the employee or where joint interests are pursued
  • Sufficient information: Consent must be informed and specific, i.e. in relation to one or more predetermined purposes. This means that general “catch-all” consents are typically invalid.
  • Withdrawal: The data subject may withdraw the consent at any time. This means that the controller and processor must be prepared to cease all processing immediately, unless there is another lawful basis.


Continue Reading (PDF)

More Newsletters…

Newsletter Major Trends in Offshore Wind Power Generation in Japan (Oct 2020)

Being designated by the Japanese government as a main power source, new policies to proactively promote renewable energy have been adopted in Japan. Among several renewable energy sources, offshore wind power generation has attracted the most attention because, while the lands suitable for land wind power are limited, Japanese waters offer relatively favorable offshore sites for offshore wind power generation, and thus it is necessary for Japan to introduce wind power generation using such offshore sites (cf. the 5th Basic Energy Plan approved by the Cabinet on July 3, 2018).

read more

Newsletter Amendments to Renewable Energy Related Laws and Regulations (September 2020)

The Act to Amend the Electricity Business Act, Etc. for Establishing a Resilient and Sustainable Electricity Supply System (the “Energy Resilience Act”) was enacted effective as of June 5, 2020 upon the passage of the bill therefor by the House of Councilors of the Japanese Diet. The Energy Resilience Act provides for various amendments to energy-related laws, such as the Act on Special Measures Concerning Procurement of Electricity from Renewable Energy Sources by Electricity Utilities (the “Renewable Energy Special Measures Act”) and the Electricity Business Act, and is planned to be enforced starting from April 1, 2022.

read more

Newsflash BOJ Filing and FDI Category Expansion (August 2020)

On 7 June 2020 a significant amendment concerning filing obligations of foreign investors in Japan under the Japanese Foreign Exchange and Foreign Trade Act (FEFTA) came into effect which widely expanded the scope of mandatory prior-notification obligations to the competent governmental authorities (i.e. the Ministry of Finance (MOF) and the Ministry or Agency supervising the area of the business concerned) through the Bank of Japan (BOJ).

read more