On 31 July 2024, the German Higher Regional Court of Munich (OLG München) delivered a judgment providing key insights into the repercussions board members may encounter for violating the General Data Protection Regulation (GDPR). Although the primary legal question centered around the legality of an executive’s dismissal under German corporate and employment law, the court’s decision was heavily influenced by its determination that the executive had prompted the company to engage in unlawful data processing, thereby breaching the GDPR. This blog post highlights the essential facts of the case and the court’s findings regarding the data protection issues involved.Continue Reading German Court Upholds Board Member’s Dismissal For GDPR Breach
Dismissal
Court of Justice of the EU Clarifies Rules on Data Protection Officers’ Dismissal and Conflicts of Interest
Posted in Data Protection Officer, EU Data Protection
On February 9, 2023, the Court of Justice of the EU (“CJEU”) released two separate rulings on the dismissal of data protection officers (“DPOs”) under the German Federal Data Protection Law (“German DPL”) (C-453/21 and C-560/21). The main question in both cases was whether Section 6(4) of the German DPL which permits the dismissal of a DPO with “just cause” is compatible with the GDPR. In short, the CJEU (i) found that the provision was compatible with the GDPR because EU member states can use “just cause” as a threshold for dismissal as long as this does not undermine the objectives set for DPOs under the GDPR, and (ii) clarified the criteria EU member states should take into account to determine whether there is a conflict of interest.Continue Reading Court of Justice of the EU Clarifies Rules on Data Protection Officers’ Dismissal and Conflicts of Interest