Skip to main content

On the occasion of legitimis’ anniversary, we take a critical look back at the development of data protection law in recent years. “Data protection is a marathon, not a sprint with the finish line in sight” – says Andreas Waleczek, Senior Consultant at our company. And there is no better way to describe legitimis’ understanding of the topic of data protection.

Legally. Technically. Personally. – has been our slogan from the very beginning, and this is exactly how we continue to achieve and operate data protection in medium-sized businesses. With a sense of proportion, pragmatically, oriented towards the purpose of the company. Data protection lived and breathed in the organisation.

In the 13 years to date and the previous period of experience of the company’s founder Sebastian Feik, which led him to legitimis, there have been a number of changes, adjustments and significant decisions in the data protection legal environment. For example, the amendment of the Federal Data Protection Act in 2009, the discussions and the development of the GDPR, which “finally” came into force in 2018. Above all, however, the steadily growing attention for the topic of data protection, not least due to the activities of interest groups, first and foremost NYOB and Schrems, or more recent rulings by supervisory authorities against large market-dominating corporations such as Meta or Google.

All developments and decisions have legitimately shown that the handling of personal data in the business environment has increased – in attractiveness (keyword: new business models). But it has also become easier to handle and realise personal data – keyword: technical possibilities. In recent years, data protection has attracted increasing attention, also triggered by criminal activities involving the misuse of captured personal data. However, the actual understanding has not changed in its basic features and principles. These can still be traced back to the justification and understanding of the “old” Federal Data Protection Act (BDSG) – “that the individual is not disturbed in his personal rights when dealing with his personal data”. Today, as always, suitable technical and organisational measures must be taken to realise this motto and requirement.

Nothing new really – but often just so difficult, because data protection and the understanding of it start in the heads of all those involved and data protection must be established and lived from scratch in projects, products, systems, ideas – in companies. Today’s digital solutions often appear seductively simple, but go hand in hand with a data collection frenzy that is difficult to contain.

The enthusiasm of 2018 has contributed to implementing the topic of data protection, “being compliant” has become an essential goal of many efforts. However, being compliant at this point means above all to have understood and to live the protection of the individual when dealing with his or her personal information as well as to align all technical and organisational measures so that this compliance is guaranteed from the very beginning – from the very first idea.

“First and foremost, advising on data protection law means getting people excited about the topic,” says Sebastian Feik – “difficult, because data protection is not sexy, does not promise a profit distribution or added value, as I have heard often enough. But data protection is exciting – and it is still economically attractive. At the latest when you get to the point of being able to measure data protection compliance. This is possible, for example, with customer satisfaction, lean and efficient processes and comprehensible documentation that helps you redundantly in the most diverse areas as cross-sectional documentation. Let’s think, for example, of the requirements of the Supply Chain Act – a topic on which data protection has, in the best case, not only already created transparency, but on which existing audits today can reduce new effort – if the topic has been properly understood and implemented. Understood as a continuous path and not as a goal,” Feik continues.

In the last few years, we have seen large consulting firms taking up the topic on a grand scale and software providers springing up with solutions for documenting compliance. This development is correct and foreseeable.

legitimis remains in its personal niche as a one-stop shop that makes data protection a pragmatic reality and accompanies its customers along the way. We see ourselves as an all-rounder and mediator between the specialists in the various fields.  But personal rights are and remain a topic that must be lived throughout the entire company – and that’s where we are the visionaries for our clients.

That’s why: legitimis – we vision data protection and pave the way. We look forward to the coming years and what lies ahead. With you!