The document discusses the proposed changes to European data protection laws and their implications for companies doing business in Europe. It summarizes key points from an interview with Dr. Claus-Dieter Ulmer, Group Data Protection Officer of Deutsche Telekom. The proposed new EU regulation would provide one set of data protection rules across all EU countries. It would require companies to implement privacy by design and risk assessments for any personal data processing. Firms with over 250 employees would need to appoint a data protection officer. The changes would impact European companies but also provide some harmonization benefits. General counsels should prepare for the new requirements which may cause additional costs for companies not already compliant.

1. Dr. Claus-Dieter Ulmer, Group Data Protection Officer, Deutsche Telekom
EU Data Protection Reform in 2012: What is on the Horizon and Why Should
General Counsel Prepare?
The European Commission is revising the EU Data Protection
Reform. The proposed new EU data protection regulation is
designed to provide one set of directly applicable rules,
ensuring harmony across all EU countries. This will have
tremendous implications for companies doing business in
Europe. What implications will it have and how should General
Counsels prepare for the proposed changes? These are just a
few of the issues Dr. Claus-Dieter Ulmer, Group Data
Protection Officer of Deutsche Telekom, has discussed in this
interview with the 7th Corporate Counsel Exchange team.
(1) What impact would the proposed changes to European data protection laws have for
companies with European operations?
There will certainly be an impact for European companies. The new data protection regulation is
based on e.g. the principles of privacy by design and privacy by default. This means that every
new product or business model will have to be adjusted to these rules.
In addition the so called data protection risk assessment, which is sort of a privacy pre-check, will
have to be conducted for new solutions that handle personal information of customers and
employees.
Moreover companies with more than 250 employees or companies whose central business
model is the processing of personal information will have to appoint a data protection officer (Art.
35 of the draft).
All these requirements support privacy on one hand but may cause some additional costs for the
companies that are not yet prepared to comply with these requirements on the other hand.
Some surely positive effects will go along with the intended European wide harmonization of the
privacy regulation and the “one stop shop”-principle. The “one stop shop”-principle means that
we prospectively will have only one supervisory authority that will be responsible for affiliated
groups – at least in Europe. This will be the supervisory authority located at the main
establishment of the holding company. This will be the place of its establishment in
the Union where the main decisions as to the purposes, conditions and means of the
processing of personal data are taken.
(2) How should General Counsels prepare for the proposed changes to European data
protection law?
…
Download the interview in full here: http://bit.ly/UAufgB
Visit Corporate Counsel and Corporate Compliance Exchange Resource Library: http://bit.ly/Umcbkn
for complimentary reports, whitepapers, articles and podcasts. The resource library includes
interviews with General Counsel and Chief Compliance Officers of HSBC, InterContinental Hotels
Group, Juniper Networks, Maersk Line and more sharing their insights about some of the most
pressing issues affecting legal departments today.

2. Dr. Claus-Dieter Ulmer, Group Data Protection Officer of Deutsche Telekom has shared his insights at
the Corporate Counsel Exchange in October 2012. The next edition of the Corporate Counsel
Exchange will be co-located with the Corporate Compliance Exchange form 22nd-24th of April 2013 in
London, United Kingdom, where legal challenges will be discussed and solutions will be found.
The 8th Corporate Counsel and Corporate Compliance Exchange offers a perfect setting for senior
legal professionals to network, debate and develop effective business strategies. This exclusive,
invitation only event tackles the challenges that face heads of legal today and helps find solutions
through a series of conference sessions, roundtable discussions and pre-arranged, one-on-one
meetings with a range of solution providers.
For more details including the list of confirmed speakers:
Visit: www.corporatecounselexchange.co.uk
Call: +44(0) 207 369 9404
Email: exchangeinfo@iqpc.com