Companies that are affiliated to a group must comply with the provisions of the EU General Data Protection Regulation (GDPR) when exchanging personal data between different group companies.
In recital 48 of the GDPR, the EU legislator has recognised in principle that there may be a legitimate interest in exchanging data between different group companies. However, this recital does not contain a general permission to exchange data within a group. Rather, it is an indication that it must be evaluated in each individual case whether a data exchange can be based on Art. 6(1)(f) of the GDPR.
Data protection-compliant exchange of personal data within a group of companies always presupposes that the principle of data minimisation laid down in Art. 5 GDPR is observed. It must therefore always be examined whether and to what extent an exchange of data is necessary at all and whether the exchange of psyeudonymised or anonymised data would be sufficient.
Then it should be examined on which legal basis the data exchange can be founded and whether additional legal texts need to be drawn up for this purpose. In particular, an agreement on commissioned processing, agreements on joint responsibility of several companies, a permission resulting from the purpose of an individual contract, a written consent of the data subject or a works agreement can be considered.
We advise group companies on all questions of data protection within the group and create legally secure templates for the necessary legal texts.
Do you have any questions or require our consultation?
Contact us. We will further help you.
© GRAU Rechtsanwälte PartGmbB, 2022 | Legal notice | Privacy Policy
© GRAU Rechtsanwälte PartGmbB, 2022
Legal notice | Privacy Policy
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-advertisement | 1 year | This cookie is set by the GDPR Cookie Consent Plugin and is used to record the user's consent to the "Advertising" category cookies. |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 Monate | Das Cookie wird durch die GDPR-Cookie-Zustimmung gesetzt, um die Zustimmung des Benutzers für die Cookies in der Kategorie "Funktional" aufzuzeichnen. |
cookielawinfo-checkbox-necessary | 11 Monate | Dieses Cookie wird vom GDPR Cookie Consent Plugin gesetzt. Das Cookie wird verwendet, um die Zustimmung des Nutzers für die Cookies der Kategorie "Notwendig" zu speichern. |
cookielawinfo-checkbox-others | 11 months | This cookie is set by the GDPR Cookie Consent Plugin. The cookie is used to save the user's consent for the cookies in the "Other" category. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by the GDPR Cookie Consent Plugin. The cookie is used to store the user's consent for the cookies in the "Performance" category. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not the user has consented to the use of cookies. It does not store any personal data. |
wp-wpml_current_language | session | Cookie of the "WPML" plugin that saves the current language of the website. |
Cookie | Duration | Description |
---|---|---|
CookieLawInfoConsent | 1 year | Records the standard button status of the corresponding category and the status of the CCPA. It only works in coordination with the primary cookie. |
elementor | never | This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the content of the website in real time. |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | Used to distinguish users. |
_ga_ | 2 years | Used to persist session state. |
_gac_gb_ | 90 days | Contains campaign related information. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out. |
_gid | 24 hours | Used to distinguish users. |