GDPR(EU) Investigation

May 25th, 2018, sparked a new era for data protection in the European Union (EU), marking the date on which the General Data Protection Regulation (GDPR) (EU) came into effect. The GDPR is a regulation for EU law on data protection and privacy for all individuals within the European Union and the European Economic Area (EEA). The implementation of this regulation indicates that the progression of personal data protection is now growing and reaching an all-time high. This Regulation consists of amendments, expansions, and upgrades of the Data Protection Directive 95/46/EC.

With the rapid development of Internet services over the last 20 years, the regulations formulated prior to the new standards show the weaknesses and lack of care, in the past. The demand for a newer and much wider regulation is growing rapidly. This new General Data Protection Regulation has well-made changes in the protective scope, jurisdictive scope, and the sanctions. If there has been an infringement of provision, a fine of up to €20 million or up to 4% of the annual worldwide turnover of the preceding financial year is to expect from that company. This ensures all companies are liable for their mistakes.

Since the reform of regulation on data protection came into effect, the German Data Protection Authority, found that complaints and reports on private data processes which go against the new regulation increased significantly. This reflects how important data privacy is for all people. Most of these complaints dealt with the abuse of private information from social media and the illegal use of video cameras in shops and streets. Besides the increasing complaints, the Data Protection Authorities began their first questionnaire survey. In Niedersachsen, the Data Protection Department has selected 50 local companies (randomly) from different fields of expertise for this survey. The questionnaire consists of 10 questions, covering the different aspects of data protection. (This questionnaire is attached in the attachment below)

The data protection commissioner from Niedersachsen explains: This spot check is not aimed to find more errors and give punishments. But to promote the new regulation to inspire to and remind people about data protection. However, if there is any illegal behavior found during this spot check, said the company will be fined according to relevant terms of The GDPR (EU).

China, a country in which the big data industry and internet market rapidly develop, do not give sufficient efforts in data security. A large portion of Chinese companies have not developed integrated privacy terms and policies. After the application of the General Data Protection Regulation in May 2018, many Chinese companies located in Germany (including Chinese firms with German business and German firms with Chinese business) were confronted with a potential risk of violations against the GDPR; integrating privacy policy and strengthening data protection will gain the trust from their customers. For example, ECOVIS Beijing is a German company located in China, we are doing our best to become GDPR compliant and ensure all clients’ data will be kept safely and lawfully.

Data security has always been the top priority at ECOVIS Beijing. We would like to share our experience in data protection with more German-located Chinese companies.

Data protection related services we offer:
  • Review the existed data protection documents (Program Guide, Prior Verification, Data Protection Policy, Information Technology Security Policy,Work Procedure Guideline)
  • Adjustment on entrusted data processing contract
  • Responsibility and data protection standard check-in contracts
  • Modification on Standards when asking for permissions and forms
  • Examination and verification of data transmissions to third countries (countries besides EU, EFTA, and EEA)
  • Adjustment on website tracking and data protection statements
  • Updated data protection regulation training for employees (Lectures, Guideline, Ground rules, and Corporate regulations)
  • Training seminars for leaders (Managers, Data protection commissioner)
  • Establishment, examination, and optimization of data process according to the new regulations; Assessment of liabilities and risks, Assessment of possibilities of optimization
  • Provide legal advises and assists in legal procedures, basic on the reported liability for data protection authority when data leakage occurs.
  • Establishment of consequences & assessment mechanism for data protection


Richard Hoffmann

Richard Hoffmann is a partner at ECOVIS Beijing China. Richard obtained an honors degree in law and worked in Germany, the United States, and China for various prestigious law firms prior to joining ECOVIS. In addition to being a member of the board of ECOVIS International, he is Supervisor for the China business of a respected German company and shares his extensive knowledge to students by teaching commercial law in China at SRH Hochschule Heidelberg. He has published more than fifty articles in international magazines, frequently speaks at high profile events in China and abroad and is often invited as a legal expert by international TV stations. Contact:

Ecovis Beijing

Ecovis Beijing is the trusted tax and legal advisor to several embassies and official institutions in China. It specializes in mid-sized international companies and is focused on tax & legal advisory, accounting and auditing. If you’re interested in finding out more about tax and legal, don’t hesitate to sign up for our Newsletter, give us a call +49 6221 9985 639 or contact us directly via