TSMA Yearbook 2019

35 Taiwan Sporting Goods Manufacturers Association at B2B level companies who retained e.g. external data processing and cloud services went into com- plex new contractual arrangements with such ex- ternal service partners struggling to be compliant with the brand new complex GDPR set of rules. What is it all About – in a Nutshell The GDPR deals with the protection of personal data (and will soon be complemented by another European set of laws covering the exchange of other data at B2B level relating to the internet of things, AI, automatization, robotics, etc.). EU regu- lations become immediately effective in the EU and EEA geographic zone without the need to trans- form such set of rules into national laws. Consumer protection associations and many Eu- ropean politicians celebrated the coming into force of the GDPR as one of the biggest achievements of the Common Single Market ever, since it provides – at least in theory – a uniform standard of privacy protection for European consumers in most parts of Europe defining much stricter standards in this area than it had been the case before. Contrary thereto, numerous industry & trade associations criticized heavily the new EU law, some calling n even monstrous with its 99 articles (the complete text of the Regulation can be found at https://eur-lex.europa.eu/legal-content/DE/ ALL/?uri=celex:32016R0679). Fact is that the contents of the GDPR remain in many respects vague and do not provide sufficient practical and precise guidance what is required to be compliant. The over-arching governing princi- ple is that ANY use and storage of personal data of individuals by commercial operators (starting from name, age, addresses, gender, etc., up to e-mail and computer IP addresses, number plates of cars, etc., etc. require mandatorily the explicit consent pro- vided by the person concerned. Under the new law it is no more sufficient now to request from a con- sumer to disagree to an intended use by e.g. check- ing a certain box on the website (so-called opt out mechanism), further, individuals are to be told by the intended user of such data for which purposes such data will be used, the scope of data, how long they will be stored, etc., etc. Consumers and institu- tions are empowered to request from each and any user of personal data to obtain specific itemized information, which personal data are stored about a person and can also request their deletion. Undoubtedly the GDPR causes a much high-