The Administrative Court of Karlsruhe has ruled that an administrative order by the Baden-Württemberg Data Protection Authority against a credit agency, which requires the credit agency to guarantee that it will delete certain personal data, may only be based on the GDPR as of the date of its application (25 May 2018). The current German law (section 38, para. 5, p.1 Federal Data Protection Act) did not allow for preventive measures. The amount in dispute was set at €5,000 and an appeal to the ruling was not admitted.