As of 25 May 2018, the General Data Protection Regulation (GDPR) will apply, with the aim of further unifying data protection law in Europe. Numerous opening clauses e.g. regarding employee data protection in Art. 88 GDPR allow for supplementation and implementation by national law.

Employers shall bear in mind that as of 25 May 2018 the strict sanction mechanisms of the GDPR apply: Violations of the provisions of the GDPR may be subject to a fine up to EUR 20 million or up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.

On the employer's part there is a need for action i.a. in the area of works agreements, which include rules and regulations on the processing of employee data. These include, in particular, works agreements providing for the implementation and use of IT tools or IT framework agreements which are frequently used. These agreements must be subject to adaption in accordance with the new legal standards by 25 May 2018.

Pursuant to the new legislation, such works agreements must, in particular, take account of employees' rights and comply with the newly established requirement of transparency in order to provide the legal basis for data processing past 25 May 2018.

The employer may not unilaterlally amend any works agreements. Therefore, a check-up of the IT works agreements should be carried out promptly in order to arrange necessary amendments with the works council in good time.