“Right now in Austria, most of the activity revolves around the GDPR, because of its upcoming deadline,” reports Axel Anderl, Managing Partner and Head of IT/IP and Data Protection at Dorda.
“The GDPR implementation is currently the most challenging thing for all Austrian lawyers, since all customers and clients are affected and have become particularly active in the last few months,” he says. "Even if you are not active in the IT or the data protection field, you get the feeling that this is really important. ”Anderl reports that it is quite difficult for clients to find trained professionals in the field, where only a limited number of experts are available. “There is an unbelievable high demand right now to help out companies with compliance issues, but many firms don’t really have the capacity to assist them,” he explains, adding that that this lack of expertise is slowing down implementation processes, which is especially problematic as companies have waited until the last minute to start their compliance processes. “I would say that only around 30% of the Austrian companies will meet the deadline, more or less. Most of the companies are still either in the process, with no chance to finish by the deadline —or they haven’t even started. So we have lots of work ahead of us on this territory.”
Anderl reports that he has “some concerns regarding areas like labor law and employee protection, because further legislation and issues might pop up eventually within these fields." According to him, "Austrian labor law does not provide specific data protection regulations, so now the question is if we need additional regulations on a national level or if the general provisions are sufficient." With regard to the use of data for scientific purposes, the Austrian legislator just recently produced a draft for an adjustment to lower the requirements for consent in line with one of the opening clauses of the GDPR.
Anderl adds that the European Banking Authority guidelines on Cloud Computing and the United States’ newly signed Cloud Act on access to data stored by US providers abroad are also keeping the business and legal markets busy. The new EBA guidelines, he says, are likely to particularly affect the banking and insurance fields. “It is practically a recommendation on a European level concerning cloud computing services and activities in the banking sector. Currently it is in the public debate phase, but the Austrian Authority declared in a directive that those provisions shall apply to future outsourcing activities in the regulated field which gives for the first time guidelines under what circumstances cloud computing is admissible.”
The Cloud Act, which was drafted in the US just a few weeks ago, is designed to change data privacy and government surveillance laws; Anderl explains that the act is designed to “ensure that American authorities have unrestricted access to data of US providers, even if the data is processed and stored abroad." According to him, "this is a huge issue now, and might have bindings with the GDPR, for it impacts data exchange and outsourcing, and might weaken privacy protection.”
Ultimately, Anderl believes that the Austrian business market is doing well. “Our economy is stable. M&A business is rising again, foreign investors are finding a friendly environment here, which is another sign of a good economic situation. At the same time as a consequence insolvency went down, and also arbitration is not as active as it was the past couple of years.”