Obligation to maintain confidentiality, non-disclosure, and compliance with data protection according to the GDPR
The EU General Data Protection Regulation (GDPR) no longer refers to the concept of data secrecy. Instead, the GDPR states in several areas that ‘confidentiality’ is to be ensured, e.g. In Article 5 Paragraph 1 f) GDPR.
The way in which this takes place is left open by the General Data Protection Regulation. Article 28 Paragraph 3) (b) GDPR only makes stipulations for the data processor, e.g. that only people who have been obliged to maintain confidentiality – insofar as they are not already subject to a non-disclosure agreement – may be commissioned or employed for data processing purposes. Service providers will not be able to avoid obligating their employees to maintain confidentiality. In general, confidentiality statement must be documented in order to be able to provide proof.
But also from the perspective of the responsible party, the combination of demonstrable obligation and (above all!) employee training is still virtually indispensable for meeting one’s own accountability requirements (Article 5 Paragraph 2 GDPR).
Templates for the obligation to maintain confidentiality or secrecy
In addition, the template declaration also contains clauses for the special agreement of people obligated to maintain the confidentiality of business or trade secrets, such as lawyers or doctors. For these occupational groups, the information sheet includes instructions pertaining to the violation of private secrets according to § 203 of the German Criminal Code [StGB].
Please review the template for the declarations of obligation and modify them for the circumstances in your company as needed.