Constantin Conrads and Thomas Fischl write:
In a press release on 30 July 2015, the Bavarian data protection authority (DPA) announced that it had recently fined both seller and purchaser for unlawfully transferring customer data as part of an asset deal.
[…]
Two companies had to learn from the German regulator that care should be taken in this respect. According to the Bavarian DPA, transferring customer email addresses requires prior customer consent or, alternatively, customers must be informed of the intent to carry out such a transaction beforehand to give them the opportunity to object. Because the companies failed to take such steps, the regulator alleged violations of Germany’s data protection law when the acquiring company subsequently used the customer information for advertising purposes. While the total amounts of the fines remain undisclosed, the regulator confirmed they were both five figure sums and emphasised that the penalties were significant and incontestable.
Read more on JDSupra.