The Law for legal services (Gesetz über außergerichtliche Rechtsdienstleistungen; RDG) rules since 1. July, 2008 in Germany the authority to effect performance of extrajudicial legal services. It has thereby replaced the till then valid Rechtsberatungsgesetz (RberG). As distinguished from the RberG the Rechtsdienstleistungsgesetz does not regulate the adduction of legal services in judicial proceedings; this is now ruled in the particular code of procedure.
A registered person, who provides debt collection service, must, if he shall claim a demand against a private individual, already by the first assertion forward the following information clear and understandable:
A private person as defined by paragraph 1, is any natural individual, against who a demand is claimed, who has no relation to his commercial or professional occupation. The information obligation as per § 11a RDG for the first assertion by a debt collection company are in effect since 01.11.2014. In case the first assertion is dated earlier that 01.11.2014, the information in later letters must not be „additionally delivered“, if the first reminder has reached the debtor.
Appropriate data protection can avoid the loss of important customer data. Sensitive data for small and middle sized companies in particular shall shall be especially protected. One quarter of the small and middle sized companies in Germany neglect to regularly secure their data, partly or even totally. This has been shown in report from the Netzwerks Elektronischer Geschäftsverkehr. However a loss of data can happen faster than intended – not only by viruses, worms and trojan horses, but also by from time to time appearing hard- och software-defects or simply by an accidental slip by the user. When important company data are lost this can have devastating consequences for the company concerned and in worst case lead to the loss of a market.
Data count to the most valuable assets of the company. By the protection a very high standard of accuracy must be secured. The Back-up shall be arrenged for with regular periodic intervals. It is recommended that the prevailing data supply is secured daily and that a total overall back-up is made weekly. A safety device is not much worth if it does not include the actual content of a document. It is in any case important that the data storage medium, on which the back-up is made, is separated from the generally used infrastructure. The back-up data shall therefore be stored on a secondary, at best external data carrier. It must not be forgotten that a physical recording medium after some years may become defect. These data carriers must therefore regularly be replaced. Also the correct storage is important: especially dry, dark and without large temperature variations. In addition, data storage medium, containing confidential and important information, shall be kept in a lockable place or a safe.
The law against dubious business methods (GguG) has created standard specifications which since 1. November, 2014 must be included in the first collection demand made by debt collection companies and solicitors. Hereby the legislator wanted to bring more transparency for the defaulter.
Individual related data are allowed to be stored only to the extent that is necessary for the purpose of the business relation. This arises from the basic principle of data restriction and appropriation. Debt collection companies may only elevate, store and use those data, which ar necessary to execute a particular collection service, i e to recover a demand. To collect a demand the debtors data (like name, address, telephone number, salary etc.) as well as details for the demand (amount, maturity etc.) are necessary. A debt collection company may seek, store and use data as long as these are essential for the handling of the actual case (i e recover of credit-standing information, address-finding etc.)
The justified interest
The exchange of personal data is only permitted when the receiver of the data can prove a plausible justified interest hereto and that there is no reason to believe that the person concerned has a deserving protection in connection with the data exchange. The justified interest exists when it for example concerns a business initiation (i e bidding, contract, order) and that there is a risk for business failure or when a person ha regular payment commitments to a company (f ex credits, partial payments or an other long lasting debt relation) or a demand which shall be handled over for collection. In these cases the interest in the companys security is higher than the interest in the consumers data protection as the company aadvances the goods or the service.