Since the access to the online register has been activated on August 1, 2022 free of charge and without any registration being required, the portal has been subject to criticism in particular due to the wealth of retrievable data. At the center of accusations: personal details about company founders can be freely accessed, to some extent including the date of birth, private address and bank details. Furthermore, there are freely available image files and PDFs containing sensitive data such as signatures, passports or even marriage certificates.
Association demands the portal’s shutdown
In the course of an expert opinion which had been ordered by the association “Die Familienunternehmer”, the problem has once again come into the public’s focus. Based upon the expert opinion’s findings, i.e., violations of the European Union’s (EU) Charter of Fundamental Rights, the Association demands to shut down the portal until data access has been implemented in a manner compliant with data protection laws.
Dr. Marco Buschmann, German Federal Minister of Justice, had already announced in October to be striving for a fast solution in consultation with the German federal states and the Federal Chamber of Notaries. This is supposed to ensure that in future no documents containing private addresses, signatures or ID copies can be uploaded. Furthermore, the currently available data is to be adjusted. When and how thoroughly such adjustments will be carried out remains to be seen.
Traders should check registered data and can assert claims for cancellation if necessary
As long as the measures announced by the Federal Minister of Justice have not been implemented, we recommend that traders and freelancers who are registered in the commercial register, register of cooperatives, partnership register and register of associations check all data registered for individuals or legal entities. If www.handelsregister.de should contain retrievable data potentially exceeding the necessary scope, the parties might be able to assert claims for erasure pursuant to Art. 17 and 21 GDPR.
The cancellation of the registration and payment requirements for the commercial register is due to the EU’s goal of simplifying the formation of companies and the availability of register information. Therefore, based on the German Act on the Implementation of the EU’s Digitalization Directive (“DiRUG”), the Member States had decided at the end of the implementation period on August 1, 2022, to standardize register access and to remove access restrictions for both companies and private individuals.
A big thank you for contributing to the article goes to Philip Koch, research associate at Baker Tilly.