In principle the requirements of an effective consent to the German federal data protection law has. F. are reduced: the written form is no longer the rule, an implied declaration of consent is also authorized by the recital (32) if it is clear. On the other hand, as must be proved by the processor, the written form will nevertheless remain common. It remains mandatory for specific personal data. In practice, for example, consent banners are used. The Deutsches Anwaltverein (DAV) also believes that the RGPD must be amended to the extent that the national legislator must use the opening clauses permitted in the regulation to protect the professional rights and duties of lawyers (. B for example: independence from state influences, legal secrecy, the absolute obligation of the lawyer to his client) in order to continue to guarantee all this.  The DAV drew the conclusions of a "reduction in German data protection legislation".
 For a GDPR and data protection compliant use of Stackfield, the conclusion of an agreement for commissioned data processing with the Stackfield GmbH is necessary. That agreement only has to be concluded once per company. The person signing the agreement is the one who carries out the subsequent process. Similar to Section 11 BDSG, the GDPR provides the possibility of commissioned data processing. During commissioned data processing personal data is carried out on behalf and in accordance with instructions by the controller. It is based on a contractual agreement between the processor and the controller. According to Article 28 sec. 3 and 5 GDPR this agreement shall be in writing or in electronic form and shall stipulate the following topics: The amount of fines for administrative infringement is now, in some cases, art. 83 al.
5 set at up to 20 million euros or up to 4% of the world`s annual turnover (in comparison, the German Federal Data Protection Act (F. F. has so far provided for a fine of up to 300,000 euro). On 30 March 2012, the German Bundesrat raised subsidiarity objections to the proposed regulation. The House of Lander found that the proposal was not in accordance with the principle of subsidiarity and was therefore contrary to Article 5, paragraph 3, of the TUE.  Under this provision, the European Union cannot act in areas outside its exclusive jurisdiction, unless and to the extent that the objectives of the measures envisaged cannot be achieved sufficiently by the Member States, but must be better implemented at EU level because of their size or effects. A data processing agreement (DPA), in German, the data processing contract (AVV, formerly a data processing contract) is concluded by companies (data controllers, data managers) when personal data is processed by a service provider dependent on instructions (Data Processor, Dataververarbeitung).