German Legal experts Nikolaus Bertermann and Florian Hensel published an opinion article which referred to the the finding regarding the unencrypted form as “This is already technically questionable, since data on forms is frequently transmitted via email, so that the website encryption would have no influence at all on the transmission of data provided in the forms.” You can read the full article here.
In addition to this ruling, Würzburg Regional Court also found that that actions of the legal firm were not in accordance with market conduct rules. Due to this the firm was also subjected to injunctive relief claims under the Act against Unfair Commercial Practices. This ruling was based on two earlier decisions of Hamburg Higher Regional Court and Cologne Higher Regional Court.
Those rulings were that were both issued based on the Telemedia Act legislation as they were made prior to the introduction of GDPR.
GDPR, which was introduced by the European Union on May 25 this year following a long period of review and preparation, is designed to protect the private data of all those within the EU and the European Economic Area (EEA). In addition to this it makes provision for the export of personal data outside these legislative region.