A customer of mine has a subsidiary in Germany. The mother company wants to be able to access the subsidiary to run reports and to update i.e. budgets etc. For this the users from the mother company needs to be created (as superusers - they also update objects etc.) that they use to access via Citrix). Now the subsidiary comes back a tell us that this is NOT LEGAL in Germany. No forreign company may have access to update data in a German company’s accounting system. Can anyone help me on this? Are they right or did they get something wrong?
Hi Erik I never heard something like this. (I would also dislike that! [}:)]) bye André
Erik, I suppose the German company is a legal company in Germany. As long as the managing director (called Geschaeftsfuehrer, legal titel) agrees to do so, there should be NO problem with that. I don’t know a law which says that it is not allowed for a forreign company to access an accounting system. I know some (british) companies having the sales department in Germany as legal companies, doing all the bookkeeping from England. The responsebility for the reporting to the german authorities is still with the managing director of the German company. Short, what they are telling you is **** <\bad word mode>. Regards Walter P.S.: e.g. Payroll is a very difficult thing to do with a lot of rules set up by authorities and health insurances. If the company use Navision for that you have to make sure to follow these rules and noboby is making changes in this approved system (otherwise you lose the approval). But still, again, he responsebility for the reporting to the german authorities is with the managing director of the German company.
Never heard of that … As far as i know, it’s not legal for a german company to have their accounting-data on a server that is located in a foreign country. The data has to be located in germany. But as Walter said, if the managing director is responisble for the data - and if the external access is setup with his aggeement, i would not see a problem. As far as i know, there are german companies, that outsourced their accounting to foreign companies. And as the data has to be in germany … there also must be an access from foreign country.
Just one additional question: as I see it then it’s never legal to access a company’s system without the permission of the management. He is the sole resposible part to the public.
Hi One point could lead to annoyance with access to the data from forreign countrys: the German data protection rules. Perhaps this the reason why the German subsidiary said: No. bye André
The management (here Geschaeftsfuehrer/ managing director(s)) is responsible for EVERYTHING happened in a company (e.g. reporting, accidents etc). Normally, the management have other responsible persons / executives for their departments. However, if a company allows (public) access (e.g. commerce portal or other software linked to the web) to the companies systems, then it is OK. Otherwise you could not have a WebShop or an information site of you company and/or products. A MD could be the sole responsible part to the public. Often you find other persons in a company having “prokura” (the meaning of prokura is that they can sign contracts, cheques in behalf of the company as a legal person). This persons with “prokura” could allow the public to access their systems as well as long as these persons apply to the company rules. Hope that helps.
quote:
Originally posted by Andre DDB
One point could lead to annoyance with access to the data from forreign countrys: the German data protection rules. Perhaps this the reason why the German subsidiary said: No.
Andre, a rule is not a law (maybe a translation error). But have you ever read this rule/law? If yes, could you please state a/the paragraph. Walter
Hi Walter
quote:
Originally posted by walter@kirz
… a rule is not a law (maybe a translation error). But have you ever read this rule/law? If yes, could you please state a/the paragraph. …
Sorry. Bad translation! Here is a link to the Federal Data Protection Act (German / English): http://www.bfd.bund.de/information/bdsg_eng.pdf You can’t always fulfill §4b if somebody has full rights on your system. But again: It is only a guess by me. This is IMHO the only point why the German subsidiary could say: No. bye André
Andre, thanks for the link. But if you read that act, you will find only issues related to personal data (personenbezogene Daten) stored into computersystem (or on paper or something else). Nothing else mentioned. If anybody else knows any law(s) about this, the information is welcome. Erik, go ahead with you planning. Try to find out why the german company said “no”. It would be interesting to hear. Regards Walter
But then again. The Navision system in question does also have a HR/Payroll system installed. Does this change anything? As I hear it yes it does.
Maybe, again, as long as the MD give the permission to access the system it shoult not be a problem because they don’t publish the data protected by the data protaction act (it is within the companies group). If the MD do not give the permission to acces the system, you lost. HR/payroll is very sensitive in Germany (may be elsewhere as well). Some contracts don’t allow you to speak about your salary (yeah, that’s good old Germany). In our office all the files are open for anybody; I bet even for the postmen if he would like to have a look. So payroll could be the problem then for them. But saying it is not legal is wrong. Let us know, Erik… Regards Walter
Erik as the german company refuses to provide access to their data, they will have to tell the law, which is the base for their decision. Without that information you can only guess … But if there is personal data (like payroll) in the database, then the people on the payroll would have to be informed. And if one does not want to have his data spread out into the world, then maybe you will have to break up the system into two databases. One for payrole and one for the rest.