Exclusive Q&A on Outsourcing with Wolfgang Fritzemeyer

How are outsourcing transactions regulated in your jurisdiction?
 
There is no general legal definition of the term "Outsourcing" in German statutory law. The applicability of existing legal provisions depends on the industry sector, the outsourced activities and the outsourcing structure. Usually, relevant statutory provisions are to be found, e.g., in the German Civil Code ("Bürgerliches Gesetzbuch", BGB), employment laws or data protection laws. The English language term "Outsourcing" is used in Germany as well, and no equivalent German language term exists (so far?) in German statutory law, however, also not in a non-legal environment.
 
Are there any compliance issues or potential pitfalls that firms need to be cautious about?
 
Depending on the industry sector, outsourcing transactions need to comply with various legal provisions, e.g., banking or insurance law. For example, under certain circumstances, financial institutions and insurance companies have to notify outsourcing transactions with the Federal Financial Services Authority ("Bundesanstalt für Finanzdienstleistungen", BaFin). Another example is the notification duty with the Federal Cartel Office (“Bundeskartellamt”) according to Sec. 39 of the German Act Against Competition Restriction (“Gesetz gegen Wettbewerbsbeschränkungen“, GWB), if the outsourcing is being qualified as a merger pursuant to Secs. 35; 37 GWB.
 
What causes companies to outsource and how do they determine what aspects should be outsourced?
 
Companies usually outsource activities that do not belong to their core-business. Outsourcing enables companies to hold internal personnel only for their key competences and to avoid expensive maintenance of technical equipment. Therefore, outsourcing may be more cost efficient than managing every activity internally. Moreover, outsourcing may be helpful for the purposes of  implementing, or at least trying, out, new technologies or of improving quality.
 
Are there any labour & employment issues concerning outsourcing?
 
If outsourcing is qualified as a business transfer, Section 613a BGB applies. This provision implements EU employee protection law, based on Directive 2001/23/EC. A business transfer is defined as a "long-term economic unit retaining its identity despite being transferred". This definition is further sharpened by the courts on a case-by-case basis.

In case of a business transfer the employment relationships attaching to the transferred business are being transferred to the transferee, possibly including collective agreements relating to these contracts. The transferor and the transferee must notify employees affected by a transfer in text form prior to the transfer. Moreover, information and consultation rights of the works council have to be observed.
 
What procedures should  a firm take when outsourcing or contracting work which contains important data and security, and are there legal or regulatory requirements that need to be taken into account?
 
The German Data Protection Act (“Bundesdatenschutzgesetz”, BDSG)contains protective provisions regarding the collection, processing and use of personal data (Sec. 1 II BDSG). It is subsidiary to various special-law statutes regulating data protection in individual fields of law, such as the German Telecommunications Act (“Telekommunikationsgesetz”, TKG) or the German Telemedia Act (TMG, “Telemediengesetz”).

The most important principle of German data protection law  is that the collection, processing and use of personal data is forbidden, except it is expressly allowed because of the consent of the data subject or by law (Sec. 4 I BDSG) or other, very limited, overriding interests.

Data processing to a supplier in a non-EU/EEA-country without ensuring adequate data protection standards is permitted only if the respective agreements are meeting the requirements of Sec. 4c  BDSG. Moreover, on a EU/EEA-level there are measures legalizing data processing to such countries, namely the implementation of

• EU-Model Clauses or of
• Binding Corporate Rules.

NOTE: The Safe Harbour Decision of the EU Commission has been declared ineffective by the ECJ (judgement of the 06.10.2015 - C-362/14, Schrems). To replace Safe Harbour a new framework agreement between the EU and the US has been announced on 2 February 2016 (“EU-US Privacy Shield”).
 
What should be included in a well-drafted outsourcing contract?
 
It is recommendable to conclude a framework agreement, defining the scope of the outsourcing project and the general rights and duties of the parties. Under such framework agreement individual agreements will regulate specific parts of the outsourcing, such as scope, service levels, infrastructure, data protection and security and others. Especially when customer and/or supplier do have affiliated companies in different countries participating in the outsourcing venture, the contractual structure needs to involve all of them and to observe the respective, at least if mandatory, local law requirements.
 
Wolfgang Fritzemeyer practices in the areas of computer as well as corporate and contract law. He is also experienced in mergers and acquisitions as well as joint ventures, especially in the computer, telecommunications and related industries. Wolfgang Fritzemeyer is the former Co-Chairman of the Steering Committee of the European IT/IP Practice Group of Baker & McKenzie and is the present Co-Chairman of the IT Group of the German Baker & McKenzie locations. In addition, he is a member of the Firm's Nominating Committee and has been a member of various Firm and German Baker & McKenzie Committees – including the Firm’s Policy Committee, Professional Development Committee and Articles Drafting Committee – and was the Managing Partner of the German offices of Baker & McKenzie for two years.
 
Wolfgang Fritzemeyer is admitted as Rechtsanwalt in Germany, as Attorney-at-Law in New York (USA and as Solicitor in New South Wales (Australia). He serves as President of the German Chapter of the European Outsourcing Association since the Chapter's establishment.

Wolfgang can be contacted on  + 49 89 5 52 38 154 or by email at wolfgang.fritzemeyer@bakermckenzie.com