/** Translation for 'read more' button in blog**/

The law for the protection of business secrets (GeschGehG)

3. July 2020

With the German Act on the Protection of Trade Secrets (GeschGehG), which came into force on 26 April 2019, the EU Directive on the Protection of Secrets was imple­mented and serves to better protect confi­dential know-how and trade secrets from illegal acqui­sition, use and disclosure. This means that the marginal regula­tions concerning the protection of secrets and know-how in Sections 17 to 19 of the German Unfair Compe­tition Act (UWG) have been repealed by the EU Directive. This special protection is also accom­panied by an oblig­ation for companies to take appro­priate measures.

It is then necessary to analyze what is meant by a trade secret.


I. Defin­ition of a trade secret

Until now, the concept of a trade secret was not legally defined in German law. A legal defin­ition of a trade secret can now be found under § 2 No. 1 GeschGehG. According to this, any infor­mation is a trade secret if it is secret and thus of economic value, if it is subject to circum­stances that require appro­priate secrecy measures and if there is a legit­imate interest in keeping it secret. Infor­mation is protected in the broadest sense: both business infor­mation, such as customer and supplier lists, business plans or adver­tising strategies, and know-how, such as proto­types, algorithms or construction plans.


1. condi­tions for adequacy: appro­priate confi­den­tiality measures

Another new feature is the requirement of “appro­priate secrecy measures”, whereby the appro­pri­ateness must be based on the value and nature of the secret and the size of the company. It always depends on the individual case. It is no longer suffi­cient to have a mere will to maintain secrecy. In the absence of such secrecy measures, the scope of appli­cation of the law does not even open up.

It must also be empha­sized in internal opera­tions that without concrete measures no protection can be granted and that Non-Disclosure Agree­ments (NDAs) or encryp­tions considered secret infor­mation can no longer be considered a trade secret according to Section 2 No. 1 GeschGehG. Admit­tedly, the appro­pri­ateness depends on many different factors, and concrete criteria have not yet been estab­lished by case law. However, this is an objective element of the offence — the burden of proof and demon­stration has to be borne by the owner of the secret.


2. practical aids for everyday work

There is no clear or consistent answer for the imple­men­tation of effective protection measures. However, companies can do a lot to protect themselves.


Classi­fi­cation of information

First of all, it must be inves­ti­gated from which places or persons a danger is assumed. A list of risks is the first step to take measures.

Conse­quently, it is inevitable that companies mark their infor­mation or secrets confi­den­tially and, if necessary, classify them according to their need for protection. Trade secrets can be divided into three categories:

First class:
The existence of the company could be threatened if the classified infor­mation becomes known.

Second class:
Disclosure of the infor­mation could cause permanent economic damage to the company.

Third class:
The company could suffer temporary economic damage if the infor­mation is no longer classified.

Which infor­mation belongs in which classi­fi­cation always depends on the company. However, the same principle applies to all companies: The more important the secrecy of the respective infor­mation is, the more concrete and extensive the measures have to be in order to be able to prove the appro­pri­ateness in court.


How should the entre­preneur protect himself: IT security

Technical protection measures include appro­priate access and use restric­tions through password and virus protection. It is important to use strong and secure passwords to protect electronic documents. These passwords should also be renewed at regular intervals. Electronic data and electronic messages containing secret infor­mation can also be protected and sent using encryption. Access restric­tions based on the “need-to-know” principle can also be useful. According to this principle, employees can only access such secret infor­mation if it is necessary for the perfor­mance of their tasks. Under certain circum­stances it may also be recom­mended to block access to certain computer or Internet functions. USB ports can not only make it easier to quickly copy infor­mation, but also allow viruses or Trojans to enter. Therefore, some USB ports should be blocked in an emergency. Without a well-developed IT protection system, many companies run the risk of leaking sensitive infor­mation to third parties.


How should the entre­preneur protect himself: Organ­i­sa­tional measures

Under­takings should also define respon­si­bil­ities and access restric­tions for business secrets in physical form. For example, binders or proto­types should be secured in well-protected depart­ments or vaults. Protected areas should be protected from external visitors and persons. Possible staff training could also be an effective and appro­priate protection measure.


What should the entre­preneur pay particular attention to: Legal protective measures

One of the most sensible measures is to adapt contracts to protect trade secrets. Employment contracts should stipulate in advance that employees with access to confi­dential infor­mation are obliged to protect it and not to disclose it. Such non-disclosure oblig­a­tions with employees are important for future evidence. In addition, such oblig­a­tions ensure that the marked trade secrets are not illegally used or disclosed by the employee, even after termi­nation of the employment relationship. It should be noted that the limit of the post-contractual prohi­bition of compe­tition is not exceeded (§ 74 et seq. HGB). This is only effective under certain circum­stances. Which type or class of infor­mation is considered a trade secret should also be clearly marked in the contract in order to avoid future misun­der­standings. So-called “catch-all” clauses, according to which all known secrets are covered, are not suffi­cient and therefore ineffective.

Without detailed non-disclosure agree­ments (contractual oblig­ation of secrecy) with business partners, the infor­mation is no longer considered a trade secret.

It is questionable whether claims exist if the old contractual partner uses or discloses the contractual know-how after the end of the contract. It could be that the contractual partner could still be liable to prose­cution even after the end of the contract if he uses or discloses infor­mation that he has obtained with authority, e.g. through the contract. The use or disclosure of the infor­mation does not become immedi­ately permis­sible through autho­rised acqui­sition of secrets and may constitute a breach of contract if a post-contractual oblig­ation of secrecy has been agreed which obliges him not to disclose the secret (cf. § 4 para. 2 no. 3 GeschGehG). This is because although the acqui­sition of the secret was made with consent, its use and disclosure was contrac­tually restricted and may constitute a breach of contractual protection and due diligence oblig­a­tions. The owner of the trade secret will also have an interest in protecting his secret after the end of the contract in contracts with business partners.

Of course, the protective measures listed above are dependent on the individual case and are not exhaustive. Finally, the protective measures must be reviewed and adjusted at regular intervals. In a counselling interview it can be examined which measures offer the optimal solution for your company.


II. New regula­tions through the GeschGehG


Reverse engineering

Reverse engineering refers to the creation of a 1:1 copy of a product from another company. According to § 3 I No. 2 GeschGehG, the obser­vation, inves­ti­gation, disman­tling or testing of a product or object is now permitted if the product has been made publicly available or is in the legal possession of the analyst. Thus, “reverse engineering” is now generally permitted — up to the limit of patent or design law. If the business owner wants to avoid this, he must contrac­tually and explicitly exclude reverse engineering or regulate whether, to whom and to what extent they allow it.


Whistle­blower protection according to § 5 No. 2 GeschGehG

From now on, whistle­blowers may obtain, use or disclose trade secrets if they serve to reveal illegal activ­ities or profes­sional or other misconduct, if they are suitable to protect the general public interest.


Claims in case of infringement

Under the new law, owners of trade secrets have a number of civil law claims against infringers in the event of unlawful obtaining, use or disclosure. These claims include removal and omission (§6), destruction, surrender and recall (§7), right to infor­mation (§8) and compen­sation for damages in the event of negligent or inten­tional violation (§10).



In conclusion, companies should build up and implement concepts and protective measures designed for the operation from the outset, before confi­dential infor­mation is obtained and disclosed. Measures should be documented for verifi­cation purposes. Whether NDAs can grant the desired protection of secrets or what claims you can make against legal viola­tions, Mr. Fürstenow is happy to discuss with you.


Attorney-at-law Sascha C. Fürstenow will be pleased to advise you on this matter and offers a free and non-binding initial assessment of your facts in advance.