Berlin | Dusseldorf | Frankfurt | Hamburg | Cologne | Munich | Stuttgart
Header-Anwalt-Rechtsanwalt-Kanzlei-MTR Legal Rechtsanwälte
Contact
Berlin | Dusseldorf | Frankfurt | Hamburg | Cologne | Munich | Stuttgart
MTR Legal Rechtsanwälte Logo
Contact
Berlin | Dusseldorf | Frankfurt | Hamburg | Cologne | Munich | Stuttgart
Contact

Legal Lexicon

Wiki»Legal Lexikon»M&A»Screening

Screening

Definition and significance of screening in the legal context

In the legal context, screening refers to the systematic and standardized review, selection, or filtering of individuals, companies, actions, or transactions based on defined criteria rooted in legal and regulatory requirements. Screening serves as an important tool in various areas of law to identify risks, ensure compliance with statutory regulations, and prevent or detect legal violations at an early stage. Screening can be conducted both automatically by technical systems and manually.

Types and areas of application for screening in law

Compliance screening

Objectives and legal principles

Compliance screenings are used to ensure that companies meet legal obligations, particularly with regard to anti-money laundering, anti-corruption measures, and control systems in accordance with the General Data Protection Regulation (GDPR) as well as national regulations. In this process, business partners and transactions are regularly checked against sanctions lists, politically exposed persons (PEPs), and money laundering risk indicators.

Relevant laws

  • Money Laundering Act (GwG)
  • Foreign Trade and Payments Ordinance (AWV)
  • Regulation (EU) 2015/847
  • Sanctions Enforcement Act (SDG)
  • General Data Protection Regulation (GDPR)
  • German Supply Chain Due Diligence Act (LkSG)

Screening in labor law

Applicant screening and data protection

The review of applicant data and résumés (background checking) is subject to strict legal requirements, particularly set forth in the General Equal Treatment Act (AGG), the GDPR, and the Federal Data Protection Act (BDSG). Screening may only collect permissible information relevant to the specific activity and must be proportionate. The applicant’s consent is generally required.

Workplace monitoring

Screenings in the workplace, such as video surveillance or electronic audits, must always pursue a legitimate purpose, be justified under data protection law, and respect the personal rights of those affected.

Screening in health law

Medical screening

Medical screening refers to the preventive examination of asymptomatic individuals for certain diseases, for example through mass screenings. Legal foundations arise from the Social Code Book (SGB), the Infection Protection Act (IfSG), as well as specific legal regulations for the protection of personal and health-related data.

Data protection requirements

Medical data benefits from special protection under the GDPR and the Federal Data Protection Act. Screenings are only permissible with the explicit consent of the individual concerned and in compliance with data protection principles.

Screening in financial and foreign trade law

Transaction and sanctions list screening

Transactions in banks and financial institutions are systematically screened to prevent violations of embargos, sanctions, and anti-money laundering regulations. Sanctions list screenings are mandatory for financial service providers according to German, European, and international regulations.

Legal obligations

Institutions must regularly review their business partners, customers, and their transactions. Violations of screening obligations can be prosecuted both as criminal offenses and administrative offenses.

Process and organization of screening

Technical and organizational measures

Effective legal screening requires technological support through specialized software and clearly defined internal processes. Technical safeguards and access restrictions are mandatory; results must also be reviewed and documented as evidence and for potential audits by supervisory authorities.

Documentation and evidentiary obligations

Within the framework of legal obligations (e.g. under the GwG, GDPR), there is a duty to document the screenings carried out and their results and to retain them for defined periods. This serves as evidence for regulatory and judicial reviews.

Data protection and personal rights during screening

Lawfulness of screening

The lawful conduct of screenings always requires a legal basis. This can be a statutory obligation, the legitimate interest of the responsible entity, or informed consent of the individual concerned, as regulated in particular by the GDPR.

Rights of affected persons

Affected individuals are entitled to information about the data stored regarding them in the course of a screening. Under certain conditions, they also have the right to rectification, erasure, and to object to processing.

Risks and liability issues in screening

Erroneous screening

Incorrect or omitted screenings can have serious legal consequences, such as fines, compensation claims, or criminal sanctions. Unlawful screening without a legal basis can also lead to liability risks.

Duties of review and due diligence

Companies and organizations are obligated to perform their duties of review and due diligence regarding screening carefully. Failure to fulfill these obligations can result in personal liability for those responsible.

Limits of screening and outlook

Screenings must always be conducted in light of the principle of proportionality and in compliance with fundamental rights. Surveillance measures must not go beyond what is necessary for the intended purpose and as required by applicable legal norms. The development of new technologies and the increasing automation mean that legal requirements for screening are constantly being adapted and clarified.

Summary

Screening is a central element in numerous legal fields and serves primarily to prevent risks, ensure compliance, and meet statutory requirements. Extensive data protection and documentation obligations are imposed on those conducting screening. Lawful implementation of screening measures is essential to avoid liability risks and fines and to ensure compliance with national and international standards.

Frequently asked questions

What legal requirements must be met to conduct a screening?

There are extensive legal requirements for conducting screening, for example, for the early detection of diseases. First, the screening must comply with national and European data protection regulations, in particular the GDPR. This requires a clear legal basis – typically in the form of informed consent from the person being screened (§ 22 BDSG; Art. 9(2) GDPR for health data). Additionally, the principle of purpose limitation must be observed, meaning the data collected during screening may only be processed for the defined medical purpose. For minors or persons unable to consent, legal representatives must be involved. Professional regulations also apply to medical practitioners or facilities (e.g., approval under SGB V for statutory health insurance benefits). Furthermore, the Genetic Diagnostics Act imposes additional rules for genetic screening in Germany.

To what extent is there a duty to provide information in screening?

The duty to provide information is central in the legal context: before any medical screening, the patient must be informed about the purpose, procedure, risks, significance, and possible consequences of the examination under § 630e BGB. This information must be provided in a timely manner, be understandable, and comprehensive, so that informed consent is possible. The duty to provide information also extends to follow-up tests or therapeutic measures that may result from the screening. If the duty to provide information is not met, the examination carried out is legally challengeable and any consent cannot be considered valid.

What data protection requirements apply to screening?

Data protection requirements for screening in healthcare are primarily based on the GDPR, especially Article 9, since health data is considered particularly sensitive. Key aspects include the collection of only necessary data (data minimization), protection from unauthorized access (integrity and confidentiality), and informing affected individuals about the nature, scope, and purposes of data collection. Legal regulations require all data processing to be documented and secured, for example through technical and organizational measures under Article 32 GDPR. Disclosure of data outside of the original screening is only permitted under very limited circumstances, e.g., with specific legal authorization or consent.

Can screening results have labor law implications?

Screening results may be relevant under labor law, for example when obtained as part of job application or preventive medical examinations. Under § 15 AGG, employers may not draw impermissible conclusions or engage in discrimination based on such screening, particularly concerning any illness or disability. Labor law protects the privacy of employees; medical data, as a rule, may not be disclosed to employers without the employee’s explicit and voluntary consent. An exception may only apply if the employer is under a mandatory duty of care and there are no less intrusive means available (e.g., for certain professions in healthcare).

How long may screening data be stored?

The retention period for data collected during screenings must be limited to the minimum necessary in accordance with the GDPR (Art. 5(1)(e) GDPR). The exact duration depends on the purpose of data collection, statutory retention obligations (e.g., under § 630f BGB for medical records: ten years), and the requirement to delete data once the purpose has been achieved or the statutory period has expired. For voluntary screenings unconnected to further medical treatment, data should be deleted as soon as no further retention is required or legally mandated.

Is a workplace agreement necessary for workplace screenings?

When implementing workplace screenings, such as in workplace health management programs, the works council’s participation is mandatory in companies with a works council according to § 87(1) No. 7 BetrVG. Works agreements must include rules on consent, participation, data protection, communication of results, and possible employment law consequences. Without such an agreement, the mandatory implementation of screenings is generally not permitted. Individual consents from employees may also be problematic due to the dependency on the employer and are therefore subject to especially strict validity requirements to protect employee rights.

Are there legal regulations regarding the management of abnormal findings in screening?

If abnormal findings are discovered during a screening, the doctors involved have legal obligations. They are required to inform patients of the results and, if necessary, explain further diagnostic or therapeutic options (§ 630e BGB). In certain cases, there is also a reporting obligation in accordance with the Infection Protection Act or, in the case of genetic examinations, under the Genetic Diagnostics Act. Failure to comply with these notification obligations can lead to liability issues.

Auf dieser Seite

Further term explanations