GDPR does not prohibit a company from disclosing to one company shareholder, information identifying other shareholders in the same company, says the Higher Regional Court of Munich.
The legal basis under GDPR is that the disclosure is necessary for the performance of the contractual relationship established by the articles of association.
“For the exercise of the shareholder rights pursuant to the contractual relationship between the shareholders, it is necessary that the co-shareholders know each other. The purpose of the contract is essentially the exercise of the shareholders’ rights, in particular also through the mutual exchange, the exercise of control and, if necessary, the merger of the co-partners, the strengthening of the position of the shareholders. Insight into the composition of the shareholders and the resultant power relations is useful and necessary for each shareholder. This also includes the possibility of influencing them, if necessary through the purchase of company shares.”