The Three-Part Test: Defining a Trade Secret

Under the GeschGehG, not all confidential information is automatically a trade secret. The law sets out three distinct criteria that must all be met for information to qualify for protection. Companies cannot simply claim information is secret; they must prove that it fulfills all three requirements to have a legal claim.

This is the most fundamental requirement. The information must not be generally known or readily accessible to persons in the circles that normally deal with such information. The term “secret” does not mean that absolutely no one can know it; rather, it means the information is not public knowledge.

• Practical implications
  You must be able to demonstrate that the information is not found in public patents, on a company’s website, in brochures, or in articles. The secret must be confined to a specific group of people within and sometimes outside the organization.
• Example
  A company’s internal customer database, which contains contact details, purchase history, and specific preferences, would be considered a secret. The information is not publicly available, and its value lies precisely in this confidentiality. In contrast, the company’s general address, which is published on its website, is not a secret.

This criterion establishes that the secret must be of economic significance. Its value to a company must come from the fact that it is not in the public domain. This value can be direct (e.g., a new product design that gives a market lead) or indirect (e.g., a customer list that saves time and resources in finding new clients).

• Practical implications
  You need to be able to show that a competitor would have an advantage if they possessed this information. Its secrecy provides a competitive advantage.
• Example
  A new, unpatented formula for a cosmetic product has significant commercial value. The formula’s secrecy gives the company a unique selling proposition and allows it to dominate a niche market. If the formula were to become public, the commercial value would be lost. Similarly, a list of trusted suppliers and the negotiated prices could be a valuable trade secret, as it provides a competitive pricing advantage.

This is a critical requirement. The law states that the legitimate holder of the trade secret must have taken steps to keep the information secret. The measures must be “reasonable” given the circumstances, the type of information, and the resources of the company. A global corporation with massive resources is expected to have more elaborate measures than a small organization, but some form of effort is mandatory for all.

• Practical implications
  You must proactively demonstrate that you have made an effort to protect your secrets. You cannot simply claim information is secret; you must show the measures you took to keep it that way. These measures can be:
  • Organizational: Using the “need-to-know” principle, where information is only shared with those who need it for their work. Implementing clear policies and training staff on confidentiality.
  • Contractual: Having employees and business partners sign Non-Disclosure Agreements (NDAs). This is a cornerstone of contractual protection.
  • Technical: Using passwords, encryption, firewalls, secure servers, and restricted access rights to digital data.
  • Physical: Restricting access to certain office areas, locking files, and using security cameras.
• Example
  A software company has a critical piece of source code that is its primary trade secret. It can demonstrate reasonable secrecy measures by:
  • Having developers sign an NDA.
  • Storing the code on a secure server with multi-factor authentication.
  • Restricting access to the server to a select few senior developers.
  • Ensuring that physical backups of the code are stored in a locked safe.
  • Using a document management system that tracks who accesses the code and when.

Without such measures, a company’s claim of misappropriation is likely to fail in court, regardless of how valuable the secret is.

Trade secrets are not a one-size-fits-all concept. They encompass a wide range of information, both technical and commercial, that is crucial to a company’s operations. The GeschGehG provides a flexible framework that applies to diverse types of knowledge. Understanding this breadth is vital for identifying your own trade secrets.

• Technical Knowledge
  This category includes all confidential information related to a company’s products, services, or processes.
  • Examples: A new, unpatented invention👉 A novel method, process or product that is original and useful.; detailed R&D results; the precise formula for a chemical compound; proprietary algorithms; a unique manufacturing process; confidential software source code; or a new technical solution that is still in development.
• Commercial and Business Knowledge
  This refers to the non-technical information that provides a company with a competitive edge.
  • Examples: Strategic business plans; internal marketing strategies; confidential price lists and pricing models; supplier and contract information; salary structures; or internal financial data that is not publicly disclosed.
• Data and Customer Information
  This is a particularly critical category for companies, whose success often depends on strong customer relationships.
  • Examples: Comprehensive customer lists with contact details; sales data showing customer preferences and purchasing habits; customer-specific pricing and discount agreements; or databases of sales leads. The value of this information lies in the time and money saved by not having to find these customers from scratch.

Trade secret litigation most often arises from a breach of trust. While industrial espionage by a competing firm is a real threat, the most common perpetrators are insiders or closely related parties who had legitimate access to the information.

• The Departing Employee
  This is the most frequent and dangerous scenario. A former employee who changes jobs and takes confidential information with them is a significant risk👉 The probability of adverse outcomes due to uncertainty in future events.. The employee may have access to a wide range of secrets, from technical drawings to customer lists, and may feel they have a right to take this information to their new employer.
  • Example: An R&D manager leaves a company to work for a direct competitor. Before leaving, they download all the technical specifications for your latest product, which is still in development. This act constitutes a clear misappropriation.
• Business Partners and Collaborators
  In a collaborative economy, companies often share confidential information with partners, suppliers, or joint venture👉 A business partnership where different  entities collaborate on a specific project or goal. participants. This is typically done under the protection of a Non-Disclosure Agreement (NDA)👉 Legal contract to protect confidential information in business or innovation.. A breach occurs when the partner uses the shared confidential information for a purpose other than what was agreed upon, or for their own gain.
  • Example: A company collaborates with a manufacturing partner to produce a new component. They provide the partner with detailed technical drawings under an NDA. If the partner uses those drawings to manufacture and sell a similar component on their own, they have committed a breach and misappropriation.
• Third Parties and Competitors
  A competitor can also misappropriate a trade secret without having a direct relationship with a company. This can happen through illicit means such as industrial espionage, hacking, bribing an employee, or other illegal activities.
  • Example: A competitor hires a cyber-criminal to hack into a company’s servers and steal its customer database. This is a clear case of illegal acquisition and misappropriation by a third party.

To successfully pursue a legal claim for trade secret misappropriation in Germany, a company must first be able to prove that its information meets the three essential criteria of the GeschGehG: it is a secret, it has commercial value due to its secrecy, and reasonable measures were taken to protect it. Additionally, a company must be able to demonstrate that the information was unlawfully acquired, used, or disclosed by a perpetrator, whether they were an employee, a partner, or a third party. Understanding these fundamental legal requirements is the first and most crucial step in safeguarding a company’s most valuable, non-tangible assets.