The German Ministry of Interior affairs has published an English translation of the new Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). On 27 April 2017 the German Parliament passed the BDSG in order to make use of the opening clause provided for in the EU General Data Protection Regulation (GDPR). This bill has been controversial; see here for an interview with Jan Albrecht, Stefan Brink and Tim Wybitul.
The new BDSG replaces its national predecessor, which has been in force for the last 40 years. The new BDSG is the first step toward adapting national German member State law to the provisions of the GDPR. With an effective date of 25 May 2018, the new BDSG will also form the basis for the adaption of further German data privacy acts to the GDPR. We note that several ministries have already indicated that they are preparing specific data privacy provisions concerning special processing situations like social security data protection, and we expect these provisions to follow the implementation of the BDSG.
This overview summarizes the major implications of the BDSG for companies operating in Germany.
On 27 April 2017 the German Parliament passed an entirely new Federal Data Protection Act. The new BDSG replaces the old BDSG, which has been in force for the last 40 years. The new BDSG shall adapt the German law to the provisions of the EU General Data Protection Regulation. The new BDSG will now form the basis for the adaption of German acts to the GDPR. Further acts concerning special processing situations like social security data protection are likely to follow.
The EU’s General Data Protection Regulation, which comes into force in May 2018, is generally designed to align data protection requirements across the EU. However, its opening clauses offer countries some freedom in their implementation of the Regulation and, thus, room to differ. In August 2016, the German Ministry of the Interior released its first GDPR implementation proposal to widespread criticism from both experts and data protection authorities. Recently, the BMI published a revised proposal, a new Federal Data Protection Act. The draft provides further details regarding the scope and implementation of existing GDPR provisions and also contains additional data protection requirements beyond those provided for in the Regulation. We explore notable specifications to and deviations from the GDPR.