German Federal Parliament Passes New German Data Protection Act
Time 2 Minute Read
Categories: Information Security, International

This post has been updated. 

On April 27, 2017, the German Federal Parliament adopted the new German Federal Data Protection Act (Bundesdatenschutzgesetz) (“new BDSG”) to replace the existing Federal Data Protection Act of 2003. The new BDSG is intended to adapt the current German data protection law to the EU General Data Protection Regulation (“GDPR”), which will become effective on May 25, 2018.

The new BDSG includes specific requirements that deviate from the GDPR in some respects, including with respect to the appointment of a Data Protection Officer and the processing of employee personal data. The GDPR allows for certain EU Member State deviations from the text of the GDPR. In addition, the new BDSG imposes specific data processing requirements with respect to video surveillance, and consumer credit, scoring and creditworthiness. In addition to the high fines imposed by the GDPR, the new BDSG imposes fines of up to EUR 50,000 for violations regarding German law exclusively.

The new BDSG must now be approved by the German Federal Council, which is expected to occur in the next couple of weeks, possibly during the May 12, 2017 plenary meeting. Once adopted, the new BDSG will become effective on May 25, 2018, at the same time as the GDPR.

Read the new German Federal Data Protection Act (only available in German).

Update: On May 12, 2017, the German Federal Council approved the new BDSG, which will become effective on May 25, 2018, at the same time as the GDPR.

Update: On July 5, 2017, the new BDSG was published in the Federal Law Gazette.

Tags: GDPR, Germany, Penalty, Personal Data
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
CalPrivacy Reaches Settlement with Ford Motor Company Over CCPA Opt-Out Right Violations

On March 5, 2026, the California Privacy Protection Agency announced that the agency had reached a settlement with Ford Motor Company resolving an enforcement action against the company that alleged noncompliance with the California Consumer Privacy Act’s opt-out of sale/sharing rights.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 6 Minute Read
NetChoice Files Suit Challenging South Carolina Age-Appropriate Code Design

On February 9, 2026, trade association NetChoice filed a lawsuit challenging South Carolina’s newly passed Age-Appropriate Code Design (“SC AACD”) on First and Fourteenth Amendment grounds. The SC AACD was signed into law on February 5, 2026, making South Carolina the fifth U.S. state to enact such a law, following California, Maryland, Nebraska and Vermont.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Congress Extends Cybersecurity Information Sharing Act of 2015 through September 2026

Congress has extended the Cybersecurity Information Sharing Act of 2015 through September 30, 2026 as part of the Consolidated Appropriations Act, a government funding package enacted in early February 2026.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page