The German Federal Parliament passes a new data protection act

The German Federal Parliament has passed a new Federal Data Protection Act. The new act (Bundesdatenschutzgesetz – BDSG) will replace the one that has been in force for the last 40 years.

The new legislation means that Germany is the first regulator in Europe to adopt a data protection law that is in line with the requirements of the EU General Data Protection Regulation (GDPR). It is likely that additional acts will follow concerning special processing situations, such as data protection for social security.

The new law means that German businesses will have to analyse the new requirements and ensure that they decision makers should start adopting the new BDSG employee data protection rules.

The new BDSG includes specific requirements that are not in the current GDPR legislation. For example, the BDSG states specific data processing requirements for video surveillance, and consumer credit, scoring and creditworthiness. In addition to the GDPR fines, the German law will exclusively impose fines of up to 50,000 euros for violations.

The German Federal Council need to approve the new BDSG which is expected to occur so by in a couple of weeks. Once approved, it will come into force on the on May 25, 2018, the same day as the GDPR.


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.