English translation of German data protection law implementing GDPR

English translation of German data protection law implementing GDPR

 

Act to Adapt Data Protection Law to Regulation (EU) 2016/679 and to Implement Directive (EU) 2016/680

of 30 June 2017

The Bundestag has adopted the following Act with the approval of the Bundesrat:

Article 1
Federal Data Protection Act
(BDSG)
Table of Contents
Part 1
Common provisions

Chapter 1
Scope and definitions
Section 1 Scope of the Act
Section 2 Definitions

Chapter 2
Legal basis for processing personal data
Section 3 Processing of personal data by public bodies
Section 4 Video surveillance of publicly accessible spaces

Chapter 3
Data protection officers of public bodies
Section 5 Designation
Section 6 Position
Section 7 Tasks

Chapter 4
Federal Commissioner for Data Protection and Freedom of Information
Section 8 Establishment
Section 9 Competence
Section 10 Independence
Section 11 Appointment and term of office
Section 12 Official relationship
Section 13 Rights and obligations
Section 14 Tasks
Section 15 Activity reports
Section 16 Powers

Chapter 5
Representation on the European Data Protection Board, single contact point, coop-eration among the federal supervisory authorities and those of the Länder concern-ing European Union matters
Section 17 Representation on the European Data Protection Board, single contact point
Section 18 Procedures for cooperation among the federal and Länder supervisory au-thorities
Section 19 Responsibilities

Chapter 6
Legal remedies
Section 20 Judicial remedy
Section 21 Application of the supervisory authority for a court decision if it believes that an adequacy decision by the European Commission violates the law

Part 2
Implementing provisions for processing for purposes in accordance with Article 2 of Regulation (EU) 2016/679

Chapter 1
Legal basis for processing personal data

Sub-chapter 1
Processing of special categories of personal data and processing for other purpos-es
Section 22 Processing of special categories of personal data
Section 23 Processing for other purposes by public bodies
Section 24 Processing for other purposes by private bodies
Section 25 Transfer of data by public bodies

Sub-chapter 2
Special processing situations
Section 26 Data processing for employment-related purposes
Section 27 Data processing for purposes of scientific or historical research and for sta-tistical purposes
Section 28 Data processing for archiving purposes in the public interest
Section 29 Rights of the data subject and powers of the supervisory authorities in the case of secrecy obligations
Section 30 Consumer loans
Section 31 Protection of commercial transactions in the case of scoring and credit re-ports

Chapter 2
Rights of the data subject
Section 32 Information to be provided where personal data are collected from the data subject
Section 33 Information to be provided where personal data have not been obtained from the data subject
Section 34 Right of access by the data subject
Section 35 Right to erasure
Section 36 Right to object
Section 37 Automated individual decision-making, including profiling

Chapter 3
Obligations of controllers and processors
Section 38 Data protection officers of private bodies
Section 39 Accreditation

Chapter 4
Supervisory authorities for data processing by private bodies
Section 40 Supervisory authorities of the Länder
– 4 –

Chapter 5
Penalties
Section 41 Application of provisions concerning criminal proceedings and proceedings to impose administrative fines
Section 42 Penal provisions
Section 43 Provisions on administrative fines

Chapter 6
Legal remedies
Section 44 Proceedings against a controller or processor

Part 3
Implementing provisions for processing for purposes in accordance with Article 1 (1) of Directive (EU) 2016/680

Chapter 1
Scope, definitions and general principles for processing personal data
Section 45 Scope
Section 46 Definitions
Section 47 General principles for processing personal data

Chapter 2
Legal basis for processing personal data
Section 48 Processing of special categories of data
Section 49 Processing for other purposes
Section 50 Processing for archiving, scientific and statistical purposes
Section 51 Consent
Section 52 Processing on instructions from the controller
Section 53 Confidentiality
Section 54 Automated individual decision

Chapter 3
Rights of the data subject
Section 55 General information on data processing
Section 56 Notification of data subjects
Section 57 Right of access
Section 58 Right to rectification and erasure and to restriction of processing
Section 59 Modalities for exercising the rights of the data subject
Section 60 Right to lodge a complaint with the Federal Commissioner
Section 61 Legal remedies against decisions of the Federal Commissioner or if he or she fails to take action

Chapter 4
Obligations of controllers and processors
Section 62 Processing carried out on behalf of a controller
Section 63 Joint controllers
Section 64 Requirements for the security of data processing
Section 65 Notifying the Federal Commissioner of a personal data breach
Section 66 Notifying data subjects affected by a personal data breach
Section 67 Conducting a data protection impact assessment
Section 68 Cooperation with the Federal Commissioner
Section 69 Prior consultation of the Federal Commissioner
Section 70 Records of processing activities
Section 71 Data protection by design and by default
Section 72 Distinction between different categories of data subjects
Section 73 Distinction between facts and personal assessments
Section 74 Procedures for data transfers
Section 75 Rectification and erasure of personal data and restriction of processing
Section 76 Logging
Section 77 Confidential reporting of violations

Chapter 5
Transfers of data to third countries and to international organizations
Section 78 General requirements
Section 79 Data transfers with appropriate safeguards
Section 80 Data transfers without appropriate safeguards
Section 81 Other data transfers to recipients in third countries

Chapter 6
Cooperation among supervisory authorities
Section 82 Mutual assistance

Chapter 7
Liability and penalties
Section 83 Compensation
Section 84 Penal provisions

Part 4
Special provisions for processing in the context of activities outside the scope of Regulation (EU) 2016/679 and Directive (EU) 2016/680
Section 85 Processing of personal data in the context of activities outside the scope of Regulation (EU) 2016/679 and Directive (EU) 2016/680

 

English translation of German data protection law implementing GDPR

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s